Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






2. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






3. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






4. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






5. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






6. Diligence which a person would exercise under a given set of circumstances






7. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if






8. The transmission of more than one signal across a physical channel






9. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






10. A list of retracted certificates






11. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






12. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






13. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server






14. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






15. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a






16. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






17. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






18. Patterns indicating misuse of a system






19. A flag set in a packet to indicate that this packet is the final data packet of the transmission






20. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






21. The risk of giving an incorrect audit opinion






22. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






23. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






24. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






25. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






26. The physical layout of how computers are linked together. Examples include ring; star and bus.






27. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






28. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems






29. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






30. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






31. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






32. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






33. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






34. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






35. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






36. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo






37. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






38. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






39. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






40. Those policies and procedures implemented to achieve a related control objective






41. A system software tool that logs; monitors and directs computer tape usage






42. A system of storing messages in a private recording medium where the called party can later retrieve the messages






43. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






44. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






45. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an






46. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






47. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






48. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






49. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






50. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests