SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Administrative controls
Check digit verification (self-checking digit)
Split DNS
Packet filtering
2. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Audit
IPSec (Internet protocol security)
Risk
Recovery testing
3. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Fiber optic cable
End-user computing
Base case
Detailed IS ontrols
4. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Parity check
TCP (transmission control protocol)
Project sponsor
SMTP (Simple Mail Transport Protocol)
5. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Authentication
Nonrepudiable trnasactions
Systems acquisition process
Threat
6. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Internet Engineering Task Force (IETF)
Audit sampling
Operational risk
Vulnerability analysis
7. The ability of end users to design and implement their own information system utilizing computer software products
UNIX
Source documents
Random access memory (RAM)
End-user computing
8. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
Privacy
Control weakness
General computer controls
Hub
9. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Sniff
RADIUS (remote authentication dial-in user service)
Passive response
Log
10. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Cohesion
False negative
Black box testing
Error
11. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Electronic cash
Binary code
Access path
Administrative controls
12. The transfer of service from an incapacitated primary component to its backup component
Fail-over
Data security
Computer sequence checking
Top-level management
13. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Source lines of code (SLOC)
Remote procedure calls (RPCs)
Partitioned file
Posting
14. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Static analysis
Program narratives
Trust
Data structure
15. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
FTP (file transfer protocol)
Control risk
HTTP (hyper text transfer protocol)
Vulnerability analysis
16. The roles; scope and objectives documented in the service level agreement between management and audit
Auditability
Tape management system (TMS)
Audit responsibility
Pervasive IS controls
17. A project management technique used in the planning and control of system projects
Parity check
Independent attitude
Virtual private network (VPN)
Program evaluation and review technique (PERT)
18. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Logical access controls
Artificial intelligence
Addressing
Decision support systems (DSS)
19. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Multiplexor
Digital certification
Monitor
Open systems
20. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Continuity
Ethernet
Proxy server
Reputational risk
21. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
Access path
Fault tolerance
NAT (Network Address Translation)
Monetary unit sampling
22. Deliberately testing only the value-added functionality of a software component
Application security
Incremental testing
Test data
Foreign exchange risk
23. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Outsourcing
Technical infrastructure security
Transaction protection
Independent appearance
24. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Internal storage
Universal Description; Discovery and Integration (UDDI)
Consumer
Interest rate risk
25. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Access path
Privilege
Database
Completeness check
26. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.
Threat
DoS (denial-of-service) attack
Subject matter (Area of activity)
business process integrity
27. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Range check
Format checking
Polymorphism (objects)
Logon
28. The organization providing the outsourced service
Business impact analysis (BIA)
ACK (acknowledgement)
Systems analysis
Service provider
29. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Teleprocessing
Memory dump
Communications controller
Microwave transmission
30. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Feasibility study
Wiretapping
Privacy
Leased lines
31. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
implementation life cycle review
Range check
Third-party review
Initial program load (IPL)
32. Diligence which a person would exercise under a given set of circumstances
Console log
Electronic cash
Shell
Due care
33. The boundary that defines the area of security concern and security policy coverage
Verification
Security perimeter
Check digit verification (self-checking digit)
Risk assessment
34. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Spool (simultaneous peripheral operations online)
Abend
Active recovery site (mirrored)
Security testing
35. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Computer server
Topology
System flowcharts
Protocol stack
36. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Budget
False negative
Sniff
Business risk
37. Unusual or statistically rare
Audit trail
Anomaly
Buffer
Audit program
38. Data that is not encrypted. Also known as plaintext.
Blackbox testing
Cleartext
Source code
Terms of reference
39. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Bandwidth
Hash total
Message switching
Simple fail-over
40. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Integrity
Remote procedure calls (RPCs)
legal risk
Queue
41. A device used for combining several lower-speed channels into a higher-speed channel
Simple Object Access Protocol (SOAP)
Multiplexor
Integrated services digital network (ISDN)
Assembly language
42. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Business-to-consumer e-commerce (B2C)
Digital certificate
RADIUS (remote authentication dial-in user service)
Asymmetric key (public key)
43. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
BSP (business service provider)
Coaxial cable
Pervasive IS controls
Format checking
44. Compares data to predefined reasonability limits or occurrence rates established for the data.
Password cracker
Comprehensive audit
Reasonableness check
Geographic disk mirroring
45. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Application system
Hacker
Digital certification
Simple Object Access Protocol (SOAP)
46. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Asynchronous Transfer Mode (ATM)
Confidentiality
Cluster controller
Split DNS
47. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Integrity
Internet Inter-ORB Protocol (IIOP)
Router
Quick ship
48. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Checkpoint restart procedures
Allocation entry
Modem (modulator-demodulator)
Surge suppressor
49. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Star topology
Systems acquisition process
Function point analysis
Structured Query Language (SQL)
50. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as
Benchmark
Privacy
Token ring topology
Irregularities