Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Black box testing
ACK (acknowledgement)
Access path
Redo logs

2. A device used for combining several lower-speed channels into a higher-speed channel
Table look-ups
Multiplexor
Risk assessment
browser

3. The primary language used by both application programmers and end users in accessing relational databases
Random access memory (RAM)
Internal control structure
Structured Query Language (SQL)
Third-party review

4. A device that connects two similar networks together
Tape management system (TMS)
Bridge
Production software
Bandwidth

5. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Data owner
Information engineering
Trojan horse
Anomaly

6. The area of the system that the intrusion detection system is meant to monitor and protect
General computer controls
Protection domain
Baud rate
Simple fail-over

7. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte
File
Logical access controls
TACACS+ (terminal access controller access control system plus)
Output analyzer

8. A series of tests designed to ensure that the modified program interacts correctly with other system components. These test procedures typically are performed by the system maintenance staff in their development library.
System testing
Partitioned file
Information processing facility (IPF)
Production software

9. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Requirements definition
Data analysis
Inheritance (objects)
Availability

10. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Availability
Memory dump
Noise
Professional competence

11. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Cohesion
Database
Repository
Test data

12. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Hierarchical database
Security software
Feasibility study
Attribute sampling

13. A set of protocols developed by the IETF to support the secure exchange of packets
Public key
Budget
IPSec (Internet protocol security)
DNS (domain name system)

14. A system's level of resilience to seamlessly react from hardware and/or software failure
Rootkit
Posting
Nonrepudiation
Fault tolerance

15. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Hash function
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Discovery sampling
Security testing

16. A communications channel over which data can be sent and received simultaneously
Program narratives
Full duplex
External router
Audit charter

17. Organizations that have no official physical site presence and are made up of diverse geographically dispersed or mobile employees.
System software
Real-time processing
virtual organizations
Protection domain

18. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Field
Expert systems
Network hop
Systems analysis

19. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Statistical sampling
Memory dump
RSA
Warm-site

20. A permanent connection between hosts in a packet switched network
Image processing
Production programs
Multiplexor
Permanent virtual circuit (PVC)

21. The person responsible for maintaining a LAN and assisting end users
Network administrator
Database replication
Logoff
Compensating control

22. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Network administrator
Object Management Group (OMG)
File
Authentication

23. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Cluster controller
Indexed sequential file
Application development review
Handprint scanner

24. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)
Executable code
Protocol
Card swipes
Sequence check

25. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
World Wide Web Consortium (W3C)
Broadband
Hub
RFC (request for comments)

26. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
PPTP (point-to-point tunneling protocol)
Field
Record; screen and report layouts
Central office (CO)

27. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Sniff
Microwave transmission
Independent appearance
Cleartext

28. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Universal Description; Discovery and Integration (UDDI)
Real-time processing
Data diddling
Default password

29. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Repudiation
Business risk
price risk
Procedure

30. Source lines of code are often used in deriving single-point software-size estimations.
Audit program
Source lines of code (SLOC)
Antivirus software
Corporate exchange rate

31. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Terminal
Addressing
Expert systems
Access rights

32. Provide verification that all transmitted data are read and processed
Card swipes
Taps
Run-to-run totals
Utility programs

33. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Password cracker
Optical scanner
Cross-certification
Decryption key

34. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Vaccine
Integrated services digital network (ISDN)
Hierarchical database
Continuity

35. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.
Protocol stack
Tuple
Internal control
Communications controller

36. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Spool (simultaneous peripheral operations online)
Expert systems
Modem (modulator-demodulator)
Circular routing

37. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Operator console
Data dictionary
Wiretapping
Twisted pairs

38. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Reasonable assurance
Intranet
Passive response
Interface testing

39. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Uploading
Data dictionary
Run instructions
Electronic cash

40. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Third-party review
Remote job entry (RJE)
Integrated test facilities (ITF)
Operating system audit trails

41. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Assembly language
Certificate authority (CA)
Content filtering
Client-server

42. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Application layer
Anonymous File Transfer Protocol (FTP)
Control risk
Link editor (linkage editor)

43. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Internal control
Worm
Promiscuous mode
Due professional care

44. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Internet Inter-ORB Protocol (IIOP)
Mapping
Top-level management
Masking

45. Any situation or event that has the potential to harm a system
ISO17799
Threat
Point-of-sale systems (POS)
business process integrity

46. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Enterprise governance
Third-party review
Decryption
Hypertext

47. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Online data processing
Gateway
Materiality
Extended Binary-coded Decimal Interchange Code (EBCDIC)

48. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa
File server
Digital certification
Hacker
Privacy

49. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Audit
Batch control
Independent attitude
Useful audit evidence

50. A system of interconnected computers and the communications equipment used to connect them
Coupling
Network
Dumb terminal
Real-time processing