Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system






2. An attack capturing sensitive pieces of information; such as passwords; passing through the network






3. Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the ca






4. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






5. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas






6. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






7. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.






8. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example






9. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.






10. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links






11. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






12. Also known as traditional development; it is a very procedure-focused development cycle with formal sign-off at the completion of each level.






13. An edit check designed to ensure the data in a particular field is numeric






14. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability






15. Compares data to predefined reasonability limits or occurrence rates established for the data.






16. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






17. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






18. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.






19. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






20. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement






21. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






22. The logical route an end user takes to access computerized information. Typically; it includes a route through the operating system; telecommunications software; selected application software and the access control system.






23. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.






24. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment






25. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o






26. A flag set in a packet to indicate that this packet is the final data packet of the transmission






27. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






28. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






29. A document that confirms the client's and the IS auditor's acceptance of a review assignment






30. An input device that reads characters and images that are printed or painted on a paper form into the computer.






31. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame






32. Inheritance refers to database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy; thus there is no strict hierarchy of objects.






33. The interface between the user and the system






34. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






35. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate






36. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






37. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






38. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






39. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa






40. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.






41. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






42. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






43. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






44. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






45. A method of computer fraud involving a computer code that instructs the computer to slice off small amounts of money from an authorized computer transaction and reroute this amount to the perpetrator's account






46. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing






47. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research






48. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






49. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






50. The logical language a computer understands