SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.
Hash total
Passive assault
Worm
SYN (synchronize)
2. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof
Decryption
Audit expert systems
Firmware
Budget
3. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar
Misuse detection
Concurrent access
Whitebox testing
Performance indicators
4. The person responsible for maintaining a LAN and assisting end users
Peripherals
Network administrator
Value-added network (VAN)
Attribute sampling
5. With respect to security; a special type of virus that does not attach itself to programs; but rather spreads via other methods such as e-mail (also see virus)
Detection risk
Indexed sequential access method (ISAM)
Worm
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
6. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Default password
Systems acquisition process
Modem (modulator-demodulator)
Modulation
7. Correctness checks built into data processing systems and applied to batches of input data; particularly in the data preparation stage. There are two main forms of batch controls: 1) sequence control; which involves numbering the records in a batch c
Batch control
Downloading
Embedded audit module
Computer-assisted audit technique (CAATs)
8. Audit evidence is reliable if; in the IS auditor's opinion; it is valid; factual; objective and supportable.
Central office (CO)
Smart card
Voice mail
Reliable audit evidence
9. The risk of errors occurring in the area being audited
Decryption key
Error risk
Bar case
General computer controls
10. A computer facility that provides data processing services to clients on a continual basis
Evidence
Security administrator
Communications controller
Service bureau
11. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m
price risk
Budget hierarchy
Control risk
Hot site
12. A denial-of-service (DoS) assault from multiple sources; see DoS
COCO
DDoS (distributed denial-of-service) attack
Project team
Coaxial cable
13. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Substantive testing
Cross-certification
System software
Request for proposal (RFP)
14. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
Privacy
UDP (User Datagram Protocol)
Audit expert systems
Hot site
15. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Database administrator (DBA)
Requirements definition
X.25
Security perimeter
16. Controls that prevent unauthorized access from remote users that attempt to access a secured environment. These controls range from dial-back controls to remote user authentication.
Dial-in access controls
Credentialed analysis
Network
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
17. The logical language a computer understands
FIN (final)
Rounding down
Public key
Machine language
18. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Anomaly detection
Master file
Electronic signature
Teleprocessing
19. A system software tool that logs; monitors and directs computer tape usage
Tape management system (TMS)
Generalized audit software
Program flowcharts
Database management system (DBMS)
20. The information an auditor gathers in the course of performing an IS audit. Evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Evidence
DoS (denial-of-service) attack
Point-of-presence (POP)
Firewall
21. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature
Misuse detection
Protocol stack
Biometric locks
Utility programs
22. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
Coupling
Substantive testing
Utility software
RS-232 interface
23. The act of transferring computerized information from one computer to another computer
Independence
Compensating control
Downloading
Tcpdump
24. The transfer of data between separate computer processing sites/devices using telephone lines; microwave and/or satellite links
Professional competence
Baud rate
Image processing
Data communications
25. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Wiretapping
Object Management Group (OMG)
Misuse detection
Cadbury
26. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Bulk data transfer
Sequence check
Strategic risk
Assembly language
27. The rate of transmission for telecommunication data. It is expressed in bits per second (bps).
Application development review
Extensible Markup Language (XML)
Baud rate
Engagement letter
28. Specifies the format of packets and the addressing scheme
Control perimeter
Netware
IP (Internet protocol)
Service provider
29. Diligence which a person would exercise under a given set of circumstances
Project team
Value-added network (VAN)
Due care
Control section
30. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Simple Object Access Protocol (SOAP)
System narratives
Duplex routing
Computer-assisted audit technique (CAATs)
31. The transmission of job control language (JCL) and batches of transactions from a remote terminal location
Image processing
Memory dump
Remote job entry (RJE)
Rapid application development
32. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates
Optical scanner
Web page
Sniffing
Certificate authority (CA)
33. Any automated audit technique; such as generalized audit software; test data generators; computerized audit programs and specialized audit utilities
Threat
Gateway
Computer-assisted audit technique (CAATs)
Wiretapping
34. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Application proxy
Reverse engineering
Certificate authority (CA)
Waterfall development
35. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Dumb terminal
Rulebase
Electronic vaulting
Black box testing
36. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
world wide web (WWW)
Firmware
PPTP (point-to-point tunneling protocol)
Detailed IS ontrols
37. Block-at-a-time data transmission
Synchronous transmission
Message switching
Coupling
General computer controls
38. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac
Control perimeter
Hub
Digital certificate
e-commerce
39. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data
Spanning port
Function point analysis
Data owner
Engagement letter
40. A multiuser; multitasking operating system that is used widely as the master control program in workstations and especially servers
UNIX
Card swipes
Internal control
Router
41. Comparing the system's performance to other equivalent systems using well defined benchmarks
Performance testing
Geographic disk mirroring
Audit evidence
Program flowcharts
42. The act of giving the idea or impression of being or doing something
Appearance
Hierarchical database
File server
Batch control
43. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Controls (Control procedures)
Packet filtering
Memory dump
Distributed data processing network
44. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Posting
Magnetic ink character recognition (MICR)
Program narratives
Logon
45. The flow of data from the input (in Internet banking; ordinarily user input at his/her desktop) to output (in Internet banking; ordinarily data in a bank's central database). Data flow includes travelling through the communication lines; routers; swi
Offline files
Data flow
Sufficient audit evidence
Trusted systems
46. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems
Piggy backing
Independence
Taps
Enterprise resource planning
47. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit
Quick ship
Baseband
Budget formula
Surge suppressor
48. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.
Indexed sequential access method (ISAM)
Hexadecimal
Operational control
Downloading
49. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Cluster controller
Input controls
E-mail/interpersonal messaging
Sufficient audit evidence
50. The main memory of the computer's central processing unit
Passive assault
Business process reengineering (BPR)
Internal storage
Sequential file
