Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Whitebox testing
Source code
Internet
Network hop

2. The ability to map a given activity or event back to the responsible party
ICMP (internet control message protocol)
Trusted processes
Geographic disk mirroring
Accountability

3. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards
Professional competence
Virtual private network (VPN)
Object Management Group (OMG)
Blackbox testing

4. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Record
Modem (modulator-demodulator)
vulnerability
Bypass label processing (BLP)

5. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Digital certificate
Central office (CO)
Gateway
Record; screen and report layouts

6. A tunnelling protocol developed by Cisco Systems to support the creation of VPNs
Mapping
DoS (denial-of-service) attack
Evidence
L2F (Layer 2 forwarding)

7. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Discovery sampling
Audit evidence
Preventive controls
Bridge

8. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Public key cryptosystem
Credit risk
Check digit verification (self-checking digit)
Job control language (JCL)

9. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Non-intrusive monitoring
Risk assessment
Database
Noise

10. The level to which transactions can be traced and audited through a system
Auditability
Smart card
Compensating control
Criteria

11. An eight-digit/seven-bit code representing 128 characters; used in most small computers
Hexadecimal
ASCII (American Standard Code for Information Interchange)
Program narratives
Smart card

12. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
BSP (business service provider)
Limit check
Master file
Foreign exchange risk

13. Changing data with malicious intent before or during input into the system
Downtime report
Certificate Revocation List
Procedure
Data diddling

14. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Abend
Systems development life cycle (SDLC)
Promiscuous mode
Output analyzer

15. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Trap door
Digital signature
Data owner
Internet Engineering Task Force (IETF)

16. A fail-over process; in which all nodes run the same resource group (there can be no IP or MAC addresses in a concurrent resource group) and access the external storage concurrently
Application programming interface (API)
Concurrent access
Bypass label processing (BLP)
Bar code

17. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Centralized data processing
Handprint scanner
BSP (business service provider)
Computer sequence checking

18. The application of an edit; using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format
Objectivity
Format checking
X.500
Hot site

19. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Limit check
LDAP (Lightweight Directory Access Protocol)
Dry-pipe fire extinguisher system
Numeric check

20. Range checks ensure that data fall within a predetermined range (also see limit checks).
Range check
Digital certification
Object Management Group (OMG)
Digital signature

21. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Concurrent access
Fail-over
Certificate authority (CA)
Objectivity

22. A program that takes as input a program written in assembly language and translates it into machine code or relocatable code
Control risk
Audit authority
Assembler
Artificial intelligence

23. Character-at-a-time transmission
Due professional care
legal risk
Software
Asynchronous transmission

24. Relates to the technical and physical features of the computer
Operational risk
Journal entry
Initial program load (IPL)
Hardware

25. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Audit accountability
Application
Private key cryptosystems
E-mail/interpersonal messaging

26. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Half duplex
TACACS+ (terminal access controller access control system plus)
Log
Backup

27. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in
Independent attitude
Performance indicators
Password cracker
Dry-pipe fire extinguisher system

28. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d
Control group
Integrated services digital network (ISDN)
Penetration testing
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

29. An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing
Smart card
Biometrics
PPTP (point-to-point tunneling protocol)
Abend

30. A named collection of related records
Penetration testing
Business impact analysis (BIA)
Budget hierarchy
File

31. Refers to the security aspects supported by the ERP; primarily with regard to the roles or responsibilities and audit trails within the applications
Application security
Database management system (DBMS)
Simple fail-over
UNIX

32. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Anomaly detection
Project sponsor
Proxy server
Data diddling

33. Specifies the format of packets and the addressing scheme
SMTP (Simple Mail Transport Protocol)
IP (Internet protocol)
Abend
Node

34. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Digital certificate
Abend
TCP (transmission control protocol)
Interest rate risk

35. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
SYN (synchronize)
Bulk data transfer
Alpha
Substantive testing

36. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Error
Reputational risk
Test data
Components (as in component-based development)

37. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy
Quick ship
Warm-site
Security management
Virtual private network (VPN)

38. A language; which enables electronic documents that present information that can be connected together by links instead of being presented sequentially; as is the case with normal text.
Hypertext
Public key
Business-to-consumer e-commerce (B2C)
Fail-over

39. The act of giving the idea or impression of being or doing something
Mapping
DNS (domain name system)
Baud rate
Appearance

40. Source lines of code are often used in deriving single-point software-size estimations.
Source lines of code (SLOC)
Certificate authority (CA)
Control group
Taps

41. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Terminal
Range check
System narratives
Piggy backing

42. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
Digital certification
Error
SYN (synchronize)
Object-oriented system development

43. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups
Mapping
Peripherals
Control group
Service provider

44. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Range check
Requirements definition
Sequential file
Control risk self-assessment

45. Error control deviations (compliance testing) or misstatements (substantive testing)
RADIUS (remote authentication dial-in user service)
Error
DNS (domain name system)
Control Objectives for Enterprise Governance

46. A device that forwards packets between LAN devices or segments. LANs that use switches are called switched LANs.
Switch
Audit charter
Asymmetric key (public key)
Baud rate

47. The structure through which the objectives of an organization are set; and the means of attaining those objectives; and determines monitoring performance guidelines. Good corporate governance should provide proper incentives for board and management
Detection risk
Corporate governance
Error
Bar code

48. An automated detail report of computer system activity
Console log
Data structure
Indexed sequential file
Hash total

49. Any information collection mechanism utilized by an intrusion detection system
Monitor
Object-oriented system development
Criteria
System exit

50. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need
UNIX
Feasibility study
Project sponsor
PPTP (point-to-point tunneling protocol)