Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






2. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






3. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






4. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file






5. Unusual or statistically rare






6. Faking the sending address of a transmission in order to gain illegal entry into a secure system






7. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






8. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






9. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






10. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






11. Impartial point of view which allows the IS auditor to act objectively and with fairness






12. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






13. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






14. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






15. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






16. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






17. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






18. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






19. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






20. Transactions that cannot be denied after the fact






21. The process of transmitting messages in convenient pieces that can be reassembled at the destination






22. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






23. Any intentional violation of the security policy of a system






24. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






25. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






26. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service






27. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.






28. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






29. Checks that data are entered correctly






30. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






31. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






32. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






33. Character-at-a-time transmission






34. Programmed checking of data validity in accordance with predetermined criteria






35. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






36. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial






37. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






38. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






39. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au






40. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






41. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






42. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)






43. A communications channel over which data can be sent and received simultaneously






44. A device used for combining several lower-speed channels into a higher-speed channel






45. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






46. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






47. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






48. The computer room and support areas






49. Any situation or event that has the potential to harm a system






50. A system's level of resilience to seamlessly react from hardware and/or software failure