Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






2. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






3. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).






4. Any situation or event that has the potential to harm a system






5. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






6. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






7. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.






8. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






9. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






10. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






11. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






12. The transmission of more than one signal across a physical channel






13. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






14. A type of service providing an authentication and accounting system often used for dial-up and remote access security






15. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






16. The potential loss to an area due to the occurrence of an adverse event






17. The outward impression of being self-governing and free from conflict of interest and undue influence






18. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






19. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal






20. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






21. Any information collection mechanism utilized by an intrusion detection system






22. Data that is not encrypted. Also known as plaintext.






23. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






24. Controls over the business processes that are supported by the ERP






25. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






26. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.






27. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






28. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






29. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






30. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver






31. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






32. An eight-digit/seven-bit code representing 128 characters; used in most small computers






33. A system of storing messages in a private recording medium where the called party can later retrieve the messages






34. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






35. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






36. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






37. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






38. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






39. To configure a computer or other network device to resist attacks






40. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system






41. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






42. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)






43. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






44. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






45. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






46. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






47. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






48. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






49. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






50. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat