Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Recovery time objective (RTO)
Blackbox testing
Format checking
Binary code

2. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Adjusting period
Masking
Dry-pipe fire extinguisher system
Personal identification number (PIN)

3. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Accountability
Expert systems
Bar code
Polymorphism (objects)

4. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Offsite storage
Twisted pairs
Audit plan
Man-in-the-middle attack

5. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Rounding down
Cross-certification
Protocol stack
Nonrepudiable trnasactions

6. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Interest rate risk
Idle standby
Materiality
Protocol

7. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Access rights
Distributed data processing network
Middleware
Reliable audit evidence

8. Transactions that cannot be denied after the fact
Comprehensive audit
Nonrepudiable trnasactions
Utility software
liquidity risk

9. A destructive computer program that spreads from computer to computer using a range of methods; including infecting floppy disks and other programs. Viruses typically attach themselves to a program and modify it so that the virus code runs when the p
Simple fail-over
Virus
Check digit verification (self-checking digit)
Audit authority

10. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Validity check
Relevant audit evidence
Indexed sequential file
Data leakage

11. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Simple Object Access Protocol (SOAP)
Password cracker
RSA
Operating system

12. The relationships among files in a database and among data items within each file
Data structure
Bulk data transfer
Relevant audit evidence
Hypertext

13. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Field
Bus
External router
Piggy backing

14. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Electronic data interchange (EDI)
Batch control
browser
General computer controls

15. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
Information engineering
E-mail/interpersonal messaging
Enterprise governance
Intrusive monitoring

16. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Fiber optic cable
Object code
Black box testing
Latency

17. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Universal Description; Discovery and Integration (UDDI)
Misuse detection
Point-of-presence (POP)
Independence

18. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Librarian
Echo checks
Remote job entry (RJE)
Plaintext

19. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Windows NT
Baseband
Business-to-consumer e-commerce (B2C)
RADIUS

20. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Vulnerabilities
RFC (request for comments)
Address space
Controls (Control procedures)

21. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
price risk
Computer server
Filtering router
Token

22. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.
Ciphertext
Security administrator
Judgment sampling
Record; screen and report layouts

23. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
Datagram
System exit
Judgment sampling
X.25

24. The process of converting a digital computer signal into an analog telecommunications signal
Modulation
Taps
Computer sequence checking
Anonymous File Transfer Protocol (FTP)

25. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Interface testing
Point-of-presence (POP)
File layout
Operating system

26. The ability to exercise judgement; express opinions and present recommendations with impartiality
Objectivity
Uninterruptible power supply (UPS)
Parallel simulation
Application acquisition review

27. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Frame relay
world wide web (WWW)
DoS (denial-of-service) attack
Image processing

28. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Program evaluation and review technique (PERT)
Audit evidence
Antivirus software
Source code

29. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Bus
Modem (modulator-demodulator)
Internal penetrators
Digital certification

30. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Analog
Split DNS
Internet banking
Audit evidence

31. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Job control language (JCL)
Audit evidence
Indexed sequential file

32. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically
Judgment sampling
Operational risk
Dynamic analysis
Information processing facility (IPF)

33. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Magnetic ink character recognition (MICR)
Spool (simultaneous peripheral operations online)
Certificate authority (CA)
Sequence check

34. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Application implementation review
Non-intrusive monitoring
Recovery testing
HTTP (hyper text transfer protocol)

35. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Protection domain
Brouters
Dynamic analysis

36. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Cadbury
Untrustworthy host
Repudiation
Segregation/separation of duties

37. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
Credentialed analysis
Generalized audit software
Passive assault
External router

38. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Reciprocal agreement
Computer server
Control risk self-assessment
Parallel testing

39. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Arithmetic-logic unit (ALU)
Online data processing
Cluster controller
Antivirus software

40. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
UNIX
Central office (CO)
Data-oriented systems development
Polymorphism (objects)

41. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
Harden
Security software
RADIUS
implementation life cycle review

42. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Parallel simulation
Brute force
Terms of reference
Internal control structure

43. Comparing the system's performance to other equivalent systems using well defined benchmarks
Hyperlink
Taps
DoS (denial-of-service) attack
Performance testing

44. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Budget hierarchy
Test generators
Editing

45. A process used to identify and evaluate risks and their potential effects
Data Encryption Standard (DES)
Console log
Penetration testing
Risk assessment

46. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
Star topology
Piggy backing
Twisted pairs
Dial-in access controls

47. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Manual journal entry
vulnerability
Simple Object Access Protocol (SOAP)
L2TP (Layer 2 tunneling protocol)

48. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Harden
Appearance
Librarian
Computer-aided software engineering (CASE)

49. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls
Artificial intelligence
Single point of failure
Data dictionary
Inherent risk

50. The list of rules and/or guidance that is used to analyze event data
Real-time analysis
Rulebase
Quick ship
Enterprise resource planning