Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






2. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency






3. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it






4. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system






5. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements






6. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






7. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






8. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim






9. The process of converting an analog telecommunications signal into a digital computer signal






10. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen






11. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






12. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






13. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






14. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files






15. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr






16. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






17. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






18. A protocol and program that allows the remote identification of users logged into a system






19. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






20. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






21. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






22. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors






23. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






24. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






25. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






26. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






27. A program that translates programming language (source code) into machine executable instructions (object code)






28. The boundary that defines the area of security concern and security policy coverage






29. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.






30. Patterns indicating misuse of a system






31. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






32. The level of trust with which a system object is imbued






33. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






34. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






35. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa






36. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






37. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






38. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






39. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






40. A system of storing messages in a private recording medium where the called party can later retrieve the messages






41. Analysis that is performed in real time or in continuous form






42. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






43. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r






44. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






45. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial






46. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl






47. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






48. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.






49. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






50. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.






Can you answer 50 questions in 15 minutes?



Let me suggest you:

Browse all subjects

Browse all tests

Most popular tests



Major Subjects

Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Browse all subjects

Browse all tests

Most popular tests