Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The ability of end users to design and implement their own information system utilizing computer software products






2. Any information collection mechanism utilized by an intrusion detection system






3. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






4. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco






5. A methodology that enables organisations to develop strategically important systems faster; while reducing development costs and maintaining quality by using a series of proven application development techniques; within a well-defined methodology.






6. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar






7. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






8. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






9. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population






10. The portion of a security policy that states the general process that will be performed to accomplish a security goal






11. The act of transferring computerized information from one computer to another computer






12. Memory chips with embedded program code that hold their content when power is turned off






13. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.






14. An interface between data terminal equipment (DTE) and data circuit-terminating equipment (DCE) for terminals operating in the packet mode on some public data networks






15. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.






16. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa






17. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






18. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.






19. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






20. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






21. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






22. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.






23. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private






24. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






25. Encapsulation is the technique used by layered protocols in which a lower layer protocol accepts a message from a higher layer protocol and places it in the data portion of a frame in the lower layer.






26. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






27. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






28. An eight-bit code representing 256 characters; used in most large computer systems






29. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






30. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level






31. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






32. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






33. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






34. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






35. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






36. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






37. A biometric device that is used to authenticate a user through palm scans






38. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






39. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






40. 1) The process of establishing and maintaining security in a computer or network system. The stages of this process include prevention of security problems; detection of intrusions; investigation of intrusions and resolution.2) In network management;






41. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th






42. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry






43. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






44. Identified by one central processor and databases that form a distributed processing configuration






45. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






46. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






47. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical






48. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






49. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






50. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)