SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system's level of resilience to seamlessly react from hardware and/or software failure
Public key cryptosystem
Fault tolerance
Data dictionary
Enterprise resource planning
2. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it
Proxy server
Fail-safe
Incremental testing
RFC (request for comments)
3. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Irregularities
Datagram
Telnet
Variable sampling
4. A statement of the position within the organization; including lines of reporting and the rights of access
Audit authority
Piggy backing
Rulebase
Signatures
5. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Cross-certification
Electronic cash
Parallel testing
Data leakage
6. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Point-of-sale systems (POS)
Application system
Job control language (JCL)
Technical infrastructure security
7. The logical language a computer understands
Screening routers
Format checking
Machine language
Network
8. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Management information system (MIS)
Error risk
Audit objective
Split data systems
9. Point-of-sale systems enable capture of data at the time and place of transaction. POS terminals may include use of optical scanners for use with bar codes or magnetic card readers for use with credit cards. POS systems may be online to a central com
Data diddling
Error
Point-of-sale systems (POS)
IDS (intrusion detection system)
10. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Memory dump
Exposure
Hyperlink
Rotating standby
11. Character-at-a-time transmission
Image processing
Statistical sampling
Due care
Asynchronous transmission
12. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Public key cryptosystem
Telecommunications
Backup
Application maintenance review
13. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Local area network (LAN)
Integrity
Network hop
Worm
14. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Bus
Fscal year
Modem (modulator-demodulator)
Trust
15. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
DDoS (distributed denial-of-service) attack
Corrective controls
Internal control structure
UDP (User Datagram Protocol)
16. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy
Trusted processes
Capacity stress testing
Permanent virtual circuit (PVC)
Audit
17. The rules by which a network operates and controls the flow and priority of transmissions
Baud rate
ASP/MSP (application or managed service provider)
Protocol
Card swipes
18. A project management technique used in the planning and control of system projects
Integrity
Active recovery site (mirrored)
Internal storage
Program evaluation and review technique (PERT)
19. Programmed checking of data validity in accordance with predetermined criteria
Validity check
Outsourcing
Asymmetric key (public key)
Rotating standby
20. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Default deny policy
Utility software
Unit testing
Continuous auditing approach
21. Compares data to predefined reasonability limits or occurrence rates established for the data.
Reasonableness check
Appearance
Network administrator
Half duplex
22. A type of password (i.e.; a secret number assigned to an individual) that; in conjunction with some means of identifying the individual; serves to verify the authenticity of the individual. PINs have been adopted by financial institutions as the prim
Systems analysis
Personal identification number (PIN)
Prototyping
Service level agreement (SLA)
23. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Executable code
FIN (final)
Asynchronous Transfer Mode (ATM)
Spoofing
24. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Independence
Materiality
Security testing
Multiplexor
25. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
browser
Offsite storage
Offline files
Data flow
26. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
browser
Remote job entry (RJE)
Security software
Monitor
27. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Check digit verification (self-checking digit)
ISP (Internet service provider)
Open systems
Reputational risk
28. Consists of one or more web pages that may originate at one or more web server computers. A person can view the pages of a website in any order; as he or she would a magazine.
Software
Application implementation review
liquidity risk
Web site
29. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Local area network (LAN)
Mutual takeover
Hub
Accountability
30. Programs that are used to process live or actual data that were received as input into the production environment.
Independent appearance
Coverage
Production programs
Range check
31. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Nonrepudiation
Control section
Privacy
Modem (modulator-demodulator)
32. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Internet
Third-party review
Cold site
Peripherals
33. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers
Editing
Penetration testing
Accountability
Comparison program
34. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source
Operating system
Electronic cash
Applet
Audit trail
35. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is
Expert systems
Multiplexing
Trojan horse
File server
36. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries
Wide area network (WAN)
Vulnerability analysis
Netware
Decentralization
37. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Anomaly detection
Appearance
Attribute sampling
Certificate authority (CA)
38. Error control deviations (compliance testing) or misstatements (substantive testing)
Error
Operator console
Rounding down
RSA
39. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Edit controls
Record
Intrusive monitoring
Business risk
40. The person responsible for maintaining a LAN and assisting end users
Network administrator
Production programs
Token ring topology
Enterprise resource planning
41. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Windows NT
Buffer
Residual risk
Application implementation review
42. A manual or automated log of all updates to data files and databases
Hypertext
Transaction log
Packet
Top-level management
43. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Untrustworthy host
Registration authority (RA)
Universal Description; Discovery and Integration (UDDI)
Application programming
44. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Recovery testing
Privilege
Sampling risk
Executable code
45. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Local loop
Data leakage
RSA
Internet
46. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Substantive testing
System flowcharts
Remote job entry (RJE)
Librarian
47. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Ethernet
Star topology
War dialler
Application acquisition review
48. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.
Spool (simultaneous peripheral operations online)
Trusted systems
Data custodian
RFC (request for comments)
49. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl
Windows NT
Packet switching
Segregation/separation of duties
Foreign exchange risk
50. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
Proxy server
Feasibility study
Cross-certification
Dial-in access controls