SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.
Information engineering
Redundancy check
Database administrator (DBA)
Utility programs
2. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Passive response
Source code
Content filtering
Cathode ray tube (CRT)
3. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Repudiation
Database
Gateway
Encapsulation (objects)
4. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Surge suppressor
Filtering router
Master file
FIN (final)
5. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Compiler
Switch
Leased lines
Virus
6. The transfer of service from an incapacitated primary component to its backup component
Substantive testing
Applet
Fail-over
Hash function
7. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Topology
Posting
Password cracker
Computer-assisted audit technique (CAATs)
8. The central database that stores and organizes data
Digital certification
Privacy
Repository
Distributed data processing network
9. Used to electronically scan and input written information from a source document
Audit responsibility
Operator console
Local loop
Optical character recognition
10. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Capacity stress testing
Transaction
Sufficient audit evidence
Token
11. The interface between the user and the system
Independent appearance
UDP (User Datagram Protocol)
Circular routing
Shell
12. Software packages that sequentially dial telephone numbers; recording any numbers that answer
Parallel simulation
Structured programming
War dialler
Data integrity
13. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Fiber optic cable
Cathode ray tube (CRT)
Application development review
Bulk data transfer
14. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
Structured Query Language (SQL)
Computer-aided software engineering (CASE)
Prototyping
DNS (domain name system)
15. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Recovery testing
Value-added network (VAN)
Access path
Credentialed analysis
16. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas
Prototyping
Firmware
Transaction log
Downtime report
17. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Normalization
Split DNS
Simple fail-over
Multiplexing
18. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Data leakage
Machine language
Centralized data processing
Rotating standby
19. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
System testing
Security testing
Data-oriented systems development
ACK (acknowledgement)
20. The elimination of redundant data
Segregation/separation of duties
Content filtering
Components (as in component-based development)
Normalization
21. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Check digit
Budget hierarchy
Digital signature
Data leakage
22. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
False positive
Universal Description; Discovery and Integration (UDDI)
Decryption
Computer server
23. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr
General computer controls
Utility software
Terminal
Modulation
24. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Brouters
Ring topology
Function point analysis
Twisted pairs
25. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Electronic signature
Whitebox testing
Detective controls
Circuit-switched network
26. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Password
TCP (transmission control protocol)
Baseband
Foreign exchange risk
27. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Bandwidth
ASP/MSP (application or managed service provider)
Router
Biometrics
28. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Noise
Encapsulation (objects)
Security testing
Checkpoint restart procedures
29. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research
Diskless workstations
Computer sequence checking
Continuity
Half duplex
30. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Data flow
IDS (intrusion detection system)
Operating system
Enterprise governance
31. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Cathode ray tube (CRT)
Scure socket layer (SSL)
Combined Code on Corporate Governance
Web page
32. Detection on the basis of whether the system activity matched that defined as abnormal
Anomaly detection
Finger
Authorization
Audit evidence
33. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Hyperlink
Shell
Application security
Certificate Revocation List
34. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Hyperlink
Data custodian
Hypertext
world wide web (WWW)
35. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Data leakage
Packet switching
Hash total
Bus topology
36. Specifies the format of packets and the addressing scheme
End-user computing
Password cracker
IP (Internet protocol)
PPP (point-to-point protocol)
37. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
Administrative controls
Challenge/response token
Mutual takeover
DNS (domain name system)
38. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Internal control structure
Corporate exchange rate
Certificate authority (CA)
ISO17799
39. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Simple Object Access Protocol (SOAP)
Normalization
Relevant audit evidence
Filtering router
40. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Private key cryptosystems
Local area network (LAN)
Noise
Third-party review
41. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Internal penetrators
Financial audit
Point-of-sale systems (POS)
Cadbury
42. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
Unit testing
Business impact analysis (BIA)
Format checking
Console log
43. Relates to the technical and physical features of the computer
Application development review
Hardware
Scure socket layer (SSL)
vulnerability
44. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Content filtering
Central office (CO)
Residual risk
Embedded audit module
45. The organization providing the outsourced service
Redo logs
Service provider
Posting
Fscal year
46. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Evidence
Asymmetric key (public key)
Object code
Source code compare programs
47. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.
HTTPS (hyper text transfer protocol secure)
DDoS (distributed denial-of-service) attack
Capacity stress testing
Judgment sampling
48. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.
Random access memory (RAM)
Digital signature
Intelligent terminal
Fault tolerance
49. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Echo checks
Data-oriented systems development
Structured programming
Test programs
50. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Internet Engineering Task Force (IETF)
Control risk self-assessment
Sequence check
Integrated services digital network (ISDN)