Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A third party that provides organizations with a variety of Internet; and Internet-related services






2. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.






3. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






4. A type of service providing an authentication and accounting system often used for dial-up and remote access security






5. Memory chips with embedded program code that hold their content when power is turned off






6. A document which defines the IS audit function's responsibility; authority and accountability






7. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed






8. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






9. Any intentional violation of the security policy of a system






10. Deliberately testing only the value-added functionality of a software component






11. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa






12. A sampling technique that estimates the amount of overstatement in an account balance






13. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






14. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






15. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






16. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers






17. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance






18. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.






19. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






20. The password used to gain access when a system is first installed on a computer or network device. There is a large list published on the Internet and maintained at several locations. Failure to change these after the installation leaves the system v






21. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






22. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






23. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






24. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






25. Controls over the business processes that are supported by the ERP






26. The risk that activities will include deliberate circumvention of controls with the intent to conceal the perpetuation of irregularities. The unauthorized use of assets or services and abetting or helping to conceal.






27. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






28. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






29. The rules outlining the way in which information is captured and interpreted






30. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






31. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






32. The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents; including invoices or purchase orders.






33. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






34. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






35. Programs that are used to process live or actual data that were received as input into the production environment.






36. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal






37. The main memory of the computer's central processing unit






38. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree






39. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






40. The portion of a security policy that states the general process that will be performed to accomplish a security goal






41. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.






42. The act or function of developing and maintaining applications programs in production






43. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






44. A formal agreement with a third party to perform an IS function for an organization






45. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






46. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)






47. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers






48. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






49. Describes the design properties of a computer system that allow it to resist active attempts to attack or bypass it






50. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.