Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






2. A file format in which records are organized and can be accessed; according to a preestablished key that is part of the record






3. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr






4. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C






5. A language used to control run routines in connection with performing tasks on a computer






6. A test to check the system's ability to recover after a software or hardware failure






7. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).






8. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






9. Analysis of the security state of a system or its compromise on the basis of information collected at intervals






10. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to






11. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






12. Unauthorized electronic exits; or doorways; out of an authorized computer program into a set of malicious instructions or programs






13. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.






14. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






15. An eight-bit code representing 256 characters; used in most large computer systems






16. The time it takes a system and network delay to respond. System latency is the time a system takes to retrieve data. Network latency is the time it takes for a packet to travel from source to the final destination.






17. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






18. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c






19. A private network that uses the infrastructure and standards of the Internet and World Wide Web; but is isolated from the public Internet by firewall barriers.






20. The process of converting a digital computer signal into an analog telecommunications signal






21. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






22. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






23. The interface between the user and the system






24. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing






25. Those controls that seek to maintain confidentiality; integrity and availability of information






26. Expert systems are the most prevalent type of computer systems that arise from the research of artificial intelligence. An expert system has a built in hierarchy of rules; which are acquired from human experts in the appropriate field. Once input is






27. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.






28. Faking the sending address of a transmission in order to gain illegal entry into a secure system






29. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved






30. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






31. An individual who attempts to gain unauthorized access to a computer system






32. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






33. The practice of eavesdropping on information being transmitted over telecommunications links






34. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system






35. A private network that is configured within a public network. For years; common carriers have built VPNs that appear as private national or international networks to the customer; but physically share backbone trunks with other customers. VPNs enjoy






36. Software used to administer logical security. It usually includes authentication of users; access granting according to predefined rules; monitoring and reporting functions.






37. Source lines of code are often used in deriving single-point software-size estimations.






38. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in






39. A basic control that prevents or detects errors and irregularities by assigning responsibility for initiating transactions; recording transactions and custody of assets to separate individuals. Commonly used in large IT organizations so that no singl






40. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






41. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






42. The person responsible for maintaining a LAN and assisting end users






43. Checks that data are entered correctly






44. Block-at-a-time data transmission






45. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






46. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






47. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product






48. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






49. The proportion of known attacks detected by an intrusion detection system






50. The process of monitoring the events occurring in a computer system or network; detecting signs of security problems