Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






2. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






3. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target






4. A public end-to-end digital telecommunications network with signaling; switching and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of d






5. Diagramming data that are to be exchanged electronically; including how it is to be used and what business management systems need it. It is a preliminary step for developing an applications link. (Also see application tracing and mapping.)






6. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






7. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period






8. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source






9. An audit technique used to select items from a population for audit testing purposes based on selecting all those items that have certain attributes or characteristics (such as all items over a certain size)






10. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






11. A project management technique used in the planning and control of system projects






12. A measurement of the point prior to an outage to which data are to be restored






13. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






14. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






15. A debit or credit to a general ledger account. See also manual journal entry.






16. A live test of the effectiveness of security defenses through mimicking the actions of real-life attackers






17. A financial system that establishes the means for transferring money between suppliers and users of funds; ordinarily by exchanging debits or credits between banks or financial institutions.






18. The ability to exercise judgement; express opinions and present recommendations with impartiality






19. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






20. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






21. An eight-bit code representing 256 characters; used in most large computer systems






22. A pair of small; insulated wires that are twisted around each other to minimize interference from other wires in the cable. This is a low-capacity transmission medium.






23. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






24. Testing an application with large quantities of data to evaluate its performance during peak periods. It also is called volume testing.






25. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






26. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar






27. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies






28. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj






29. The total of any numeric data field on a document or computer file. This total is checked against a control total of the same field to facilitate accuracy of processing.






30. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component






31. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.






32. Faking the sending address of a transmission in order to gain illegal entry into a secure system






33. These controls are designed to correct errors; omissions and unauthorized uses and intrusions; once they are detected.






34. Used to enable remote access to a server computer. Commands typed are run on the remote server.






35. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






36. A set of protocols that allow systems to communicate information about the state of services on other systems. It is used; for example; in determining whether systems are up; maximum packet sizes on links; whether a destination host/network/port is a






37. The organization using the outsourced service






38. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the






39. The risk of errors occurring in the area being audited






40. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






41. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






42. A type of LAN ring topology in which a frame containing a specific format; called the token; is passed from one station to the next around the ring. When a station receives the token; it is allowed to transmit. The station can send as many frames as






43. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






44. Defined by ISACA as the processes by which organisations conduct business electronically with their customers; suppliers and other external business partners; using the Internet as an enabling technology. It therefore encompasses both business-to-bus






45. A protocol used for transmitting data between two ends of a connection






46. A software suite designed to aid an intruder in gaining unauthorized administrative access to a computer system






47. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






48. A manual or automated log of all updates to data files and databases






49. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






50. An attack capturing sensitive pieces of information; such as passwords; passing through the network