Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.






2. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.






3. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






4. An individual who attempts to gain unauthorized access to a computer system






5. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






6. Checks the accuracy of the results produced by a test run. There are three types of checks that an output analyzer can perform. First; if a standard set of test data and test results exists for a program; the output of a test run after program mainte






7. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






8. The act of transferring computerized information from one computer to another computer






9. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






10. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






11. The standard e-mail protocol on the Internet






12. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






13. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






14. The organization using the outsourced service






15. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver






16. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






17. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






18. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec






19. The practice of eavesdropping on information being transmitted over telecommunications links






20. A database structured in a tree/root or parent/child relationship. Each parent can have many children; but each child may have only one parent.






21. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






22. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






23. A testing technique that is used to evaluate output from one application; while the information is sent as input to another application






24. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






25. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






26. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






27. A named collection of related records






28. Checks that data are entered correctly






29. A condition in which each of an organization's regional locations maintains its own financial and operational data while sharing processing with an organizationwide; centralized database. This permits easy sharing of data while maintaining a certain






30. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found






31. The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another.






32. Used to enable remote access to a server computer. Commands typed are run on the remote server.






33. The transmission of job control language (JCL) and batches of transactions from a remote terminal location






34. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate






35. An authentication protocol; often used by remote-access servers






36. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






37. (remote authentication dial-in user service)






38. The area of the central processing unit that performs mathematical and analytical operations






39. A journal entry entered at a computer terminal. Manual journal entries can include regular; statistical; inter-company and foreign currency entries






40. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






41. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities






42. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure






43. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.






44. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






45. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






46. Data-oriented development techniques that work on the premise that data are at the center of information processing and that certain data relationships are significant to a business and must be represented in the data structure of its systems






47. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






48. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






49. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






50. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.