SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Program narratives
Batch processing
Interface testing
Vulnerability analysis
2. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure
Downtime report
Base case
Public key cryptosystem
Log
3. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key
Private key
Card swipes
Coverage
Application proxy
4. The rules outlining the way in which information is captured and interpreted
Monitoring policy
Data-oriented systems development
Corrective controls
Nonrepudiation
5. A document which defines the IS audit function's responsibility; authority and accountability
Appearance
Security administrator
Dial-in access controls
Audit charter
6. Any intentional violation of the security policy of a system
Application controls
Journal entry
Intrusion
Project team
7. A low-level computer programming language which uses symbolic code and produces machine instructions
Data diddling
Arithmetic-logic unit (ALU)
Materiality
Assembly language
8. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Control weakness
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Outsourcing
Telnet
9. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Audit
Test generators
Data communications
Decentralization
10. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Anomaly
Queue
Passive assault
Modulation
11. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Abend
Symmetric key encryption
Inherent risk
Data leakage
12. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Online data processing
Application programming interface (API)
Ring topology
Cluster controller
13. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Request for proposal (RFP)
Evidence
Data analysis
Digital signature
14. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.
Registration authority (RA)
Bulk data transfer
Database specifications
Signatures
15. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Evidence
Availability
Engagement letter
Independent appearance
16. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Third-party review
Router
Service user
Audit accountability
17. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Components (as in component-based development)
Indexed sequential access method (ISAM)
IP (Internet protocol)
Brouters
18. Applications that detect; prevent and possibly remove all known viruses from files located in a microcomputer hard drive
Run-to-run totals
Antivirus software
Object-oriented system development
Public key cryptosystem
19. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Challenge/response token
Offsite storage
ASP/MSP (application or managed service provider)
Materiality
20. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Card swipes
Salami technique
Batch control
Systems development life cycle (SDLC)
21. The transmission of more than one signal across a physical channel
Multiplexing
Internal control
Source documents
Systems development life cycle (SDLC)
22. A code whose representation is limited to 0 and 1
Binary code
Permanent virtual circuit (PVC)
Inherent risk
Public key cryptosystem
23. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Hypertext
Limit check
Encapsulation (objects)
Inheritance (objects)
24. A computer facility that provides data processing services to clients on a continual basis
Service bureau
Half duplex
Professional competence
Bulk data transfer
25. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Bypass label processing (BLP)
Judgment sampling
Digital certificate
Dial-back
26. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Fiber optic cable
Remote job entry (RJE)
Uninterruptible power supply (UPS)
Intelligent terminal
27. To configure a computer or other network device to resist attacks
Protocol
Biometrics
Harden
Packet filtering
28. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Integrity
Multiplexor
Incremental testing
Parallel testing
29. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Switch
Access control table
Password
Application development review
30. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))
Dial-back
Embedded audit module
Rapid application development
Web Services Description Language (WSDL)
31. A system that authentically distributes users' public keys using certificates
Request for proposal (RFP)
Public key infrastructure
RADIUS (remote authentication dial-in user service)
Utility software
32. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Operational audit
Permanent virtual circuit (PVC)
ICMP (internet control message protocol)
Dry-pipe fire extinguisher system
33. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
price risk
System flowcharts
Integrated services digital network (ISDN)
Hexadecimal
34. A process involving the extraction of components from existing systems and restructuring these components to develop new systems or to enhance the efficiency of existing systems. Existing software systems thus can be modernized to prolong their funct
Reengineering
Service provider
Leased lines
RS-232 interface
35. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Discovery sampling
Application development review
Statistical sampling
Echo checks
36. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.
Cluster controller
Business risk
Real-time analysis
Audit sampling
37. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The
Asymmetric key (public key)
Remote procedure calls (RPCs)
L2F (Layer 2 forwarding)
ASP/MSP (application or managed service provider)
38. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Program narratives
Threat
Reciprocal agreement
Fourth generation language (4GL)
39. The boundary that defines the area of security concern and security policy coverage
Frame relay
Security perimeter
Embedded audit module
Comprehensive audit
40. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in
Hexadecimal
Coupling
Utility software
Database
41. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Repository
Bar code
Bandwidth
Brouters
42. An individual using a terminal; PC or an application can access a network to send an unstructured message to another individual or group of people.
Test generators
Test data
E-mail/interpersonal messaging
Nonrepudiation
43. First; it denotes the planning and management of resources in an enterprise. Second; it denotes a software system that can be used to manage whole business processes; integrating purchasing; inventory; personnel; customer service; shipping; financial
Systems development life cycle (SDLC)
Enterprise resource planning
Application programming
Virus
44. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making
Cohesion
Systems acquisition process
Management information system (MIS)
Star topology
45. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure
Tuple
Operating system audit trails
X.500
Repudiation
46. An edit check designed to ensure the data in a particular field is numeric
Twisted pairs
Numeric check
Data owner
Token
47. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Cathode ray tube (CRT)
Technical infrastructure security
File server
RADIUS (remote authentication dial-in user service)
48. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
Check digit
Magnetic card reader
Masking
Transaction protection
49. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Executable code
Application proxy
Operational control
Threat
50. The transfer of service from an incapacitated primary component to its backup component
Abend
Privacy
Internet
Fail-over
