SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
Mapping
Run-to-run totals
Middleware
Brute force
2. A data recovery strategy that includes a recovery from complete backups that are physically shipped off site once a week. Specifically; logs are batched electronically several times daily; and then loaded into a tape library located at the same facil
Certificate authority (CA)
Bulk data transfer
Object orientation
Memory dump
3. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being
Brute force
Buffer
Data custodian
System flowcharts
4. A flag set in a packet to indicate that this packet is the final data packet of the transmission
COSO
Internal control
FIN (final)
Format checking
5. The outward impression of being self-governing and free from conflict of interest and undue influence
ASP/MSP (application or managed service provider)
Independent appearance
Anomaly
Real-time processing
6. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Certificate authority (CA)
Statistical sampling
Reputational risk
Topology
7. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Private key cryptosystems
Budget
Decentralization
COSO
8. The art of designing; analyzing and attacking cryptographic schemes
Confidentiality
Cryptography
Intrusive monitoring
Rootkit
9. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Demodulation
COBIT
Duplex routing
Risk
10. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Regression testing
FTP (file transfer protocol)
Tcpdump
Judgment sampling
11. Programmed checking of data validity in accordance with predetermined criteria
Simple fail-over
Validity check
RS-232 interface
LDAP (Lightweight Directory Access Protocol)
12. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Link editor (linkage editor)
RFC (request for comments)
Detection risk
Hyperlink
13. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus
Reasonableness check
Message switching
e-commerce
Intrusion detection
14. A computer program that enables the user to retrieve information that has been made publicly available on the Internet; also; that permits multimedia (graphics) applications on the World Wide Web
Audit objective
browser
Passive response
Continuous auditing approach
15. A system software tool that logs; monitors and directs computer tape usage
Audit risk
Tape management system (TMS)
Enterprise resource planning
Bulk data transfer
16. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a
Active response
Executable code
Cluster controller
Repudiation
17. The risk of errors occurring in the area being audited
IPSec (Internet protocol security)
Blackbox testing
Reengineering
Error risk
18. An interface point between the CPU and a peripheral device
Adjusting period
Scheduling
Access control table
Port
19. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
File
Service user
Function point analysis
Utility software
20. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).
Vulnerabilities
Redo logs
Logs/Log file
Top-level management
21. A test to check the system's ability to recover after a software or hardware failure
Recovery testing
Access path
Privacy
Vulnerability analysis
22. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes
Data leakage
Web page
Token
Dry-pipe fire extinguisher system
23. Devices that perform the functions of both bridges and routers; are called brouters. Naturally; they operate at both the data link and the network layers. A brouter connects same data link type LAN segments as well as different data link ones; which
Uninterruptible power supply (UPS)
False negative
Application programming interface (API)
Brouters
24. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for
HTTP (hyper text transfer protocol)
Detailed IS ontrols
Baseband
Fourth generation language (4GL)
25. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Dynamic analysis
Incremental testing
business process integrity
Detective controls
26. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Misuse detection
Internal control
Hexadecimal
Node
27. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Operating system
System software
Useful audit evidence
Data flow
28. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Hash total
Communications controller
Half duplex
IDS (intrusion detection system)
29. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Cross-certification
Bar case
Confidentiality
Reasonableness check
30. Software packages that sequentially dial telephone numbers; recording any numbers that answer
Vulnerabilities
Dynamic analysis
Source code
War dialler
31. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
ACK (acknowledgement)
Broadband
Leased lines
Token ring topology
32. Impartial point of view which allows the IS auditor to act objectively and with fairness
Program narratives
Independent attitude
Continuity
Trust
33. The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all the others. The beauty of replication is th
Protocol stack
Due professional care
Central office (CO)
Database replication
34. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Request for proposal (RFP)
Cohesion
Assembler
Data communications
35. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Fourth generation language (4GL)
Data flow
Distributed data processing network
Reverse engineering
36. A system of interconnected computers and the communications equipment used to connect them
TACACS+ (terminal access controller access control system plus)
Middleware
Sequential file
Network
37. In broadband; multiple channels are formed by dividing the transmission medium into discrete frequency segments. It generally requires the use of a modem.
Output analyzer
Default deny policy
Broadband
Source code compare programs
38. The process of transmitting messages in convenient pieces that can be reassembled at the destination
Numeric check
Relevant audit evidence
Passive assault
Packet switching
39. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Audit plan
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
System narratives
Firewall
40. Block-at-a-time data transmission
Static analysis
Worm
System software
Synchronous transmission
41. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Demodulation
Biometrics
Certificate Revocation List
Data communications
42. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Substantive testing
Multiplexor
Continuous auditing approach
Anomaly
43. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Attribute sampling
Integrated services digital network (ISDN)
Baud rate
L2F (Layer 2 forwarding)
44. Checks that data are entered correctly
Log
Verification
Librarian
Decentralization
45. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.
RSA
Rootkit
Application development review
Circuit-switched network
46. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.
Distributed data processing network
Relevant audit evidence
Brouters
Comprehensive audit
47. Commonly it is the network segment between the Internet and a private network. It allows access to services from the Internet and the internal private network; while denying access from the Internet directly to the private network.
Voice mail
Communications controller
DMZ (demilitarized zone)
Data-oriented systems development
48. The level of trust with which a system object is imbued
Control perimeter
Biometric locks
Privilege
Protocol stack
49. A mathematical expression used to calculate budget amounts based on actual results; other budget amounts and statistics. With budget formulas; budgets using complex equations; calculations and allocations can be automatically created.
Budget formula
Application programming interface (API)
Untrustworthy host
DNS (domain name system)
50. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Pervasive IS controls
Local loop
Remote job entry (RJE)
Sequence check
