Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






2. An individual who attempts to gain unauthorized access to a computer system






3. The list of rules and/or guidance that is used to analyze event data






4. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






5. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently






6. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






7. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






8. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






9. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls






10. Any information collection mechanism utilized by an intrusion detection system






11. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.






12. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






13. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






14. A communications channel over which data can be sent and received simultaneously






15. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






16. The risk of errors occurring in the area being audited






17. Identified by one central processor and databases that form a distributed processing configuration






18. To configure a computer or other network device to resist attacks






19. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






20. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






21. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






22. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






23. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission






24. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






25. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






26. The property that data meet with a priority expectation of quality and that the data can be relied upon






27. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






28. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






29. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






30. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy






31. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server






32. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






33. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






34. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






35. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






36. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






37. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






38. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing






39. The ability of end users to design and implement their own information system utilizing computer software products






40. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






41. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






42. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






43. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext






44. The level of trust with which a system object is imbued






45. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei






46. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






47. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






48. Comparing the system's performance to other equivalent systems using well defined benchmarks






49. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






50. The process of converting a digital computer signal into an analog telecommunications signal