SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.
Passive response
Ethernet
Access path
Control section
2. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio
Sniffing
Coaxial cable
Non-intrusive monitoring
Simple Object Access Protocol (SOAP)
3. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Fault tolerance
Budget hierarchy
Web Services Description Language (WSDL)
Finger
4. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.
Intranet
Compensating control
Remote job entry (RJE)
L2F (Layer 2 forwarding)
5. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Leased lines
Masking
Biometric locks
Application maintenance review
6. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
World Wide Web Consortium (W3C)
Hash total
Range check
Coverage
7. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Plaintext
Default deny policy
Incremental testing
Output analyzer
8. Those policies and procedures implemented to achieve a related control objective
Controls (Control procedures)
Screening routers
Sniff
Repository
9. The act of transferring computerized information from one computer to another computer
Idle standby
Brute force
Downloading
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
10. A deficiency in the design or operation of a control procedure. Control weaknesses can potentially result in risks relevant to the area of activity not being reduced to an acceptable level (relevant risks are those that threaten achievement of the ob
RS-232 interface
Performance indicators
Allocation entry
Control weakness
11. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Public key cryptosystem
Rapid application development
Peripherals
Router
12. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
HTTP (hyper text transfer protocol)
Card swipes
Audit risk
Bypass label processing (BLP)
13. A series of steps to complete an audit objective
Screening routers
Independence
Audit program
Structured programming
14. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Dumb terminal
Tcpdump
Control risk
Logon
15. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Packet filtering
Anonymous File Transfer Protocol (FTP)
Corporate exchange rate
Hexadecimal
16. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Business risk
Nonrepudiable trnasactions
Passive assault
Fail-safe
17. A telecommunications traffic controlling methodology in which a complete message is sent to a concentration point and stored until the communications path is established
ASCII (American Standard Code for Information Interchange)
Business-to-consumer e-commerce (B2C)
Message switching
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
18. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Point-of-presence (POP)
Rotating standby
Security testing
Parity check
19. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
UDP (User Datagram Protocol)
Screening routers
Segregation/separation of duties
Data analysis
20. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Password
Bus
Foreign exchange risk
Service user
21. 1) Two or more networks connected by a router 2) The world's largest network using TCP/IP protocols to link government; university and commercial institutions
Image processing
Internet
Noise
Manual journal entry
22. The ability of end users to design and implement their own information system utilizing computer software products
Middleware
Run instructions
End-user computing
ACK (acknowledgement)
23. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Client-server
Data dictionary
Split data systems
Latency
24. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Mapping
Spool (simultaneous peripheral operations online)
Security software
Virtual private network (VPN)
25. The process of converting an analog telecommunications signal into a digital computer signal
Limit check
Fault tolerance
Demodulation
Security testing
26. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Decision support systems (DSS)
Port
Content filtering
Arithmetic-logic unit (ALU)
27. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
System narratives
IPSec (Internet protocol security)
Budget formula
Edit controls
28. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function
Communications controller
Bus topology
Packet
Program evaluation and review technique (PERT)
29. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Computationally greedy
Smart card
Man-in-the-middle attack
Anomaly detection
30. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Audit
IDS (intrusion detection system)
Remote procedure calls (RPCs)
Synchronous transmission
31. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.
Port
Reciprocal agreement
Baud rate
Data communications
32. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Financial audit
Internal control
Voice mail
Object code
33. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Independent appearance
Password
Indexed sequential file
Data owner
34. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.
Run instructions
Bus topology
Ciphertext
Bulk data transfer
35. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Professional competence
Bus
Point-of-sale systems (POS)
Data leakage
36. Defined minimum performance measures at or above which the service delivered is considered acceptable
Feasibility study
Subject matter (Area of activity)
Service level agreement (SLA)
Logical access controls
37. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Application security
Masqueraders
Degauss
Pervasive IS controls
38. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Biometrics
Source lines of code (SLOC)
Internal penetrators
Business-to-consumer e-commerce (B2C)
39. A program written in a portable; platform independent computer language; such as Java. It is usually embedded in an HTML page and then executed by a browser. Applets can only perform a restricted set of operations; thus preventing; or at least minimi
Applet
Bar case
Indexed sequential file
Application software tracing and mapping
40. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Source code
Remote procedure calls (RPCs)
Local loop
Business risk
41. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Trust
Internet Engineering Task Force (IETF)
Expert systems
Binary code
42. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Latency
Vulnerabilities
Unit testing
Node
43. The code used to designate the location of a specific piece of data within computer storage
Application development review
Address
ASCII (American Standard Code for Information Interchange)
Continuity
44. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Transaction
Requirements definition
Sequence check
Universal Description; Discovery and Integration (UDDI)
45. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Man-in-the-middle attack
DNS (domain name system)
Comparison program
Penetration testing
46. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Voice mail
Open systems
Systems development life cycle (SDLC)
Transaction log
47. The organization providing the outsourced service
Budget hierarchy
Service provider
Partitioned file
Personal identification number (PIN)
48. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Independent attitude
Circular routing
Test data
Cross-certification
49. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
ASCII (American Standard Code for Information Interchange)
Computer server
Materiality
Threat
50. The use of alphabetic characters or an alphabetic character string
Alpha
Independent appearance
Baud rate
Geographic disk mirroring
