SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A named collection of related records
Applet
System testing
Firewall
File
2. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Application acquisition review
Personal identification number (PIN)
Irregularities
Continuous auditing approach
3. A communications channel over which data can be sent and received simultaneously
Application programming interface (API)
Record
Full duplex
Internet
4. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Remote procedure calls (RPCs)
Error risk
Static analysis
Magnetic card reader
5. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Detective controls
Control risk self-assessment
implementation life cycle review
Data diddling
6. The individual responsible for the safeguard and maintenance of all program and data files
Librarian
Inherent risk
Attitude
File layout
7. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Embedded audit module
Data custodian
Node
Port
8. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Audit risk
Polymorphism (objects)
False negative
Electronic signature
9. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Fail-over
Link editor (linkage editor)
ASP/MSP (application or managed service provider)
Vulnerability analysis
10. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Reengineering
Encryption
Incremental testing
Data flow
11. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Internet banking
RFC (request for comments)
Authentication
Application programming interface (API)
12. The forms used to record data that have been captured. A source document may be a piece of paper; a turnaround document or an image displayed for online data input.
Spanning port
Intrusive monitoring
Source documents
Passive response
13. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Scure socket layer (SSL)
Integrated services digital network (ISDN)
Rounding down
Enterprise resource planning
14. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Job control language (JCL)
SYN (synchronize)
Downtime report
Remote job entry (RJE)
15. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Router
Security/transaction risk
Bus topology
Uninterruptible power supply (UPS)
16. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Application programming
Split DNS
Half duplex
vulnerability
17. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
File layout
Financial audit
Value-added network (VAN)
Computer-aided software engineering (CASE)
18. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Redo logs
False positive
Degauss
Enterprise resource planning
19. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Table look-ups
Link editor (linkage editor)
Accountability
Data owner
20. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Voice mail
Materiality
Single point of failure
Technical infrastructure security
21. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Blackbox testing
Password
Fraud risk
Masqueraders
22. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Record
Personal identification number (PIN)
Ring topology
Systems analysis
23. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Access method
Anonymity
Cold site
Applet
24. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Operational control
Sequential file
Coverage
browser
25. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Job control language (JCL)
Auditability
Image processing
Foreign exchange risk
26. The standard e-mail protocol on the Internet
Modem (modulator-demodulator)
Abend
Web page
SMTP (Simple Mail Transport Protocol)
27. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Teleprocessing
Attitude
Password
Coaxial cable
28. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.
Encapsulation (objects)
Payment system
Uninterruptible power supply (UPS)
Utility programs
29. The act of giving the idea or impression of being or doing something
Analog
Internet Inter-ORB Protocol (IIOP)
Assembler
Appearance
30. A small electronic device that contains electronic memory; and possibly an embedded integrated circuit. It can be used for a number of purposes including the storage of digital certificates or digital cash; or it can be used as a token to authenticat
Access path
Smart card
Numeric check
Risk assessment
31. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Bar code
Requirements definition
Point-of-sale systems (POS)
Network hop
32. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Sniff
Cross-certification
Tcpdump
Data structure
33. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Judgment sampling
IDS (intrusion detection system)
Integrated services digital network (ISDN)
COSO
34. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Control Objectives for Enterprise Governance
Assembly language
Control section
Half duplex
35. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Intrusion detection
Error risk
Offsite storage
Appearance of independence
36. The susceptibility of an audit area to error which could be material; individually or in combination with other errors; assuming that there are no related internal controls
Inherent risk
Communications controller
Rulebase
Real-time analysis
37. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Signatures
Adjusting period
Comprehensive audit
Administrative controls
38. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Tcpdump
RFC (request for comments)
Foreign exchange risk
Internet packet (IP) spoofing
39. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Packet
Detective controls
Run instructions
ICMP (internet control message protocol)
40. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Computer server
e-commerce
Allocation entry
Function point analysis
41. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Components (as in component-based development)
browser
Whitebox testing
Audit objective
42. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.
Threat
Encapsulation (objects)
Image processing
Active response
43. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Operating system
Object Management Group (OMG)
Operational audit
Cluster controller
44. A standardized body of data created for testing purposes. Users normally establish the data. Base case validates production application systems and tests the ongoing accurate operation of the system.
legal risk
Database
Bar case
Scheduling
45. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Redundancy check
Reliable audit evidence
Operational control
Rootkit
46. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Discovery sampling
X.25
Dial-back
Reputational risk
47. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Record
Proxy server
Application controls
Adjusting period
48. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Management information system (MIS)
Magnetic ink character recognition (MICR)
Downloading
Gateway
49. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Security policy
HTTP (hyper text transfer protocol)
Vulnerability analysis
System exit
50. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Uploading
Simple fail-over
Accountability
Leased lines