Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






2. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






3. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.






4. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






5. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






6. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






7. The ability of end users to design and implement their own information system utilizing computer software products






8. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






9. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred






10. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






11. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking






12. The transfer of service from an incapacitated primary component to its backup component






13. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






14. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis






15. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system






16. The roles; scope and objectives documented in the service level agreement between management and audit






17. A project management technique used in the planning and control of system projects






18. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






19. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






20. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne






21. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal






22. Deliberately testing only the value-added functionality of a software component






23. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






24. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.






25. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






26. The specific information subject to the IS auditor's report and related procedures which can include things such as the design or operation of internal controls and compliance with privacy practices or standards or specified laws and regulations.






27. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.






28. The organization providing the outsourced service






29. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations






30. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






31. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun






32. Diligence which a person would exercise under a given set of circumstances






33. The boundary that defines the area of security concern and security policy coverage






34. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






35. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






36. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.






37. Unusual or statistically rare






38. Data that is not encrypted. Also known as plaintext.






39. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).






40. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t






41. A device used for combining several lower-speed channels into a higher-speed channel






42. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






43. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities






44. Compares data to predefined reasonability limits or occurrence rates established for the data.






45. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto






46. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






47. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






48. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






49. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic






50. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as