SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
General computer controls
Node
Datagram
Twisted pairs
2. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Control Objectives for Enterprise Governance
Audit authority
Packet switching
RFC (request for comments)
3. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Repository
Internet Inter-ORB Protocol (IIOP)
Echo checks
X.500
4. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Inheritance (objects)
Application programming interface (API)
Continuous auditing approach
Node
5. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Control risk
Record
Batch control
UNIX
6. A computer facility that provides data processing services to clients on a continual basis
Artificial intelligence
Gateway
Service bureau
IT governance
7. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Control objective
Internal storage
Initial program load (IPL)
IT governance
8. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Polymorphism (objects)
Manual journal entry
Windows NT
Record
9. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Topology
Noise
Real-time processing
10. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Control group
Security software
Trust
Value-added network (VAN)
11. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Project sponsor
Production software
Indexed sequential file
12. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Taps
Fraud risk
Financial audit
Computer server
13. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Microwave transmission
Dial-back
Technical infrastructure security
Security/transaction risk
14. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Network
Comparison program
Program flowcharts
Hash total
15. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Tcpdump
Integrity
Asynchronous transmission
Certificate Revocation List
16. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Tcpdump
Controls (Control procedures)
Hash function
17. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
HTTPS (hyper text transfer protocol secure)
ACK (acknowledgement)
Black box testing
implementation life cycle review
18. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Transaction
Corrective controls
Router
Technical infrastructure security
19. Freedom from unauthorized intrusion
Privacy
Vaccine
Exposure
Bus
20. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Universal Description; Discovery and Integration (UDDI)
Inherent risk
Nonrepudiation
PPTP (point-to-point tunneling protocol)
21. Relates to the technical and physical features of the computer
Interest rate risk
Detailed IS ontrols
Hardware
Corrective controls
22. A third party that provides organizations with a variety of Internet; and Internet-related services
Access control
Performance indicators
Audit program
ISP (Internet service provider)
23. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Detailed IS ontrols
Telnet
Monitoring policy
Benchmark
24. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Application development review
Idle standby
Business process reengineering (BPR)
Audit
25. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
System software
Data-oriented systems development
Object Management Group (OMG)
Tuple
26. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Comprehensive audit
Communications controller
Test data
Internet Engineering Task Force (IETF)
27. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Data communications
Hyperlink
liquidity risk
Edit controls
28. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Program narratives
Data communications
Permanent virtual circuit (PVC)
Administrative controls
29. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Relevant audit evidence
Star topology
Microwave transmission
Evidence
30. Used to electronically scan and input written information from a source document
Computer server
Posting
Detection risk
Optical character recognition
31. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig
Irregularities
Business process reengineering (BPR)
Structured programming
Fiber optic cable
32. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
DDoS (distributed denial-of-service) attack
Hexadecimal
Broadband
Spanning port
33. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Detective controls
Non-intrusive monitoring
Symmetric key encryption
Accountability
34. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Source code
Table look-ups
Budget organization
35. The code used to designate the location of a specific piece of data within computer storage
Frame relay
System testing
Data dictionary
Address
36. A measurement of the point prior to an outage to which data are to be restored
Repudiation
Recovery point objective (RPO)—
Input controls
RADIUS (remote authentication dial-in user service)
37. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Masqueraders
Service level agreement (SLA)
Unit testing
Extensible Markup Language (XML)
38. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Network hop
Wide area network (WAN)
Object-oriented system development
Packet switching
39. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Registration authority (RA)
Telecommunications
COCO
Substantive testing
40. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Warm-site
Frame relay
Table look-ups
Remote procedure calls (RPCs)
41. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj
Cadbury
Cleartext
File server
Baseband
42. The elimination of redundant data
Normalization
Production programs
L2F (Layer 2 forwarding)
Business process reengineering (BPR)
43. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Consumer
Indexed sequential access method (ISAM)
Standing data
Topology
44. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Service bureau
Universal Description; Discovery and Integration (UDDI)
Data custodian
Telecommunications
45. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Direct reporting engagement
Public key infrastructure
IDS (intrusion detection system)
Bridge
46. A project management technique used in the planning and control of system projects
Program evaluation and review technique (PERT)
Management information system (MIS)
System flowcharts
Terms of reference
47. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as
Data dictionary
Node
Service user
Token ring topology
48. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Symmetric key encryption
File
Variable sampling
Auditability
49. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Foreign exchange risk
ISP (Internet service provider)
Trusted systems
Worm
50. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Binary code
Editing
Decryption key
Biometric locks