Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






2. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






3. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco






4. Unusual or statistically rare






5. Used to enable remote access to a server computer. Commands typed are run on the remote server.






6. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss






7. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat






8. Used to ensure that input data agree with predetermined criteria stored in a table






9. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






10. A device used for combining several lower-speed channels into a higher-speed channel






11. The area of the central processing unit that performs mathematical and analytical operations






12. A measurement of the point prior to an outage to which data are to be restored






13. Processes certified as supporting a security goal






14. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






15. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






16. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com






17. Universal Description; Discovery and Integration






18. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






19. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.






20. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






21. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






22. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






23. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






24. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






25. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers






26. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






27. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions






28. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






29. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






30. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






31. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service






32. The organization using the outsourced service






33. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






34. The portion of a security policy that states the general process that will be performed to accomplish a security goal






35. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






36. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files






37. Memory chips with embedded program code that hold their content when power is turned off






38. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






39. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






40. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.






41. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






42. Patterns indicating misuse of a system






43. Impartial point of view which allows the IS auditor to act objectively and with fairness






44. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase






45. The quality or state of not being named or identified






46. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






47. The computer room and support areas






48. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






49. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






50. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to