Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A code whose representation is limited to 0 and 1
DoS (denial-of-service) attack
Binary code
Batch processing
Frame relay

2. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Masqueraders
System testing
Data leakage
False positive

3. A system software tool that logs; monitors and directs computer tape usage
Queue
Finger
Tape management system (TMS)
Microwave transmission

4. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.
Budget
Parallel simulation
Checkpoint restart procedures
Software

5. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing
Discovery sampling
Scheduling
Inheritance (objects)
Sequence check

6. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
Pervasive IS controls
Data flow
Indexed sequential file
System narratives

7. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
System flowcharts
Payment system
Cohesion
Production programs

8. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations
Cathode ray tube (CRT)
Operator console
Integrity
Sufficient audit evidence

9. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Systems development life cycle (SDLC)
Source code
Job control language (JCL)
Sequential file

10. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Packet switching
Warm-site
Packet filtering
Prototyping

11. A device used for combining several lower-speed channels into a higher-speed channel
Regression testing
Criteria
Authentication
Multiplexor

12. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Gateway
Interest rate risk
Transaction protection
Active response

13. A manual or automated log of all updates to data files and databases
Single point of failure
Network administrator
Transaction log
Terms of reference

14. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Diskless workstations
ASP/MSP (application or managed service provider)
Check digit
Magnetic card reader

15. The machine language code that is generally referred to as the object or load module
Frame relay
Full duplex
Executable code
Rulebase

16. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
COBIT
Parity check
Batch processing
ASCII (American Standard Code for Information Interchange)

17. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Public key
Transaction protection
Internal storage
Bypass label processing (BLP)

18. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Web site
world wide web (WWW)
Polymorphism (objects)
Intelligent terminal

19. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied
Posting
Hub
SYN (synchronize)
Monetary unit sampling

20. Range checks ensure that data fall within a predetermined range (also see limit checks).
System testing
Attitude
IP (Internet protocol)
Range check

21. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.
Error
Comparison program
Machine language
vulnerability

22. Freedom from unauthorized intrusion
Credit risk
Ethernet
Privacy
Continuous auditing approach

23. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Promiscuous mode
Cross-certification
Indexed sequential access method (ISAM)
Objectivity

24. Transactions that cannot be denied after the fact
Nonrepudiable trnasactions
Requirements definition
World Wide Web Consortium (W3C)
Audit risk

25. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti
Information processing facility (IPF)
Business risk
Salami technique
Appearance of independence

26. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements
Application software tracing and mapping
Application programming
Operational audit
Node

27. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account
Voice mail
Application
Residual risk
ASP/MSP (application or managed service provider)

28. Controls over the business processes that are supported by the ERP
Dry-pipe fire extinguisher system
Dial-in access controls
business process integrity
Trap door

29. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Symmetric key encryption
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Comparison program
Surge suppressor

30. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.
Electronic cash
RSA
Packet
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

31. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Corporate exchange rate
Central processing unit (CPU)
Active recovery site (mirrored)
Public key infrastructure

32. A version of the Windows operating system that supports preemptive multitasking
Uploading
Magnetic card reader
Access rights
Windows NT

33. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Trust
Computer server
Intrusion detection
Taps

34. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
RS-232 interface
Anonymous File Transfer Protocol (FTP)
Computer server
Management information system (MIS)

35. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher
Automated teller machine (ATM)
Ciphertext
Baud rate
Business-to-consumer e-commerce (B2C)

36. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Backup
Independence
Interface testing
Input controls

37. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
Internal storage
Integrity
implementation life cycle review
Digital certificate

38. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
Access method
Credentialed analysis
Decryption key
world wide web (WWW)

39. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.
Hardware
Reciprocal agreement
Error risk
Audit sampling

40. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
L2F (Layer 2 forwarding)
Sniff
Content filtering
RADIUS

41. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Rapid application development
Authentication
Signatures
Reputational risk

42. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Program flowcharts
Computer server
Circuit-switched network
Nonrepudiation

43. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
Sampling risk
Downtime report
Promiscuous mode
Security testing

44. The boundary that defines the area of security concern and security policy coverage
Relevant audit evidence
Anonymity
Operator console
Security perimeter

45. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount
Anonymous File Transfer Protocol (FTP)
Hardware
Man-in-the-middle attack
Variable sampling

46. A computer facility that provides data processing services to clients on a continual basis
Downloading
Service bureau
virtual organizations
Monitoring policy

47. The ability of end users to design and implement their own information system utilizing computer software products
Transaction log
End-user computing
Open systems
Integrity

48. The list of rules and/or guidance that is used to analyze event data
Memory dump
Bypass label processing (BLP)
Rulebase
Substantive testing

49. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.
Simple fail-over
Security policy
Regression testing
System testing

50. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Program flowcharts
Security/transaction risk
Decryption
Digital certificate