Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Interface testing
Capacity stress testing
Application
Memory dump

2. An interface point between the CPU and a peripheral device
Pervasive IS controls
Port
Internal penetrators
Tape management system (TMS)

3. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Firewall
Nonrepudiation
Penetration testing
Production programs

4. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.
Trojan horse
Application maintenance review
Certificate authority (CA)
Top-level management

5. Refers to the controls that support the process of transformation of the organisation's legacy information systems into the ERP applications. This would largely cover all aspects of systems implementation and configuration; such as change management
Systems acquisition process
implementation life cycle review
Masqueraders
Completeness check

6. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
X.25
Test data
Static analysis
Multiplexor

7. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Continuity
Detection risk
Coverage
Offsite storage

8. Software used to create data to be used in the testing of computer programs
Internet
Test generators
Application programming interface (API)
Source documents

9. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Assembly language
Application development review
RFC (request for comments)
Sequential file

10. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Offsite storage
Cluster controller
Budget organization
Feasibility study

11. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as
Access control
File layout
Bar case
Token ring topology

12. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Information engineering
Masking
Baud rate
Terms of reference

13. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Object orientation
Interest rate risk
World Wide Web Consortium (W3C)
Budget formula

14. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Application implementation review
Non-intrusive monitoring
Test data

15. The potential loss to an area due to the occurrence of an adverse event
Exposure
Hardware
Machine language
Protection domain

16. A protocol used to transmit data securely between two end points to create a VPN
Internal control structure
PPTP (point-to-point tunneling protocol)
Business impact analysis (BIA)
Indexed sequential access method (ISAM)

17. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Audit accountability
Data flow
Computer sequence checking
Taps

18. The quality or state of not being named or identified
Anonymity
Continuous auditing approach
Vaccine
Useful audit evidence

19. Asoftware testing technique whereby the internal workings of the item being tested are not known by the tester. For example - in a black box test on a software design the tester only knows the inputs and what the expected outcomes should be and not h
Blackbox testing
Budget hierarchy
Batch processing
Credit risk

20. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Rulebase
Peripherals
Distributed data processing network
Trust

21. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Sniff
Benchmark
Decentralization
vulnerability

22. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Operational audit
Statistical sampling
Bus
ASP/MSP (application or managed service provider)

23. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Computer-aided software engineering (CASE)
War dialler
COSO
Coupling

24. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Internal control structure
ACK (acknowledgement)
Spanning port
Data owner

25. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features
Indexed sequential access method (ISAM)
Security policy
False negative
Hacker

26. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Application proxy
Object code
Promiscuous mode
Redo logs

27. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Error
Random access memory (RAM)
Source lines of code (SLOC)
Active response

28. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Communications controller
Exposure
Optical scanner
Hexadecimal

29. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.
Components (as in component-based development)
Sniffing
Consumer
Business impact analysis (BIA)

30. The computer room and support areas
Embedded audit module
Image processing
Logs/Log file
Information processing facility (IPF)

31. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
File layout
Appearance of independence
browser
Standing data

32. The elimination of redundant data
Utility programs
Normalization
Asynchronous Transfer Mode (ATM)
Penetration testing

33. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Standing data
Initial program load (IPL)
Twisted pairs
Hypertext

34. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Function point analysis
Offsite storage
Passive assault
Personal identification number (PIN)

35. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Value-added network (VAN)
Applet
Judgment sampling
Electronic cash

36. A system's level of resilience to seamlessly react from hardware and/or software failure
Software
Hacker
Fault tolerance
Audit responsibility

37. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Audit evidence
Controls (Control procedures)
Professional competence
implementation life cycle review

38. An international standard that defines information confidentiality; integrity and availability controls
ISO17799
Public key infrastructure
PPP (point-to-point protocol)
Point-of-presence (POP)

39. Software packages that sequentially dial telephone numbers; recording any numbers that answer
War dialler
Fscal year
Modulation
Data communications

40. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Content filtering
Downtime report
Reverse engineering
Internal control

41. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Vulnerability analysis
Downloading
Datagram
Master file

42. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Security software
Database management system (DBMS)
Hyperlink
Hexadecimal

43. A document which defines the IS audit function's responsibility; authority and accountability
Fscal year
Diskless workstations
Audit charter
Passive assault

44. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Interest rate risk
TCP (transmission control protocol)
Bulk data transfer
Components (as in component-based development)

45. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Packet
Budget hierarchy
Digital signature
Scheduling

46. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Audit sampling
Remote procedure calls (RPCs)
Check digit verification (self-checking digit)
Analog

47. The transmission of more than one signal across a physical channel
Multiplexing
X.25
Waterfall development
Journal entry

48. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
IPSec (Internet protocol security)
Leased lines
Independence
Hierarchical database

49. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Electronic cash
RFC (request for comments)
L2F (Layer 2 forwarding)
Source lines of code (SLOC)

50. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Magnetic ink character recognition (MICR)
Variable sampling
Database administrator (DBA)
Terms of reference