SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Business impact analysis (BIA)
Management information system (MIS)
Pervasive IS controls
Bar case
2. The art of designing; analyzing and attacking cryptographic schemes
Top-level management
Cryptography
Interest rate risk
Prototyping
3. A procedure designed to ensure that no fields are missing from a record
Decryption key
Completeness check
Ethernet
Worm
4. Modern expression for organizational development stemming from IS/IT impacts. The ultimate goal of BPR is to yield a better performing structure; more responsive to the customer base and market conditions; while yielding material cost savings. To ree
Continuous auditing approach
PPP (point-to-point protocol)
Business process reengineering (BPR)
Fourth generation language (4GL)
5. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
PPTP (point-to-point tunneling protocol)
Non-intrusive monitoring
Bus
Proxy server
6. A system development methodology that is organised around ''objects'' rather than ''actions;' and 'data ' rather than 'logic.' Object-oriented analysis is an assessment of a physical system to determine which objects in the real world need to be repr
Registration authority (RA)
Enterprise governance
Object-oriented system development
Transaction protection
7. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si
Transaction log
System software
Router
X.500
8. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Packet
Control objective
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Master file
9. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed
Content filtering
Independent attitude
Allocation entry
Decentralization
10. A low-level computer programming language which uses symbolic code and produces machine instructions
Trusted systems
Privacy
Encryption key
Assembly language
11. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Continuous auditing approach
Token
Internet Inter-ORB Protocol (IIOP)
Cross-certification
12. Weaknesses in systems that can be exploited in ways that violate security policy
Node
ASCII (American Standard Code for Information Interchange)
RSA
Vulnerabilities
13. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action
Passive response
Teleprocessing
Audit charter
Cold site
14. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
FTP (file transfer protocol)
Program narratives
Service provider
Port
15. To record details of information or events in an organized record-keeping system; usually sequenced in the order they occurred
Operator console
Log
Point-of-presence (POP)
System flowcharts
16. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)
Attribute sampling
System narratives
Sequence check
Token
17. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi
Access control
Penetration testing
PPTP (point-to-point tunneling protocol)
Multiplexor
18. The person responsible for maintaining a LAN and assisting end users
Random access memory (RAM)
Network administrator
Token ring topology
Source documents
19. The central database that stores and organizes data
FIN (final)
Intrusive monitoring
Repository
Trusted systems
20. A protocol for packet-switching networks
ASP/MSP (application or managed service provider)
Corporate exchange rate
vulnerability
X.25
21. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Rapid application development
Bandwidth
Central office (CO)
Monetary unit sampling
22. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996
Direct reporting engagement
vulnerability
COBIT
Security software
23. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Run instructions
Materiality
War dialler
Hub
24. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Object code
Hacker
Default deny policy
Reputational risk
25. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Finger
Editing
Real-time analysis
Initial program load (IPL)
26. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Central processing unit (CPU)
Components (as in component-based development)
Web site
Database administrator (DBA)
27. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.
Plaintext
Protocol
Fail-over
Latency
28. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
Multiplexing
Screening routers
IT governance
War dialler
29. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Security perimeter
Continuous auditing approach
Bandwidth
Anonymity
30. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Audit trail
Uploading
Relevant audit evidence
Hyperlink
31. A data transmission service requiring the establishment of a circuit-switched connection before data can be transferred from source data terminal equipment (DTE) to a sink DTE. A circuit-switched data transmission service uses a connection network.
Data communications
Circuit-switched network
Redo logs
Program flowcharts
32. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Single point of failure
L2TP (Layer 2 tunneling protocol)
Black box testing
Objectivity
33. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Corporate exchange rate
Service user
Star topology
Reverse engineering
34. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit
Confidentiality
Masqueraders
Check digit verification (self-checking digit)
Electronic vaulting
35. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
Credentialed analysis
Penetration testing
Benchmark
Application development review
36. Refers to the processes by which organisations conduct business electronically with their customers and or public at large using the Internet as the enabling technology.
Risk assessment
DMZ (demilitarized zone)
Business-to-consumer e-commerce (B2C)
Mapping
37. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
SYN (synchronize)
Leased lines
Windows NT
Packet switching
38. Group of people responsible for a project; whose terms of reference may include the development; acquisition; implementation or maintenance of an application system. The team members may include line management; operational line staff; external contr
Ring topology
Project team
Virtual private network (VPN)
Spoofing
39. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Web page
Electronic vaulting
Abend
Voice mail
40. The quality or state of not being named or identified
Mapping
Business-to-consumer e-commerce (B2C)
Anonymity
Adjusting period
41. The transfer of service from an incapacitated primary component to its backup component
Scure socket layer (SSL)
Fail-over
Hash function
Default deny policy
42. An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal
Vulnerabilities
Active recovery site (mirrored)
Real-time processing
Static analysis
43. A set of protocols developed by the IETF to support the secure exchange of packets
Fail-safe
IPSec (Internet protocol security)
RADIUS (remote authentication dial-in user service)
Editing
44. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Audit plan
Internet
Log
45. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.
X.25 interface
Sufficient audit evidence
Brute force
Combined Code on Corporate Governance
46. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)
Optical character recognition
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)
Network
Worm
47. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Operating system audit trails
Transaction protection
Due professional care
browser
48. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
Datagram
Packet switching
Abend
Direct reporting engagement
49. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Internal penetrators
Abend
Input controls
Surge suppressor
50. An independent audit of the control structure of a service organization; such as a service bureau; with the objective of providing assurances to the users of the service organization that the internal control structure is adequate; effective and soun
Third-party review
Fiber optic cable
Rotating standby
Cadbury