SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv
Buffer
Cold site
Detective controls
Web page
2. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Parallel testing
Half duplex
Bar code
Trap door
3. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.
Judgment sampling
Hierarchical database
Packet filtering
Private key cryptosystems
4. Programs that are used to process live or actual data that were received as input into the production environment.
Program narratives
Production programs
Threat
Object orientation
5. A project management technique used in the planning and control of system projects
Program evaluation and review technique (PERT)
Bus topology
Dial-in access controls
Card swipes
6. Files maintained by a system; primarily a database management system; for the purposed of reapplying changes following an error or outage recovery
Redo logs
Duplex routing
Card swipes
Hardware
7. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Circular routing
Internal control structure
RADIUS
Taps
8. A system of storing messages in a private recording medium where the called party can later retrieve the messages
Voice mail
Data Encryption Standard (DES)
Object orientation
Single point of failure
9. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Topology
Performance testing
Security/transaction risk
Coaxial cable
10. Way of thinking; behaving; feeling; etc.
Attitude
Reverse engineering
Compensating control
Central processing unit (CPU)
11. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
System narratives
Operating system
Source lines of code (SLOC)
Master file
12. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Fail-over
Irregularities
Honey pot
Bypass label processing (BLP)
13. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator
Screening routers
Bar code
legal risk
Application development review
14. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management
Corporate governance
HTTP (hyper text transfer protocol)
Switch
Router
15. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.
Test generators
Structured programming
Sniff
Security software
16. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Wide area network (WAN)
Due care
Telnet
World Wide Web Consortium (W3C)
17. The outward impression of being self-governing and free from conflict of interest and undue influence
Privilege
Independent appearance
Private key
Centralized data processing
18. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system
Control risk
Generalized audit software
Intelligent terminal
Access control
19. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.
Duplex routing
Security software
Hypertext
Screening routers
20. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Biometrics
price risk
Sequential file
Combined Code on Corporate Governance
21. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Dial-back
Fscal year
Content filtering
Bar code
22. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Intranet
ISO17799
Access control table
False positive
23. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Web Services Description Language (WSDL)
Top-level management
RADIUS (remote authentication dial-in user service)
Sufficient audit evidence
24. The ability of end users to design and implement their own information system utilizing computer software products
Operating system
L2F (Layer 2 forwarding)
End-user computing
Challenge/response token
25. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Proxy server
Administrative controls
Abend
Universal Description; Discovery and Integration (UDDI)
26. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Transaction log
Diskless workstations
TCP (transmission control protocol)
Security policy
27. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
Hexadecimal
Whitebox testing
Substantive testing
Audit risk
28. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Decryption
Taps
Accountability
System narratives
29. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Public key
Uninterruptible power supply (UPS)
Systems acquisition process
Privilege
30. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Digital certification
Audit expert systems
Integrated services digital network (ISDN)
Untrustworthy host
31. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
Link editor (linkage editor)
Operator console
Circular routing
Database management system (DBMS)
32. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis
Audit plan
Strategic risk
Certificate authority (CA)
Static analysis
33. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards
Internal penetrators
Professional competence
Audit evidence
Cathode ray tube (CRT)
34. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Telecommunications
Router
Computer server
Allocation entry
35. Point at which terminals are given access to a network
Node
X.25
Local loop
RS-232 interface
36. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Computer-aided software engineering (CASE)
Mutual takeover
Components (as in component-based development)
Remote procedure calls (RPCs)
37. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Application implementation review
Port
DoS (denial-of-service) attack
Intelligent terminal
38. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Internal control
Enterprise resource planning
Partitioned file
Demodulation
39. A device for sending and receiving computerized data over transmission lines
Harden
Operating system
Magnetic card reader
Terminal
40. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Detailed IS ontrols
Hash function
Frame relay
Bar case
41. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Range check
Logon
Operational audit
Virus
42. Controls over the business processes that are supported by the ERP
Concurrent access
Token
Reciprocal agreement
business process integrity
43. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
File
Symmetric key encryption
Budget organization
Salami technique
44. The act of transferring computerized information from one computer to another computer
Downloading
Bar code
IP (Internet protocol)
Service user
45. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)
Transaction
Mapping
Public key cryptosystem
Bar case
46. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Concurrent access
Challenge/response token
Image processing
Program evaluation and review technique (PERT)
47. A set of communications protocols that encompasses media access; packet transport; session communications; file transfer; electronic mail; terminal emulation; remote file access and network management. TCP/IP provides the basis for the Internet.
Business process reengineering (BPR)
Audit charter
Personal identification number (PIN)
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
48. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Threat
Regression testing
Audit objective
Encryption key
49. A protocol for accessing a secure web server; whereby all data transferred is encrypted
HTTPS (hyper text transfer protocol secure)
Anomaly
Dial-in access controls
RSA
50. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
Project sponsor
Inheritance (objects)
Utility programs
Optical character recognition
