SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
Capacity stress testing
Format checking
Audit risk
Binary code
2. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Point-of-presence (POP)
Business process reengineering (BPR)
e-commerce
Confidentiality
3. The risk of errors occurring in the area being audited
Modulation
TACACS+ (terminal access controller access control system plus)
Web page
Error risk
4. A utility program that combines several separately compiled modules into one; resolving internal references between them
Link editor (linkage editor)
Windows NT
Completeness check
Input controls
5. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Firmware
Access control table
Circular routing
Field
6. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.
Masking
Router
Source lines of code (SLOC)
Diskless workstations
7. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Cleartext
Job control language (JCL)
Password
Finger
8. Those policies and procedures implemented to achieve a related control objective
Alpha
Independence
Dry-pipe fire extinguisher system
Controls (Control procedures)
9. An edit check designed to ensure the data in a particular field is numeric
Numeric check
Useful audit evidence
Objectivity
Program flowcharts
10. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Completeness check
Verification
Detective controls
Top-level management
11. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Function point analysis
Data custodian
RS-232 interface
Table look-ups
12. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.
TCP (transmission control protocol)
Inheritance (objects)
Wiretapping
implementation life cycle review
13. Specifies the format of packets and the addressing scheme
Enterprise governance
Dumb terminal
Operating system
IP (Internet protocol)
14. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.
Token
Active recovery site (mirrored)
Data security
Rounding down
15. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards
Professional competence
Personal identification number (PIN)
Intrusive monitoring
NAT (Network Address Translation)
16. An automated detail report of computer system activity
Penetration testing
Production software
Data security
Console log
17. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Router
Independent attitude
Artificial intelligence
Anonymous File Transfer Protocol (FTP)
18. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Recovery testing
Salami technique
Bar code
Benchmark
19. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Hyperlink
Encapsulation (objects)
Nonrepudiation
Error risk
20. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa
Verification
File server
Gateway
Journal entry
21. A protocol and program that allows the remote identification of users logged into a system
Protocol stack
Finger
Monitoring policy
world wide web (WWW)
22. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Source code
Fourth generation language (4GL)
Backup
Technical infrastructure security
23. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Data structure
Service provider
False negative
Symmetric key encryption
24. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Filtering router
Man-in-the-middle attack
Baseband
Fail-safe
25. The area of the system that the intrusion detection system is meant to monitor and protect
Packet
Standing data
Man-in-the-middle attack
Protection domain
26. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Biometric locks
Brouters
Circular routing
Full duplex
27. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Control group
Data analysis
Tcpdump
Object Management Group (OMG)
28. Self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions; not influenced by the organization being audited and its people (managers and employers).
Logs/Log file
Independence
Public key infrastructure
Risk assessment
29. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Application controls
Switch
Budget
Proxy server
30. Used to electronically input; read and interpret information directly from a source document; requires the source document to have specially-coded magnetic ink typeset
Continuous auditing approach
Magnetic ink character recognition (MICR)
Monetary unit sampling
Teleprocessing
31. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system
File
Real-time analysis
Static analysis
Uninterruptible power supply (UPS)
32. Relates to the technical and physical features of the computer
Utility programs
RADIUS
Hardware
Recovery time objective (RTO)
33. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
Access method
Teleprocessing
Audit plan
Irregularities
34. The process of electronically inputting source documents by taking an image of the document; thereby eliminating the need for key entry
Optical character recognition
Bar case
Challenge/response token
Image processing
35. A program that translates programming language (source code) into machine executable instructions (object code)
Run-to-run totals
Handprint scanner
Useful audit evidence
Compiler
36. The main memory of the computer's central processing unit
Biometric locks
Application acquisition review
Population
Internal storage
37. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Data leakage
Plaintext
Systems development life cycle (SDLC)
Mapping
38. To configure a computer or other network device to resist attacks
Table look-ups
Budget
Internet Engineering Task Force (IETF)
Harden
39. The ability to map a given activity or event back to the responsible party
Field
Data custodian
Fourth generation language (4GL)
Accountability
40. Diligence which a person would exercise under a given set of circumstances
Access control table
Limit check
Mapping
Due care
41. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Audit accountability
Static analysis
Sampling risk
Data communications
42. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Bypass label processing (BLP)
Modulation
False negative
Masqueraders
43. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Repudiation
Ciphertext
Digital signature
Check digit verification (self-checking digit)
44. A protocol for packet-switching networks
X.25
Assembler
liquidity risk
Computer sequence checking
45. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Variable sampling
Audit trail
Source code compare programs
Electronic data interchange (EDI)
46. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Generalized audit software
Internet
Downtime report
Dial-in access controls
47. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)
Duplex routing
Authentication
Firmware
Integrity
48. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Coaxial cable
business process integrity
Embedded audit module
Useful audit evidence
49. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Audit objective
Parallel testing
Access control
Database administrator (DBA)
50. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be
Hash function
Security administrator
X.25 interface
Source documents