Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






2. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






3. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






4. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






5. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report






6. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






7. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






8. Those policies and procedures implemented to achieve a related control objective






9. The act of transferring computerized information from one computer to another computer






10. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob






11. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private






12. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






13. A series of steps to complete an audit objective






14. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






15. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






16. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






17. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established






18. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service






19. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






20. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.






21. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






22. The ability of end users to design and implement their own information system utilizing computer software products






23. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






24. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






25. The process of converting an analog telecommunications signal into a digital computer signal






26. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






27. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






28. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






29. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






30. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






31. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






32. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






33. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






34. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






35. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






36. Defined minimum performance measures at or above which the service delivered is considered acceptable






37. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users






38. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.






39. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi






40. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






41. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






42. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






43. The code used to designate the location of a specific piece of data within computer storage






44. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






45. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






46. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






47. The organization providing the outsourced service






48. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.






49. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






50. The use of alphabetic characters or an alphabetic character string