Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od
Parity check
Machine language
Indexed sequential access method (ISAM)
Private key

2. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Function point analysis
Data integrity
DDoS (distributed denial-of-service) attack
Piggy backing

3. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Proxy server
System exit
Strategic risk
Intrusive monitoring

4. Requiring a great deal of computing power; processor intensive
Coupling
Computationally greedy
Node
Hierarchical database

5. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results
Parallel testing
SYN (synchronize)
Benchmark
Internet packet (IP) spoofing

6. The rules by which a network operates and controls the flow and priority of transmissions
Message switching
Electronic data interchange (EDI)
Protocol
Continuity

7. In vulnerability analysis; gaining information by performing standard system status queries and inspecting system attributes
Data diddling
Brute force
Integrated services digital network (ISDN)
Non-intrusive monitoring

8. Range checks ensure that data fall within a predetermined range (also see limit checks).
Range check
Completeness check
Allocation entry
Redundancy check

9. The potential loss to an area due to the occurrence of an adverse event
Exposure
Router
Bandwidth
Audit responsibility

10. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Peripherals
Librarian
Binary code
Payment system

11. These are the requirements for establishing a database application. They include field definitions; field requirements and reporting requirements for the individual information in the database.
RFC (request for comments)
Utility programs
Database specifications
Audit authority

12. A packet (encapsulated with a frame containing information); which is transmitted in a packet-switching network from source to destination
Address space
Datagram
e-commerce
Foreign exchange risk

13. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.
Data-oriented systems development
Honey pot
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
Personal identification number (PIN)

14. Any intentional violation of the security policy of a system
Internal control
Intrusion
Protection domain
Batch processing

15. A measurement of the point prior to an outage to which data are to be restored
Broadband
Test data
Recovery point objective (RPO)—
Communications controller

16. The art of designing; analyzing and attacking cryptographic schemes
Image processing
Detective controls
Useful audit evidence
Cryptography

17. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Output analyzer
Operating system
Cathode ray tube (CRT)
Structured programming

18. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Decision support systems (DSS)
Digital certificate
Public key
Untrustworthy host

19. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.
Ring topology
Audit objective
Reliable audit evidence
Telnet

20. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department
Statistical sampling
Operational audit
Single point of failure
Scure socket layer (SSL)

21. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Recovery testing
Computer-assisted audit technique (CAATs)
Promiscuous mode
Internal storage

22. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Completeness check
Application implementation review
Masking
Sniff

23. A communications channel that can handle only one signal at a time. The two stations must alternate their transmissions.
Completeness check
Security software
Half duplex
IPSec (Internet protocol security)

24. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Fscal year
Transaction protection
Unit testing
Binary code

25. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.
Electronic data interchange (EDI)
PPP (point-to-point protocol)
Data-oriented systems development
Fscal year

26. A program that processes actions upon business data; such as data entry; update or query. It contrasts with systems program; such as an operating system or network control program; and with utility programs; such as copy or sort.
Application program
Credentialed analysis
Budget
Certificate Revocation List

27. A server that acts on behalf of a user. Typical proxies accept a connection from a user; make a decision as to whether or not the user or client IP address is permitted to use the proxy; perhaps perform additional authentication; and complete a conne
Audit objective
Proxy server
Audit sampling
Redo logs

28. A protocol used for transmitting data between two ends of a connection
Benchmark
PPP (point-to-point protocol)
Redundancy check
Audit program

29. A communications channel over which data can be sent and received simultaneously
Full duplex
Program narratives
Operational risk
Decryption key

30. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.
SMTP (Simple Mail Transport Protocol)
Digital certificate
implementation life cycle review
False negative

31. Detects transmission errors by appending calculated bits onto the end of each segment of data
Anonymous File Transfer Protocol (FTP)
Redundancy check
PPTP (point-to-point tunneling protocol)
Offline files

32. A system's level of resilience to seamlessly react from hardware and/or software failure
Fault tolerance
Data flow
Editing
Tuple

33. The risk to earnings or capital arising from an obligor's failure to meet the terms of any contract with the bank or otherwise to perform as agreed. Internet banking provides the opportunity for banks to expand their geographic range. Customers can r
Monitoring policy
Control risk self-assessment
Credit risk
File layout

34. A disk access method that stores data sequentially; while also maintaining an index of key fields to all the records in the file for direct access capability
Terms of reference
Sniffing
Program narratives
Indexed sequential access method (ISAM)

35. A test to check the system's ability to recover after a software or hardware failure
Recovery testing
Salami technique
Virtual private network (VPN)
Information engineering

36. Is an electronic pathway that may be displayed in the form of highlighted text; graphics or a button that connects one web page with another web page address.
Hyperlink
Performance indicators
browser
Trojan horse

37. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
Utility software
Compliance testing
Operating system audit trails
Active recovery site (mirrored)

38. A data recovery strategy that allows organizations to recover data within hours after a disaster. It includes recovery of data from an offsite storage media that mirrors data via a communication link. Typically used for batch/journal updates to criti
Electronic funds transfer (EFT)
ASP/MSP (application or managed service provider)
Electronic vaulting
X.25

39. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Idle standby
Cathode ray tube (CRT)
Regression testing
Source lines of code (SLOC)

40. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Audit
Screening routers
Tcpdump

41. An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions
Unit testing
Compensating control
Availability
Journal entry

42. A utility program that combines several separately compiled modules into one; resolving internal references between them
Private key
Misuse detection
Link editor (linkage editor)
Librarian

43. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user
Electronic funds transfer (EFT)
Corrective controls
Operating system
Cold site

44. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Image processing
Security administrator
Systems acquisition process
Private key cryptosystems

45. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Reasonable assurance
Concurrent access
Terminal
Cohesion

46. This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer.
Trusted systems
Biometrics
Continuous auditing approach
Full duplex

47. A group of items that is waiting to be serviced or processed
Management information system (MIS)
ASCII (American Standard Code for Information Interchange)
Queue
Business process reengineering (BPR)

48. The act of transferring computerized information from one computer to another computer
Private key cryptosystems
Downloading
Systems acquisition process
Access control

49. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an
Trust
Tcpdump
Security/transaction risk
False negative

50. Defined minimum performance measures at or above which the service delivered is considered acceptable
Service level agreement (SLA)
Partitioned file
FIN (final)
Budget organization