SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The interface between the user and the system
Dry-pipe fire extinguisher system
Shell
implementation life cycle review
Internet
2. The elimination of redundant data
Duplex routing
Protocol converter
Audit charter
Normalization
3. The property that data meet with a priority expectation of quality and that the data can be relied upon
Control group
Audit charter
Data integrity
Intranet
4. Integral part of an application system that is designed to identify and report specific transactions or other information based on pre-determined criteria. Identification of reportable items occurs as part of real-time processing. Reporting may be re
Rounding down
Embedded audit module
Misuse detection
Packet
5. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Router
Strategic risk
Logs/Log file
Online data processing
6. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Compensating control
Detailed IS ontrols
Subject matter (Area of activity)
Tuple
7. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Audit sampling
Attribute sampling
Data security
Real-time analysis
8. The ability of end users to design and implement their own information system utilizing computer software products
End-user computing
Redundancy check
Offline files
Internet Inter-ORB Protocol (IIOP)
9. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Hash function
vulnerability
Vulnerability analysis
Central office (CO)
10. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Scure socket layer (SSL)
Web site
Modem (modulator-demodulator)
Continuous auditing approach
11. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r
Librarian
Table look-ups
Challenge/response token
Business-to-consumer e-commerce (B2C)
12. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy
Token
System software
Protection domain
World Wide Web Consortium (W3C)
13. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Audit expert systems
Internal control structure
Validity check
Logoff
14. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Detection risk
Penetration testing
Program flowcharts
BSP (business service provider)
15. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa
Internet banking
Optical character recognition
Service user
Vaccine
16. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Budget organization
Operational control
Enterprise resource planning
Coverage
17. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.
Vaccine
Technical infrastructure security
Reciprocal agreement
Cathode ray tube (CRT)
18. The person responsible for maintaining a LAN and assisting end users
Network administrator
Attitude
Gateway
Appearance
19. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Decision support systems (DSS)
Electronic cash
Asynchronous transmission
Address space
20. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account
Waterfall development
Brute force
Salami technique
Split data systems
21. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
Business process reengineering (BPR)
Trusted processes
Misuse detection
Project team
22. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Anonymous File Transfer Protocol (FTP)
Threat
Attribute sampling
Single point of failure
23. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Hierarchical database
Data analysis
Abend
Active response
24. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
Central processing unit (CPU)
DMZ (demilitarized zone)
Hyperlink
Demodulation
25. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Operational audit
Interface testing
Network hop
Address space
26. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
legal risk
Segregation/separation of duties
Structured programming
Security administrator
27. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
Test programs
Residual risk
COSO
Production software
28. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Digital signature
Operating system
FTP (file transfer protocol)
Repository
29. The quality or state of not being named or identified
Anonymity
Biometrics
Data integrity
Decentralization
30. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Active response
Audit sampling
Antivirus software
Echo checks
31. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Interest rate risk
RFC (request for comments)
Filtering router
Internal control structure
32. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
War dialler
Dry-pipe fire extinguisher system
Parallel testing
Star topology
33. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
UNIX
Indexed sequential file
Computationally greedy
Encryption key
34. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Parallel testing
Project sponsor
Integrity
ACK (acknowledgement)
35. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Terminal
Logs/Log file
Program flowcharts
Synchronous transmission
36. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v
Integrity
Private key cryptosystems
Default password
Rotating standby
37. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Tape management system (TMS)
Source code
Independence
Point-of-sale systems (POS)
38. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.
Access method
Queue
Asynchronous Transfer Mode (ATM)
Dumb terminal
39. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Application controls
Comprehensive audit
Piggy backing
Optical scanner
40. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Protocol stack
Field
Rounding down
Distributed data processing network
41. Changing data with malicious intent before or during input into the system
Project team
Data diddling
Information processing facility (IPF)
Record
42. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Operating system
Indexed sequential access method (ISAM)
Utility software
Spoofing
43. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.
Accountability
Polymorphism (objects)
Test data
System flowcharts
44. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.
Signatures
Function point analysis
TCP (transmission control protocol)
Operating system audit trails
45. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
Web site
Bus topology
Capacity stress testing
Control perimeter
46. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.
Masking
Automated teller machine (ATM)
Electronic funds transfer (EFT)
IP (Internet protocol)
47. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Pervasive IS controls
Personal identification number (PIN)
L2TP (Layer 2 tunneling protocol)
Encapsulation (objects)
48. Range checks ensure that data fall within a predetermined range (also see limit checks).
Range check
Harden
Detective controls
Performance indicators
49. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission
ISO17799
Noise
Echo checks
NAT (Network Address Translation)
50. Comparing the system's performance to other equivalent systems using well defined benchmarks
Encryption
Performance testing
Magnetic ink character recognition (MICR)
Link editor (linkage editor)