Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Audit program
Data structure
Worm
Editing

2. Typically in large organisations where the quantum of data processed by the ERPs are extremely voluminous; analysis of patterns and trends prove to be extremely useful in ascertaining the efficiency and effectiveness of operations. Most ERPs provide
FTP (file transfer protocol)
Data analysis
Fourth generation language (4GL)
Operational risk

3. A technique of reading a computer file while bypassing the internal file/data set label. This process could result in bypassing of the security access control system.
Application program
Bypass label processing (BLP)
Internal storage
Piggy backing

4. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Peripherals
Terms of reference
Decentralization
Objectivity

5. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
Alpha
Challenge/response token
Embedded audit module
Tcpdump

6. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of
legal risk
Continuous auditing approach
Production software
Application programming interface (API)

7. The individual responsible for the safeguard and maintenance of all program and data files
Internet Engineering Task Force (IETF)
Magnetic ink character recognition (MICR)
X.25 interface
Librarian

8. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules
Internet Inter-ORB Protocol (IIOP)
Dial-in access controls
Auditability
Tcpdump

9. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Link editor (linkage editor)
Signatures
Corporate exchange rate
Public key

10. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Inherent risk
Latency
Compensating control
Access rights

11. Considered for acquisition the person responsible for high-level decisions; such as changes to the scope and/or budget of the project; and whether or not to implement
Performance testing
Diskless workstations
Project sponsor
Tape management system (TMS)

12. The logical language a computer understands
Application layer
Integrity
Service level agreement (SLA)
Machine language

13. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity
Indexed sequential access method (ISAM)
Trust
False negative
HTTP (hyper text transfer protocol)

14. Estimated cost and revenue amounts for a given range of periods and set of books. There can be multiple budget versions for the same set of books.
Mutual takeover
Audit charter
Engagement letter
Budget

15. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Integrated services digital network (ISDN)
Detailed IS ontrols
Uninterruptible power supply (UPS)
Intrusive monitoring

16. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Repudiation
Regression testing
Asymmetric key (public key)
Encapsulation (objects)

17. A fail-over process in which there are two nodes (as in idle standby but without priority). The node that enters the cluster first owns the resource group; and the second will join as a standby node.
Digital certificate
Trust
Audit expert systems
Rotating standby

18. The process of distributing computer processing to different locations within an organization
Topology
Simple Object Access Protocol (SOAP)
Voice mail
Decentralization

19. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Distributed data processing network
Terms of reference
Concurrent access
Due professional care

20. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Check digit
Detection risk
Hardware
Control risk self-assessment

21. An automated detail report of computer system activity
Test generators
Program narratives
Variable sampling
Console log

22. The procedures established to purchase application software; or an upgrade; including evaluation of the supplier's financial stability; track record; resources and references from existing customers
Application system
Systems acquisition process
Operating system
Application programming

23. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res
L2F (Layer 2 forwarding)
Audit plan
Compiler
Sampling risk

24. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Information processing facility (IPF)
Application program
Residual risk
Administrative controls

25. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Security testing
Ring topology
Executable code
Half duplex

26. Comparing the system's performance to other equivalent systems using well defined benchmarks
Operating system
Cleartext
Audit charter
Performance testing

27. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Computer-assisted audit technique (CAATs)
Dynamic analysis
World Wide Web Consortium (W3C)
Password cracker

28. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems
LDAP (Lightweight Directory Access Protocol)
Security testing
Electronic vaulting
Variable sampling

29. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
TCP (transmission control protocol)
Controls (Control procedures)
Dial-in access controls
e-commerce

30. A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations
Packet switching
Information processing facility (IPF)
Microwave transmission
E-mail/interpersonal messaging

31. Detects transmission errors by appending calculated bits onto the end of each segment of data
Middleware
Hash total
Redundancy check
Passive response

32. The machine language code that is generally referred to as the object or load module
Executable code
Budget formula
Materiality
Numeric check

33. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
Modem (modulator-demodulator)
Data integrity
File layout
Cleartext

34. Transactions that cannot be denied after the fact
Open systems
Object-oriented system development
Nonrepudiable trnasactions
Cathode ray tube (CRT)

35. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Professional competence
Shell
Concurrent access
Logs/Log file

36. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Access rights
Input controls
Application software tracing and mapping
Microwave transmission

37. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Rulebase
Salami technique
Intrusive monitoring

38. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Compliance testing
Monitor
Taps
Parity check

39. A code whose representation is limited to 0 and 1
E-mail/interpersonal messaging
Encryption
Subject matter (Area of activity)
Binary code

40. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction
Optical scanner
Master file
Reciprocal agreement
Initial program load (IPL)

41. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Packet filtering
Object code
Passive response
Partitioned file

42. A device that connects two similar networks together
Threat
Bridge
Integrated test facilities (ITF)
Librarian

43. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
Signatures
Request for proposal (RFP)
Information engineering
Automated teller machine (ATM)

44. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Control section
Systems development life cycle (SDLC)
Alpha
Hexadecimal

45. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Object Management Group (OMG)
Simple Object Access Protocol (SOAP)
HTTP (hyper text transfer protocol)
Cathode ray tube (CRT)

46. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Bus topology
ICMP (internet control message protocol)
Value-added network (VAN)
Noise

47. An authentication protocol; often used by remote-access servers
Screening routers
Random access memory (RAM)
Logs/Log file
TACACS+ (terminal access controller access control system plus)

48. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
IP (Internet protocol)
Preventive controls
Pervasive IS controls
Cohesion

49. An individual who attempts to gain unauthorized access to a computer system
Hacker
Hash total
Data owner
Password cracker

50. The risk of giving an incorrect audit opinion
Audit risk
Access rights
Criteria
RS-232 interface