Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






2. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






3. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm






4. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






5. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






6. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






7. Specialized system software used to perform particular computerized functions and routines that are frequently required during normal processing. Examples include sorting; backing up and erasing data.






8. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)






9. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files






10. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






11. Analysis that is performed in real time or in continuous form






12. The code used to designate the location of a specific piece of data within computer storage






13. Identified by one central processor and databases that form a distributed processing configuration






14. The rules outlining the way in which information is captured and interpreted






15. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.






16. A connection-based Internet protocol that supports reliable data transfer connections. Packet data is verified using checksums and retransmitted if it is missing or corrupted. The application plays no part in validating the transfer.






17. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






18. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






19. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






20. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






21. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






22. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






23. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






24. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.






25. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






26. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






27. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.






28. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






29. A utility program that combines several separately compiled modules into one; resolving internal references between them






30. Any situation or event that has the potential to harm a system






31. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






32. The quality or state of not being named or identified






33. Confidentiality concerns the protection of sensitive information from unauthorized disclosure






34. Any yearly accounting period without regard to its relationship to a calendar year.






35. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






36. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






37. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






38. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






39. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






40. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






41. The forms used to record data that have been captured. A source document may be a piece of paper; a turnaround document or an image displayed for online data input.






42. The objectives of management that are used as the framework for developing and implementing controls (control procedures).






43. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






44. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






45. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






46. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key






47. Programs that are used to process live or actual data that were received as input into the production environment.






48. The act or function of developing and maintaining applications programs in production






49. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






50. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul







Sorry!:) No result found.

Can you answer 50 questions in 15 minutes?


Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests