Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Editing
Simple Object Access Protocol (SOAP)
Coaxial cable
Monitoring policy

2. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Audit expert systems
Open systems
Performance indicators
Mutual takeover

3. A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population
Intrusion detection
Applet
DMZ (demilitarized zone)
Discovery sampling

4. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Service user
Password cracker
Multiplexor
Application system

5. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct
Internet packet (IP) spoofing
Vaccine
Reengineering
Operating system

6. The ability to map a given activity or event back to the responsible party
Procedure
Accountability
Data custodian
Gateway

7. The standards and benchmarks used to measure and present the subject matter and against which the IS auditor evaluates the subject matter. Criteria should be: Objective—free from bias Measurable—provide for consistent measurement Complete—include all
Hypertext
Man-in-the-middle attack
Object Management Group (OMG)
Criteria

8. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Honey pot
Independent appearance
Web site
Computer server

9. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Bulk data transfer
Subject matter (Area of activity)
Coupling
Risk

10. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Logoff
Leased lines
File layout
Intrusion

11. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.
Twisted pairs
Public key
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Generalized audit software

12. Way of thinking; behaving; feeling; etc.
Control risk
Attitude
Remote procedure calls (RPCs)
Passive response

13. Any yearly accounting period without regard to its relationship to a calendar year.
Inherent risk
Application program
Fscal year
Trusted processes

14. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
Tape management system (TMS)
Combined Code on Corporate Governance
Limit check
Production programs

15. A series of steps to complete an audit objective
Client-server
Dry-pipe fire extinguisher system
Compensating control
Audit program

16. The person responsible for maintaining a LAN and assisting end users
Control perimeter
Protection domain
ASCII (American Standard Code for Information Interchange)
Network administrator

17. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.
Security software
Run-to-run totals
Corrective controls
Request for proposal (RFP)

18. A fail-over process; which is basically a two-way idle standby: two servers are configured so that both can take over the other node's resource group. Both must have enough CPU power to run both applications with sufficient speed; or performance loss
Internet Engineering Task Force (IETF)
Geographic disk mirroring
Mutual takeover
Electronic data interchange (EDI)

19. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Local loop
Parity check
Service level agreement (SLA)
Run-to-run totals

20. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
ASP/MSP (application or managed service provider)
Capacity stress testing
False negative
Circular routing

21. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Integrated services digital network (ISDN)
Executable code
Decryption key
Router

22. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Protocol stack
Range check
Integrated services digital network (ISDN)
Vulnerabilities

23. The quality or state of not being named or identified
Fourth generation language (4GL)
Professional competence
Anonymity
Data flow

24. The risk of errors occurring in the area being audited
Automated teller machine (ATM)
Error risk
Web page
Piggy backing

25. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Third-party review
Batch processing
Unit testing
Windows NT

26. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Simple Object Access Protocol (SOAP)
Token ring topology
Worm
Control risk self-assessment

27. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.
Sniff
Dynamic analysis
Machine language
Capacity stress testing

28. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Terms of reference
Feasibility study
Challenge/response token
FIN (final)

29. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
Object code
Normalization
Numeric check
Baseband

30. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
COBIT
Verification
Digital certification
Trust

31. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
System software
Idle standby
Latency
Leased lines

32. Faking the sending address of a transmission in order to gain illegal entry into a secure system
Security perimeter
Token ring topology
Spoofing
Coaxial cable

33. The code used to designate the location of a specific piece of data within computer storage
Hacker
Hexadecimal
Audit charter
Address

34. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Rotating standby
Address space
Trusted systems
Recovery time objective (RTO)

35. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Input controls
Exception reports
Systems analysis
Registration authority (RA)

36. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
General computer controls
Structured programming
Active response
Teleprocessing

37. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
Public key cryptosystem
Top-level management
Parity check
HTTP (hyper text transfer protocol)

38. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances
Local loop
Service user
Due professional care
Data owner

39. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Warm-site
Database replication
Data dictionary
Reciprocal agreement

40. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Anomaly detection
Remote job entry (RJE)
Untrustworthy host
Master file

41. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Application programming interface (API)
Offline files
Active recovery site (mirrored)
Materiality

42. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs
Duplex routing
Misuse detection
Trap door
Operating system audit trails

43. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Active recovery site (mirrored)
Fourth generation language (4GL)
Program flowcharts
Run-to-run totals

44. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Sniffing
Access control table
Reasonable assurance
Assembler

45. A system that authentically distributes users' public keys using certificates
Rounding down
Modem (modulator-demodulator)
Rapid application development
Public key infrastructure

46. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Data owner
Operational audit
Automated teller machine (ATM)
Addressing

47. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.
Budget organization
Concurrent access
Detective controls
Program evaluation and review technique (PERT)

48. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Application program
Combined Code on Corporate Governance
Reliable audit evidence
Applet

49. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Private key
Trusted systems
Audit accountability
Tuple

50. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Executable code
Coaxial cable
Audit sampling
ICMP (internet control message protocol)