Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination






2. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.






3. A protocol developed by the object management group (OMG) to implement Common Object Request Broker Architecture (CORBA) solutions over the World Wide Web. CORBA enables modules of network-based programs to communicate with one another. These modules






4. A set of routines; protocols and tools referred to as ''building blocks'' used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of






5. The risk that an error which could occur in an audit area; and which could be material; individually or in combination with other errors; will not be prevented or detected and corrected on a timely basis by the internal control system






6. A computer facility that provides data processing services to clients on a continual basis






7. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






8. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.






9. An entity (department; cost center; division or other group) responsible for entering and maintaining budget data.






10. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






11. Software that is being used and executed to support normal and authorized organizational operations. Such software is to be distinguished from test software; which is being developed or modified; but has not yet been authorized for use by management.






12. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






13. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered






14. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






15. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display






16. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






17. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






18. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






19. Freedom from unauthorized intrusion






20. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.






21. Relates to the technical and physical features of the computer






22. A third party that provides organizations with a variety of Internet; and Internet-related services






23. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.






24. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






25. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure






26. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)






27. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.






28. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.






29. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






30. Used to electronically scan and input written information from a source document






31. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






32. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






33. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes






34. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs






35. The code used to designate the location of a specific piece of data within computer storage






36. A measurement of the point prior to an outage to which data are to be restored






37. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






38. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






39. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995






40. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






41. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






42. The elimination of redundant data






43. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






44. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange






45. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures






46. A project management technique used in the planning and control of system projects






47. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






48. Two trading partners both share one or more secrets. No one else can read their messages. A different key (or set of keys) is needed for each pair of trading partners. Same key is used for encryption and decryption. (Also see Private Key Cryptosystem






49. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






50. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.