Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A printed machine-readable code that consists of parallel bars of varied width and spacing






2. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






3. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






4. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






5. A device for sending and receiving computerized data over transmission lines






6. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






7. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private






8. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






9. The individual responsible for the safeguard and maintenance of all program and data files






10. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






11. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






12. An eight-bit code representing 256 characters; used in most large computer systems






13. An international standard that defines information confidentiality; integrity and availability controls






14. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






15. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






16. An eight-digit/seven-bit code representing 128 characters; used in most small computers






17. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






18. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






19. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






20. A sampling technique that estimates the amount of overstatement in an account balance






21. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






22. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






23. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels






24. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.






25. Compares data to predefined reasonability limits or occurrence rates established for the data.






26. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






27. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






28. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






29. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






30. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






31. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






32. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






33. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






34. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities






35. Source lines of code are often used in deriving single-point software-size estimations.






36. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account






37. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which






38. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






39. Programs that are tested and evaluated before approval into the production environment. Test programs; through a series of change control moves; migrate from the test environment to the production environment and become production programs.






40. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






41. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






42. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account






43. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






44. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






45. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






46. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.






47. A flag set in a packet to indicate that this packet is the final data packet of the transmission






48. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






49. A popular local area network operating system developed by the Novell Corp.






50. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)