SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Those policies and procedures implemented to achieve a related control objective
Degauss
Controls (Control procedures)
Tape management system (TMS)
Exception reports
2. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Nonrepudiation
Parallel testing
Data communications
Cluster controller
3. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca
Systems acquisition process
Operating system audit trails
Integrated services digital network (ISDN)
Dial-back
4. Analysis that is performed in real time or in continuous form
Dynamic analysis
Application programming
Noise
Detection risk
5. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Application layer
Split DNS
SYN (synchronize)
Operational risk
6. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Control section
Teleprocessing
Posting
Range check
7. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.
Compensating control
Batch control
Waterfall development
Private key
8. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Application proxy
Structured Query Language (SQL)
Handprint scanner
Diskless workstations
9. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied
Posting
Detective controls
Network
L2TP (Layer 2 tunneling protocol)
10. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
System narratives
Vulnerabilities
Encryption
Data security
11. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Biometric locks
Salami technique
Audit charter
FTP (file transfer protocol)
12. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
External router
Program narratives
Executable code
13. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.
BSP (business service provider)
Consumer
Mutual takeover
Electronic data interchange (EDI)
14. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Terms of reference
Concurrent access
File server
Fail-safe
15. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Bypass label processing (BLP)
Internal control
Security administrator
Electronic vaulting
16. A sampling technique that estimates the amount of overstatement in an account balance
Monetary unit sampling
Test generators
Application system
Run instructions
17. To configure a computer or other network device to resist attacks
Consumer
Harden
Anomaly
Object code
18. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
Audit accountability
LDAP (Lightweight Directory Access Protocol)
Cross-certification
Strategic risk
19. Data unit that is routed from source to destination in a packet-switched network. A packet contains both routing information and data. Transmission control protocol/Internet protocol (TCP/IP) is such a packet-switched network.
Signatures
Packet
Broadband
Machine language
20. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Nonrepudiation
Bandwidth
Asynchronous transmission
Repudiation
21. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Dynamic analysis
Audit evidence
Initial program load (IPL)
Private key
22. Block-at-a-time data transmission
Numeric check
Synchronous transmission
Reverse engineering
Incremental testing
23. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Ciphertext
Default deny policy
Web page
LDAP (Lightweight Directory Access Protocol)
24. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw
Application security
Components (as in component-based development)
Extensible Markup Language (XML)
Dial-back
25. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Computer-assisted audit technique (CAATs)
Output analyzer
Trusted systems
Hub
26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Telnet
Strategic risk
Cathode ray tube (CRT)
Population
27. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Enterprise resource planning
Handprint scanner
Interface testing
Demodulation
28. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Operational control
Database administrator (DBA)
Confidentiality
29. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
Segregation/separation of duties
Continuous auditing approach
Database specifications
Master file
30. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Audit sampling
Source code compare programs
Sniff
Uninterruptible power supply (UPS)
31. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
ASP/MSP (application or managed service provider)
Data flow
Attribute sampling
Logical access controls
32. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Exposure
Embedded audit module
Masqueraders
Service bureau
33. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.
Sequential file
Control section
Business-to-consumer e-commerce (B2C)
Circuit-switched network
34. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
TACACS+ (terminal access controller access control system plus)
vulnerability
Demodulation
Control objective
35. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
X.25
Partitioned file
System software
Trap door
36. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Partitioned file
Application controls
Star topology
Object code
37. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Base case
Untrustworthy host
Object-oriented system development
Internal penetrators
38. A document that confirms the client's and the IS auditor's acceptance of a review assignment
System narratives
Centralized data processing
Point-of-sale systems (POS)
Terms of reference
39. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain
Appearance of independence
Split data systems
Recovery point objective (RPO)—
Batch processing
40. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
Data structure
Data analysis
Structured programming
Assembly language
41. The boundary defining the scope of control authority for an entity. For example; if a system is within the control perimeter; the right and ability exists to control it in response to an attack.
Shell
Table look-ups
Trusted processes
Control perimeter
42. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
Concurrent access
Virtual private network (VPN)
Combined Code on Corporate Governance
Half duplex
43. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.
Continuity
Embedded audit module
Anonymous File Transfer Protocol (FTP)
Circuit-switched network
44. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Relevant audit evidence
ASCII (American Standard Code for Information Interchange)
Point-of-sale systems (POS)
Application
45. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of
Degauss
Control risk
Rapid application development
Completeness check
46. The area of the central processing unit that performs mathematical and analytical operations
Symmetric key encryption
ASCII (American Standard Code for Information Interchange)
Parallel testing
Arithmetic-logic unit (ALU)
47. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Transaction protection
Static analysis
Datagram
Operating system
48. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Protection domain
Certificate authority (CA)
LDAP (Lightweight Directory Access Protocol)
Rounding down
49. The process of converting an analog telecommunications signal into a digital computer signal
Digital certificate
Hash total
Demodulation
Data dictionary
50. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Database replication
Application program
Card swipes
Demodulation