Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A group of items that is waiting to be serviced or processed






2. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.






3. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






4. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






5. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






6. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






7. A set of protocols developed by the IETF to support the secure exchange of packets






8. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.






9. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






10. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






11. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






12. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






13. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






14. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






15. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers






16. A code whose representation is limited to 0 and 1






17. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures






18. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






19. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






20. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity






21. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






22. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






23. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






24. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






25. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






26. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






27. Impartial point of view which allows the IS auditor to act objectively and with fairness






28. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






29. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






30. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






31. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






32. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.






33. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






34. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






35. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






36. Using telecommunications facilities for handling and processing of computerized information






37. A test to check the system's ability to recover after a software or hardware failure






38. The physical layout of how computers are linked together. Examples include ring; star and bus.






39. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco






40. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes






41. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






42. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






43. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.






44. An attack capturing sensitive pieces of information; such as passwords; passing through the network






45. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






46. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






47. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






48. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






49. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






50. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.