SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Intrusion detection
Direct reporting engagement
Operating system audit trails
Audit evidence
2. The assurance that a party cannot later deny originating data; that it is the provision of proof of the integrity and origin of the data which can be verified by a third party. Nonrepudiation may be provided by a digital signature.
Misuse detection
Twisted pairs
Telecommunications
Nonrepudiation
3. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Data analysis
Components (as in component-based development)
Warm-site
Verification
4. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Geographic disk mirroring
Shell
Evidence
Data custodian
5. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application
Uninterruptible power supply (UPS)
Monitor
Detective controls
Interface testing
6. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.
Audit
Baseband
Trusted processes
System narratives
7. A measurement of the point prior to an outage to which data are to be restored
System narratives
Components (as in component-based development)
Analog
Recovery point objective (RPO)—
8. A utility program that combines several separately compiled modules into one; resolving internal references between them
Communications controller
Telecommunications
Link editor (linkage editor)
Mapping
9. The use of alphabetic characters or an alphabetic character string
Anonymity
LDAP (Lightweight Directory Access Protocol)
Alpha
Variable sampling
10. A version of the Windows operating system that supports preemptive multitasking
Bar case
Capacity stress testing
Cohesion
Windows NT
11. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
IDS (intrusion detection system)
Transaction protection
Ring topology
Nonrepudiation
12. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Service provider
Application programming interface (API)
Database administrator (DBA)
Application implementation review
13. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
X.25
Network hop
Data analysis
Table look-ups
14. The physical layout of how computers are linked together. Examples include ring; star and bus.
Privilege
Topology
Systems acquisition process
Signatures
15. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Error
Node
Parity check
DoS (denial-of-service) attack
16. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Hexadecimal
Application software tracing and mapping
Masking
Local area network (LAN)
17. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as
Universal Description; Discovery and Integration (UDDI)
Polymorphism (objects)
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Token ring topology
18. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.
Voice mail
Repudiation
Technical infrastructure security
Internal control structure
19. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Masqueraders
Internal control
Communications controller
Geographic disk mirroring
20. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Fail-safe
browser
Man-in-the-middle attack
Full duplex
21. A packet-switched wide-area-network technology that provides faster performance than older packet-switched WAN technologies such as X.25 networks; because it was designed for today's reliable circuits and performs less rigorous error detection. Frame
Objectivity
Frame relay
Protocol
Logoff
22. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Rulebase
Database administrator (DBA)
Diskless workstations
Full duplex
23. Any information collection mechanism utilized by an intrusion detection system
Substantive testing
Monitor
Encryption
Trojan horse
24. Formal document which defines the IS auditor's responsibility; authority and accountability for a specific assignment
Node
Engagement letter
Local loop
Computer sequence checking
25. A storage facility located away from the building housing the primary information processing facility (IPF); used for storage of computer media such as offline backup data and storage files
Content filtering
Security software
Offsite storage
Offline files
26. Permanent reference data used in transaction processing. These data are changed infrequently; such as a product price file or a name and address file.
X.500
Procedure
Standing data
Handprint scanner
27. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Audit program
Service level agreement (SLA)
Trust
Components (as in component-based development)
28. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem
Brouters
Budget organization
Rulebase
Symmetric key encryption
29. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component
Unit testing
Components (as in component-based development)
Audit expert systems
Exposure
30. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Single point of failure
e-commerce
Encryption key
Telecommunications
31. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).
Data diddling
Audit objective
Audit
Computer server
32. Test data are processed in production systems. The data usually represent a set of fictitious entities such as departments; customers and products. Output reports are verified to confirm the correctness of the processing.
Public key infrastructure
Integrated test facilities (ITF)
Embedded audit module
Record; screen and report layouts
33. Specifies the format of packets and the addressing scheme
IP (Internet protocol)
Application maintenance review
Encryption key
Privacy
34. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system
Rootkit
Outsourcing
Address space
Tcpdump
35. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra
Decryption key
Interest rate risk
Database management system (DBMS)
Distributed data processing network
36. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Service bureau
Cluster controller
Financial audit
Web Services Description Language (WSDL)
37. ATM is a high-bandwidth low-delay switching and multiplexing technology. It is a data link layer protocol. This means that it is a protocol-independent transport mechanism. ATM allows integration of real-time voice and video as well as data. ATM allo
Reasonableness check
Simple fail-over
Audit trail
Asynchronous Transfer Mode (ATM)
38. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Business-to-consumer e-commerce (B2C)
Object-oriented system development
Source code
Masking
39. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Private key cryptosystems
browser
Adjusting period
Test generators
40. A third party that provides organizations with a variety of Internet; and Internet-related services
Security policy
Audit authority
ISP (Internet service provider)
Computer-aided software engineering (CASE)
41. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b
Twisted pairs
HTTPS (hyper text transfer protocol secure)
Ring topology
Reputational risk
42. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o
Continuity
Memory dump
Salami technique
LDAP (Lightweight Directory Access Protocol)
43. Used to ensure that input data agree with predetermined criteria stored in a table
Table look-ups
Enterprise governance
Fail-safe
Personal identification number (PIN)
44. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Automated teller machine (ATM)
Benchmark
Repudiation
Business-to-consumer e-commerce (B2C)
45. A protocol originally developed by Netscape Communications to provide a high level of security for its browser software. It has become accepted widely as a means of securing Internet message exchanges. It ensures confidentiality of the data in transm
Modem (modulator-demodulator)
Scure socket layer (SSL)
Digital certification
Limit check
46. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Interface testing
Third-party review
Object orientation
Normalization
47. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint
Audit objective
Benchmark
Corrective controls
Biometrics
48. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Brute force
Intelligent terminal
Budget formula
Masking
49. The roles; scope and objectives documented in the service level agreement between management and audit
Monitoring policy
Backup
Audit responsibility
Active response
50. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Demodulation
Systems analysis
Latency
Comprehensive audit