Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Performance measurement of service delivery including cost; timeliness and quality against agreed service levels
Program narratives
Audit accountability
DNS (domain name system)
Penetration testing

2. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Information processing facility (IPF)
Librarian
Compliance testing
Online data processing

3. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Private key cryptosystems
Ring topology
Enterprise resource planning
Internal penetrators

4. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
DoS (denial-of-service) attack
Intrusion
Bandwidth
X.25 interface

5. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Exception reports
Wiretapping
Components (as in component-based development)
Business process reengineering (BPR)

6. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Uninterruptible power supply (UPS)
Request for proposal (RFP)
Substantive testing
Discovery sampling

7. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Scheduling
Modem (modulator-demodulator)
Card swipes
Access method

8. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Record
Detective controls
Continuous auditing approach
Criteria

9. Character-at-a-time transmission
Cathode ray tube (CRT)
Asynchronous transmission
Data integrity
Biometric locks

10. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Hexadecimal
Concurrent access
Initial program load (IPL)
Internet packet (IP) spoofing

11. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Computer-aided software engineering (CASE)
Hot site
Database specifications

12. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Universal Description; Discovery and Integration (UDDI)
Certificate Revocation List
Tcpdump
Telecommunications

13. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Benchmark
TCP (transmission control protocol)
Bypass label processing (BLP)
Accountability

14. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
IDS (intrusion detection system)
Peripherals
Compiler
Public key cryptosystem

15. Any intentional violation of the security policy of a system
Half duplex
Intrusion
Rounding down
vulnerability

16. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Default password
Security administrator
Token
Database management system (DBMS)

17. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Internet Inter-ORB Protocol (IIOP)
HTTP (hyper text transfer protocol)
Public key
Cleartext

18. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Application proxy
Split data systems
Symmetric key encryption
Public key cryptosystem

19. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Hardware
Reengineering
Dial-in access controls
Database management system (DBMS)

20. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Static analysis
legal risk
Assembly language
Certificate authority (CA)

21. A broad and wide-ranging concept of corporate governance; covering associated organizations such as global strategic alliance partners. (Source: Control Objectives for Enterprise Governance Discussion Document; published by the Information Systems Au
Virtual private network (VPN)
Threat
Enterprise governance
Decision support systems (DSS)

22. The computer room and support areas
System software
Security perimeter
Information processing facility (IPF)
Access rights

23. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
L2TP (Layer 2 tunneling protocol)
Information processing facility (IPF)
Value-added network (VAN)
Blackbox testing

24. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
False positive
Residual risk
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Editing

25. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries
Control weakness
Manual journal entry
ICMP (internet control message protocol)
Error risk

26. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
Application development review
Format checking
Artificial intelligence
Control objective

27. A device that connects two similar networks together
Expert systems
TCP (transmission control protocol)
Bridge
Remote procedure calls (RPCs)

28. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
COBIT
Combined Code on Corporate Governance
Decentralization
E-mail/interpersonal messaging

29. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Protocol converter
Parallel testing
Downtime report
Vulnerability analysis

30. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Service bureau
Parallel testing
Security testing
Binary code

31. An audit designed to determine the accuracy of financial records and information
Generalized audit software
Image processing
Active recovery site (mirrored)
Financial audit

32. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
File
Detection risk
Limit check
Cadbury

33. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Modulation
PPP (point-to-point protocol)
Object Management Group (OMG)
Utility software

34. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
False negative
Pervasive IS controls
Leased lines
Repudiation

35. The act or function of developing and maintaining applications programs in production
Multiplexor
Application programming
Man-in-the-middle attack
Operational control

36. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Access path
Biometric locks
Enterprise governance
Reciprocal agreement

37. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)
Backup
Salami technique
Application maintenance review
Application

38. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Reasonableness check
Open systems
Fourth generation language (4GL)
Security/transaction risk

39. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
BSP (business service provider)
liquidity risk
Audit evidence
Local loop

40. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Authorization
Confidentiality
Test generators
Waterfall development

41. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission
Windows NT
End-user computing
Single point of failure
ACK (acknowledgement)

42. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features
LDAP (Lightweight Directory Access Protocol)
Security policy
Electronic vaulting
Auditability

43. A language used to control run routines in connection with performing tasks on a computer
Cold site
Job control language (JCL)
Subject matter (Area of activity)
ASCII (American Standard Code for Information Interchange)

44. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Netware
Tcpdump
Public key cryptosystem
Untrustworthy host

45. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
RFC (request for comments)
Control risk
Real-time analysis
Repudiation

46. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Interface testing
Monitor
Application software tracing and mapping
Threat

47. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Buffer
Procedure
Registration authority (RA)
price risk

48. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Card swipes
Performance testing
Structured programming
Program evaluation and review technique (PERT)

49. A flag set in a packet to indicate that this packet is the final data packet of the transmission
FIN (final)
Residual risk
Procedure
Relevant audit evidence

50. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Gateway
Control perimeter
Penetration testing
DoS (denial-of-service) attack