Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






2. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






3. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






4. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






5. An organized assembly of resources and procedures required to collect; process and distribute data for use in decision making






6. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






7. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






8. The interface between the user and the system






9. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.






10. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






11. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






12. Risks that could impact the organization's ability to perform business or provide a service. They can be financial; regulatory or control oriented.






13. The standard e-mail protocol on the Internet






14. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key






15. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






16. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






17. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






18. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






19. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






20. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






21. A sampling technique that estimates the amount of overstatement in an account balance






22. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server






23. A language used to control run routines in connection with performing tasks on a computer






24. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






25. Analysis that is performed on a continuous basis; with results gained in time to alter the run-time system






26. Polymorphism refers to database structures that send the same command to different child objects that can produce different results depending on their family hierarchical tree structure.






27. A popular local area network operating system developed by the Novell Corp.






28. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).






29. A program that translates programming language (source code) into machine executable instructions (object code)






30. The ability of end users to design and implement their own information system utilizing computer software products






31. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






32. The practice of eavesdropping on information being transmitted over telecommunications links






33. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






34. In intrusion detection; an error that occurs when a normal activity is misdiagnosed as an attack






35. The level to which transactions can be traced and audited through a system






36. A permanent connection between hosts in a packet switched network






37. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






38. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






39. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






40. The physical layout of how computers are linked together. Examples include ring; star and bus.






41. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






42. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.






43. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






44. A computer program or set of programs that perform the processing of records for a specific function






45. Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services.






46. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






47. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






48. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.






49. A formal agreement with a third party to perform an IS function for an organization






50. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.