Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas
Unit testing
Program flowcharts
Prototyping
ACK (acknowledgement)

2. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules
Filtering router
PPP (point-to-point protocol)
Dial-in access controls
ASCII (American Standard Code for Information Interchange)

3. The proportion of known attacks detected by an intrusion detection system
Trusted processes
Card swipes
Audit charter
Coverage

4. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Attribute sampling
Point-of-sale systems (POS)
Accountability
Half duplex

5. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Blackbox testing
Split data systems
Circular routing
Data analysis

6. Range checks ensure that data fall within a predetermined range (also see limit checks).
IT governance
Comparison program
Geographic disk mirroring
Range check

7. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Blackbox testing
Sniff
Authorization
System narratives

8. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Filtering router
Encryption key
Database replication
Application

9. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Security administrator
Evidence
Structured programming
Repudiation

10. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.
Object code
Application system
Unit testing
Taps

11. The most important types of operational risk involve breakdowns in internal controls and corporate governance. Such breakdowns can lead to financial losses through error; fraud or failure to perform in a timely manner or cause the interests of the ba
Virtual private network (VPN)
Embedded audit module
Voice mail
Operational risk

12. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Initial program load (IPL)
Corporate exchange rate
Irregularities
Business-to-consumer e-commerce (B2C)

13. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Cryptography
Default deny policy
Table look-ups
Packet

14. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Due care
Data communications
Offline files
Integrated services digital network (ISDN)

15. A test to check the system's ability to recover after a software or hardware failure
Recovery testing
Switch
Netware
TCP (transmission control protocol)

16. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
Benchmark
Outsourcing
Trusted systems
virtual organizations

17. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Corporate exchange rate
Appearance
Surge suppressor

18. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Access control table
Management information system (MIS)
Source documents
Spoofing

19. (remote authentication dial-in user service)
Cohesion
Continuity
RADIUS
Audit plan

20. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Address space
Security policy
Application acquisition review
Top-level management

21. Specifies the format of packets and the addressing scheme
Source code
Record; screen and report layouts
IP (Internet protocol)
Default password

22. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
DoS (denial-of-service) attack
Compensating control
Nonrepudiable trnasactions
Duplex routing

23. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Dial-back
Audit responsibility
Control Objectives for Enterprise Governance
Netware

24. The interface between the user and the system
Split data systems
Untrustworthy host
Shell
Brute force

25. An edit check designed to ensure the data in a particular field is numeric
Discovery sampling
Full duplex
Numeric check
Decryption key

26. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Reliable audit evidence
Protocol converter
Blackbox testing
Budget

27. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Real-time analysis
Unit testing
Transaction log
Web site

28. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Reverse engineering
Application security
Honey pot
Limit check

29. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Credit risk
Application implementation review
Full duplex
Database management system (DBMS)

30. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Capacity stress testing
Star topology
Coaxial cable
Spool (simultaneous peripheral operations online)

31. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Systems analysis
Permanent virtual circuit (PVC)
Man-in-the-middle attack
Database

32. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
Hub
legal risk
Fscal year
Challenge/response token

33. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Field
Appearance of independence
Screening routers
Passive assault

34. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
Multiplexor
Budget
Image processing

35. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record
X.25 interface
Hexadecimal
Gateway
Indexed sequential file

36. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Limit check
Fault tolerance
HTTP (hyper text transfer protocol)
Terms of reference

37. A document which defines the IS audit function's responsibility; authority and accountability
Hyperlink
Audit charter
Man-in-the-middle attack
Plaintext

38. A protocol used to transmit data securely between two end points to create a VPN
IP (Internet protocol)
Transaction log
Inherent risk
PPTP (point-to-point tunneling protocol)

39. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Enterprise resource planning
Finger
Substantive testing
Decryption

40. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Trusted systems
Repudiation
Dial-in access controls

41. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Salami technique
Audit accountability
Star topology
Control weakness

42. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.
Electronic data interchange (EDI)
Uploading
Cryptography
Fault tolerance

43. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Third-party review
Latency
ICMP (internet control message protocol)
Electronic cash

44. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Data diddling
Polymorphism (objects)
Manual journal entry
Partitioned file

45. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Production programs
Terms of reference
Due care
Ring topology

46. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Enterprise resource planning
Benchmark
Half duplex
Logon

47. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Communications controller
Bar code
Redo logs
Network

48. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Reengineering
Bypass label processing (BLP)
Anonymous File Transfer Protocol (FTP)
Machine language

49. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Recovery testing
Address space
Format checking
Database management system (DBMS)

50. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Relevant audit evidence
Windows NT
Editing
Benchmark