SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Software packages that sequentially dial telephone numbers; recording any numbers that answer
Run-to-run totals
Audit authority
War dialler
Concurrent access
2. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Software
System flowcharts
Management information system (MIS)
Attitude
3. Changing data with malicious intent before or during input into the system
Fault tolerance
Data diddling
Comparison program
Unit testing
4. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Validity check
Direct reporting engagement
Performance indicators
5. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Application
Symmetric key encryption
Blackbox testing
Virtual private network (VPN)
6. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Enterprise resource planning
Fscal year
vulnerability
Duplex routing
7. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Audit charter
Spanning port
Microwave transmission
Internet Engineering Task Force (IETF)
8. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.
Information engineering
Offline files
X.500
RS-232 interface
9. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Electronic cash
Data communications
System exit
Token ring topology
10. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)
Full duplex
Tcpdump
Application system
Intrusive monitoring
11. The rules by which a network operates and controls the flow and priority of transmissions
Protocol
Reverse engineering
Logon
Continuous auditing approach
12. To configure a computer or other network device to resist attacks
Harden
Risk
Spoofing
Statistical sampling
13. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Program narratives
Business risk
Console log
Control Objectives for Enterprise Governance
14. The art of designing; analyzing and attacking cryptographic schemes
Application proxy
Reliable audit evidence
Control perimeter
Cryptography
15. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Baseband
Encryption
Electronic vaulting
Personal identification number (PIN)
16. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Structured programming
Abend
Cohesion
Anonymous File Transfer Protocol (FTP)
17. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Audit accountability
Terminal
Penetration testing
HTTP (hyper text transfer protocol)
18. A permanent connection between hosts in a packet switched network
Permanent virtual circuit (PVC)
War dialler
Fiber optic cable
Vulnerabilities
19. The interface between the user and the system
Shell
Criteria
X.25 interface
Intranet
20. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
Data leakage
Magnetic card reader
Inheritance (objects)
Ring topology
21. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Sequence check
Due professional care
Computer-aided software engineering (CASE)
Application software tracing and mapping
22. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Master file
Password
Operator console
Tcpdump
23. A version of the Windows operating system that supports preemptive multitasking
Firmware
Windows NT
Technical infrastructure security
Teleprocessing
24. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Service bureau
Systems acquisition process
Bulk data transfer
Control group
25. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
System software
Sequence check
Encryption key
Node
26. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Application acquisition review
Optical scanner
Telnet
Simple fail-over
27. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Risk assessment
Digital signature
Third-party review
Internal control structure
28. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Bulk data transfer
Memory dump
Intrusive monitoring
Management information system (MIS)
29. Programs that provide assurance that the software being audited is the correct version of the software; by providing a meaningful listing of any discrepancies between the two versions of the program
Source code compare programs
Budget formula
Diskless workstations
Virus
30. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
Control weakness
Residual risk
Web page
Split DNS
31. Identified by one central processor and databases that form a distributed processing configuration
BSP (business service provider)
Full duplex
Centralized data processing
Baud rate
32. Any information collection mechanism utilized by an intrusion detection system
RADIUS (remote authentication dial-in user service)
Logical access controls
Mapping
Monitor
33. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Electronic vaulting
Intrusion detection
Centralized data processing
Posting
34. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Software
Redo logs
TCP (transmission control protocol)
RADIUS (remote authentication dial-in user service)
35. A third party that provides organizations with a variety of Internet; and Internet-related services
X.25
Salami technique
world wide web (WWW)
ISP (Internet service provider)
36. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
False negative
Combined Code on Corporate Governance
Anonymous File Transfer Protocol (FTP)
Computer-aided software engineering (CASE)
37. Universal Description; Discovery and Integration
RADIUS (remote authentication dial-in user service)
UDDI
Virus
Risk assessment
38. The main memory of the computer's central processing unit
Internal storage
System exit
Subject matter (Area of activity)
Project team
39. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Fscal year
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Security administrator
Application maintenance review
40. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Detective controls
Internet banking
Bus
Mapping
41. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Master file
Address
Relevant audit evidence
Continuity
42. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
Encryption
Audit authority
Audit program
Corrective controls
43. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Internal storage
Waterfall development
ICMP (internet control message protocol)
Application layer
44. A device that connects two similar networks together
Control section
Arithmetic-logic unit (ALU)
Audit accountability
Bridge
45. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
DoS (denial-of-service) attack
Materiality
Demodulation
Structured Query Language (SQL)
46. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Ring topology
ICMP (internet control message protocol)
Intrusion detection
Exception reports
47. The elimination of redundant data
Format checking
Real-time processing
Cryptography
Normalization
48. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Appearance
Rounding down
Continuous auditing approach
Hot site
49. The act or function of developing and maintaining applications programs in production
Source lines of code (SLOC)
Internet Inter-ORB Protocol (IIOP)
Application programming
File layout
50. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Budget hierarchy
Administrative controls
Transaction protection
Software