Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management
UDDI
Corporate governance
Record
Biometric locks

2. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Integrated services digital network (ISDN)
Statistical sampling
Ring topology
Link editor (linkage editor)

3. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
COSO
Content filtering
Trust
Internal control structure

4. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Asynchronous transmission
IPSec (Internet protocol security)
Cross-certification
Half duplex

5. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Security perimeter
Waterfall development
Promiscuous mode
Terminal

6. Point at which terminals are given access to a network
Authorization
Node
Budget hierarchy
Piggy backing

7. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Optical scanner
Relevant audit evidence
world wide web (WWW)
Online data processing

8. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Application programming interface (API)
Cryptography
Sampling risk
Materiality

9. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Test data
Reliable audit evidence
Hypertext
Electronic vaulting

10. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Database administrator (DBA)
Split DNS
Default password
Fourth generation language (4GL)

11. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
Communications controller
Fail-over
Screening routers
COBIT

12. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Sequence check
Application proxy
Idle standby
Output analyzer

13. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Protocol
Brute force
Parallel testing
Salami technique

14. An individual who attempts to gain unauthorized access to a computer system
Hacker
Application programming interface (API)
False negative
Message switching

15. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Whitebox testing
Taps
Active response
Detailed IS ontrols

16. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Password
Repository
Extensible Markup Language (XML)
Information processing facility (IPF)

17. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Proxy server
Business risk
Rounding down
Artificial intelligence

18. A sampling technique that estimates the amount of overstatement in an account balance
Network hop
Monetary unit sampling
Bus
Data diddling

19. A communications channel over which data can be sent and received simultaneously
Independent attitude
Hyperlink
Full duplex
Brouters

20. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Permanent virtual circuit (PVC)
Project team
Cathode ray tube (CRT)
Masking

21. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Offline files
Hexadecimal
Interface testing
Reliable audit evidence

22. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Control risk
Redo logs
RADIUS
Biometric locks

23. Changing data with malicious intent before or during input into the system
Program evaluation and review technique (PERT)
Dial-back
Handprint scanner
Data diddling

24. A process used to identify and evaluate risks and their potential effects
Risk assessment
Appearance of independence
Standing data
Queue

25. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Substantive testing
vulnerability
Simple Object Access Protocol (SOAP)
Program narratives

26. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
IP (Internet protocol)
Middleware
Independence
Integrated test facilities (ITF)

27. A program that translates programming language (source code) into machine executable instructions (object code)
Logoff
Web page
Compiler
Redo logs

28. Those controls that seek to maintain confidentiality; integrity and availability of information
Data security
Librarian
Application layer
Administrative controls

29. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Cryptography
Objectivity
Cathode ray tube (CRT)
Bandwidth

30. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
ASCII (American Standard Code for Information Interchange)
Active recovery site (mirrored)
Compensating control
Run instructions

31. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies
Security software
Administrative controls
Prototyping
Foreign exchange risk

32. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Control Objectives for Enterprise Governance
Service level agreement (SLA)
Control risk
Automated teller machine (ATM)

33. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Uninterruptible power supply (UPS)
Criteria
Interest rate risk
Downtime report

34. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Decryption
Intrusive monitoring
Control perimeter
Systems analysis

35. Provide verification that all transmitted data are read and processed
Run-to-run totals
Internet Inter-ORB Protocol (IIOP)
Shell
Virus

36. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Check digit verification (self-checking digit)
Monitor
Project sponsor
Transaction log

37. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Uninterruptible power supply (UPS)
price risk
Ciphertext
Centralized data processing

38. A resource whose loss will result in the loss of service or production
Single point of failure
Access control table
price risk
Registration authority (RA)

39. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Master file
Appearance of independence
Central office (CO)
Data dictionary

40. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
TCP (transmission control protocol)
Discovery sampling
Finger
Frame relay

41. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Duplex routing
Gateway
Comprehensive audit
Audit trail

42. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.
Electronic data interchange (EDI)
Honey pot
Datagram
Router

43. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Enterprise governance
Redo logs
Audit risk
Corporate exchange rate

44. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.
Spool (simultaneous peripheral operations online)
Online data processing
Application program
Monitor

45. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Comparison program
Independence
Active recovery site (mirrored)
Sampling risk

46. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Downtime report
Technical infrastructure security
Decryption key
Components (as in component-based development)

47. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Extensible Markup Language (XML)
Scure socket layer (SSL)
Monitor
Corrective controls

48. A type of service providing an authentication and accounting system often used for dial-up and remote access security
Limit check
RADIUS (remote authentication dial-in user service)
Control group
Judgment sampling

49. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Operational audit
RS-232 interface
Compliance testing
Components (as in component-based development)

50. The person responsible for maintaining a LAN and assisting end users
Network administrator
DDoS (distributed denial-of-service) attack
Detective controls
Inheritance (objects)