Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Symmetric key encryption
Electronic signature
Structured programming
Audit sampling

2. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Biometric locks
Public key
Gateway
Audit charter

3. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Hypertext
Promiscuous mode
Operating system audit trails
Source code

4. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Allocation entry
X.500
Utility software
Nonrepudiation

5. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl
Hierarchical database
Anomaly
Data Encryption Standard (DES)
Budget hierarchy

6. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
SMTP (Simple Mail Transport Protocol)
Leased lines
Memory dump
Vulnerabilities

7. The physical layout of how computers are linked together. Examples include ring; star and bus.
Antivirus software
Substantive testing
Topology
Vulnerabilities

8. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Broadband
e-commerce
liquidity risk
Active recovery site (mirrored)

9. Checks that data are entered correctly
Data custodian
Warm-site
Verification
Administrative controls

10. An interface point between the CPU and a peripheral device
Port
Logon
Whitebox testing
Ring topology

11. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
ACK (acknowledgement)
Encryption key
Computer server
Input controls

12. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Sequence check
Encryption key
SYN (synchronize)
Terminal

13. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Waterfall development
Leased lines
Token ring topology
Control group

14. The level to which transactions can be traced and audited through a system
Variable sampling
Run-to-run totals
Enterprise governance
Auditability

15. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Control objective
Master file
Monetary unit sampling
Electronic cash

16. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Worm
Source code compare programs
vulnerability
Redo logs

17. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Remote procedure calls (RPCs)
DMZ (demilitarized zone)
Challenge/response token
Internet Inter-ORB Protocol (IIOP)

18. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Circuit-switched network
Access control table
Audit charter
Passive response

19. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.
Operator console
System narratives
Static analysis
Fourth generation language (4GL)

20. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Tuple
ASP/MSP (application or managed service provider)
Consumer
Content filtering

21. To configure a computer or other network device to resist attacks
Comparison program
Continuous auditing approach
COSO
Harden

22. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Frame relay
Cold site
Extensible Markup Language (XML)
Requirements definition

23. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Application implementation review
Useful audit evidence
Point-of-sale systems (POS)
liquidity risk

24. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Tuple
Redo logs
Dial-in access controls
Ciphertext

25. A process used to identify and evaluate risks and their potential effects
Fscal year
RSA
Risk assessment
Information engineering

26. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
Cadbury
Star topology
Downloading
Substantive testing

27. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features
Reverse engineering
Security policy
Batch processing
Fail-safe

28. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Error risk
Microwave transmission
Independent appearance
Hot site

29. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Echo checks
Trust
Web page
Active response

30. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Security software
Application development review
Noise
Token ring topology

31. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul
Microwave transmission
Adjusting period
Blackbox testing
Parallel simulation

32. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
Registration authority (RA)
Cadbury
Attribute sampling
Sufficient audit evidence

33. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Variable sampling
Accountability
Hash function
Access method

34. The risk of giving an incorrect audit opinion
Active response
Detection risk
Audit risk
Arithmetic-logic unit (ALU)

35. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Offsite storage
Reengineering
Address
Detective controls

36. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
Operational audit
Top-level management
Geographic disk mirroring
Budget

37. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)
Default deny policy
Embedded audit module
FTP (file transfer protocol)
Certificate authority (CA)

38. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Brute force
Buffer
Honey pot
Statistical sampling

39. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Bus topology
Parallel testing
Fraud risk
Check digit

40. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Default deny policy
Virus
Access control
Hierarchical database

41. Detection on the basis of whether the system activity matched that defined as abnormal
Repository
Rulebase
Anomaly detection
Memory dump

42. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users
Split DNS
Object orientation
Application programming
Backup

43. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Dial-in access controls
TCP (transmission control protocol)
Electronic funds transfer (EFT)
Application software tracing and mapping

44. The logical language a computer understands
Computer-aided software engineering (CASE)
Input controls
Machine language
Hub

45. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Shell
Integrated services digital network (ISDN)
Credentialed analysis
Central office (CO)

46. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Multiplexor
Verification
Web Services Description Language (WSDL)
Asynchronous Transfer Mode (ATM)

47. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Reputational risk
Wide area network (WAN)
Open systems
DMZ (demilitarized zone)

48. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
LDAP (Lightweight Directory Access Protocol)
Backup
UDP (User Datagram Protocol)
Payment system

49. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Performance indicators
Real-time analysis
Integrity
Microwave transmission

50. Changing data with malicious intent before or during input into the system
Data diddling
Application layer
Ethernet
Central office (CO)