Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






2. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






3. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






4. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






5. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.






6. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






7. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






8. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






9. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






10. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






11. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






12. The process of converting an analog telecommunications signal into a digital computer signal






13. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






14. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment






15. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






16. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






17. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide






18. The person responsible for maintaining a LAN and assisting end users






19. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency






20. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






21. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






22. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






23. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






24. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct






25. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






26. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications






27. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






28. Unusual or statistically rare






29. The rules by which a network operates and controls the flow and priority of transmissions






30. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.






31. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.






32. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem






33. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






34. Record layouts provide information regarding the type of record; its size and the type of data contained in the record. Screen and report layouts describe what information is provided and necessary for input.






35. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






36. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






37. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






38. The property that data meet with a priority expectation of quality and that the data can be relied upon






39. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






40. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






41. Changing data with malicious intent before or during input into the system






42. The transfer of service from an incapacitated primary component to its backup component






43. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






44. The machine language code that is generally referred to as the object or load module






45. Error control deviations (compliance testing) or misstatements (substantive testing)






46. Checks that data are entered correctly






47. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






48. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






49. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






50. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.