SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Ciphertext
Frame relay
Encryption
Variable sampling
2. The organization using the outsourced service
Initial program load (IPL)
Service user
Web Services Description Language (WSDL)
Budget hierarchy
3. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Untrustworthy host
NAT (Network Address Translation)
Bandwidth
Error risk
4. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Strategic risk
Middleware
Interface testing
Pervasive IS controls
5. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
Components (as in component-based development)
Application programming interface (API)
Prototyping
Hierarchical database
6. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Dial-back
Criteria
Discovery sampling
Electronic vaulting
7. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Direct reporting engagement
Intranet
Systems analysis
Transaction log
8. An audit designed to determine the accuracy of financial records and information
Switch
Financial audit
Data flow
Applet
9. A debit or credit to a general ledger account. See also manual journal entry.
Journal entry
Whitebox testing
Prototyping
Memory dump
10. The ability to exercise judgement; express opinions and present recommendations with impartiality
Security policy
Downtime report
Objectivity
Anomaly detection
11. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Control risk self-assessment
Recovery time objective (RTO)
Trojan horse
Cold site
12. Point at which terminals are given access to a network
Baseband
Object Management Group (OMG)
Node
Extended Binary-coded Decimal Interchange Code (EBCDIC)
13. The proportion of known attacks detected by an intrusion detection system
Combined Code on Corporate Governance
False negative
Coverage
Certificate Revocation List
14. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Audit accountability
Useful audit evidence
Client-server
Hub
15. The central database that stores and organizes data
Certificate Revocation List
Tape management system (TMS)
Repository
Payment system
16. Weaknesses in systems that can be exploited in ways that violate security policy
Control weakness
Computer-aided software engineering (CASE)
Vulnerabilities
Fail-safe
17. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
e-commerce
Buffer
Expert systems
Journal entry
18. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Memory dump
Completeness check
Datagram
Access method
19. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Sniff
Packet switching
HTTP (hyper text transfer protocol)
Dial-back
20. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Partitioned file
Noise
Brouters
Detailed IS ontrols
21. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Value-added network (VAN)
UDDI
ASP/MSP (application or managed service provider)
Static analysis
22. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Private key
Harden
TACACS+ (terminal access controller access control system plus)
Information engineering
23. A named collection of related records
Protocol converter
Intrusive monitoring
File
Applet
24. The method used to identify the location of a participant in a network. Ideally; addressing specifies where the participant is located rather than who they are (name) or how to get there (routing).
Fail-over
Control section
Addressing
Range check
25. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Trust
Hardware
Screening routers
Application programming interface (API)
26. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Tuple
IT governance
DMZ (demilitarized zone)
Pervasive IS controls
27. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Encryption key
price risk
Bridge
Ring topology
28. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Value-added network (VAN)
E-mail/interpersonal messaging
Asynchronous Transfer Mode (ATM)
Half duplex
29. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Operational control
FIN (final)
Input controls
Internet Engineering Task Force (IETF)
30. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Online data processing
Rapid application development
Application program
Penetration testing
31. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Centralized data processing
Standing data
Business process reengineering (BPR)
ASP/MSP (application or managed service provider)
32. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'
COSO
Peripherals
Black box testing
Business risk
33. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.
Allocation entry
Gateway
Terminal
Address space
34. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
Virtual private network (VPN)
Audit
Leased lines
Protocol converter
35. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Outsourcing
Cold site
Man-in-the-middle attack
Assembly language
36. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Electronic funds transfer (EFT)
Business impact analysis (BIA)
Database management system (DBMS)
Data flow
37. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Latency
Internet
Operational control
Public key cryptosystem
38. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Card swipes
Intrusive monitoring
Remote procedure calls (RPCs)
Control section
39. The portion of a security policy that states the general process that will be performed to accomplish a security goal
Judgment sampling
Reciprocal agreement
Uninterruptible power supply (UPS)
Procedure
40. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Financial audit
Editing
Transaction protection
COCO
41. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
False negative
Promiscuous mode
Intranet
Address space
42. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Test data
Pervasive IS controls
Batch control
43. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Idle standby
Antivirus software
Request for proposal (RFP)
Microwave transmission
44. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile
Brouters
Partitioned file
Password cracker
Computer-assisted audit technique (CAATs)
45. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Production software
Multiplexor
Local loop
Terminal
46. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Online data processing
Exposure
Data structure
Third-party review
47. The transmission of more than one signal across a physical channel
Multiplexing
Data dictionary
Test data
Nonrepudiable trnasactions
48. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Digital certificate
Audit authority
Anonymity
Reengineering
49. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Switch
Remote job entry (RJE)
Limit check
Uninterruptible power supply (UPS)
50. An eight-bit code representing 256 characters; used in most large computer systems
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Bulk data transfer
Dynamic analysis
Relevant audit evidence
Sorry!:) No result found.
Can you answer 50 questions in 15 minutes?
Let me suggest you:
Browse all subjects
Browse all tests
Most popular tests
Major Subjects
Tests & Exams
AP
CLEP
DSST
GRE
SAT
GMAT
Certifications
CISSP go to https://www.isc2.org/
PMP
ITIL
RHCE
MCTS
More...
IT Skills
Android Programming
Data Modeling
Objective C Programming
Basic Python Programming
Adobe Illustrator
More...
Business Skills
Advertising Techniques
Business Accounting Basics
Business Strategy
Human Resource Management
Marketing Basics
More...
Soft Skills
Body Language
People Skills
Public Speaking
Persuasion
Job Hunting And Resumes
More...
Vocabulary
GRE Vocab
SAT Vocab
TOEFL Essential Vocab
Basic English Words For All
Global Words You Should Know
Business English
More...
Languages
AP German Vocab
AP Latin Vocab
SAT Subject Test: French
Italian Survival
Norwegian Survival
More...
Engineering
Audio Engineering
Computer Science Engineering
Aerospace Engineering
Chemical Engineering
Structural Engineering
More...
Health Sciences
Basic Nursing Skills
Health Science Language Fundamentals
Veterinary Technology Medical Language
Cardiology
Clinical Surgery
More...
English
Grammar Fundamentals
Literary And Rhetorical Vocab
Elements Of Style Vocab
Introduction To English Major
Complete Advanced Sentences
Literature
Homonyms
More...
Math
Algebra Formulas
Basic Arithmetic: Measurements
Metric Conversions
Geometric Properties
Important Math Facts
Number Sense Vocab
Business Math
More...
Other Major Subjects
Science
Economics
History
Law
Performing-arts
Cooking
Logic & Reasoning
Trivia
Browse all subjects
Browse all tests
Most popular tests