Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any yearly accounting period without regard to its relationship to a calendar year.






2. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






3. Used to ensure that input data agree with predetermined criteria stored in a table






4. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






5. A printed machine-readable code that consists of parallel bars of varied width and spacing






6. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.






7. The level to which transactions can be traced and audited through a system






8. The ability to map a given activity or event back to the responsible party






9. Comparing the system's performance to other equivalent systems using well defined benchmarks






10. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






11. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






12. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






13. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






14. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






15. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su






16. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






17. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an






18. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






19. Relates to the technical and physical features of the computer






20. A protocol and program that allows the remote identification of users logged into a system






21. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






22. A system's level of resilience to seamlessly react from hardware and/or software failure






23. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






24. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.






25. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






26. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






27. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






28. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






29. Program flowcharts show the sequence of instructions in a single program or subroutine. The symbols used should be the internationally accepted standard. Program flowcharts should be updated when necessary.






30. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






31. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






32. Diligence which a person would exercise under a given set of circumstances






33. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






34. A third party that provides organizations with a variety of Internet; and Internet-related services






35. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






36. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






37. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






38. Provide verification that all transmitted data are read and processed






39. An international standard that defines information confidentiality; integrity and availability controls






40. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






41. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






42. A language used to control run routines in connection with performing tasks on a computer






43. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






44. Records of system events generated by a specialized operating system mechanism






45. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






46. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic






47. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






48. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






49. Used to electronically scan and input written information from a source document






50. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne