SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Auditability
Dynamic analysis
Logical access controls
Engagement letter
2. Detection on the basis of whether the system activity matched that defined as abnormal
Anomaly detection
Nonrepudiation
Controls (Control procedures)
Cryptography
3. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
False negative
File layout
Service provider
Accountability
4. A computerized technique of blocking out the display of sensitive information; such as passwords; on a computer terminal or report
Screening routers
Application development review
Irregularities
Masking
5. Detection on the basis of whether the system activity matches that defined as bad
Parity check
Misuse detection
Console log
Prototyping
6. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu
Spool (simultaneous peripheral operations online)
Encapsulation (objects)
Application development review
Materiality
7. A flag set in the initial setup packets to indicate that the communicating parties are synchronizing the sequence numbers used for the data transmission
Asynchronous Transfer Mode (ATM)
Object-oriented system development
SYN (synchronize)
Waterfall development
8. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Decision support systems (DSS)
Continuity
Computer server
Default password
9. An interface point between the CPU and a peripheral device
COSO
Structured Query Language (SQL)
Run-to-run totals
Port
10. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system
Systems development life cycle (SDLC)
Passive response
IDS (intrusion detection system)
Service provider
11. Refers to a sprinkler system that does not have water in the pipes during idle usage; unlike a fully charged fire extinguisher system that has water in the pipes at all times. The dry-pipe system is activated at the time of the fire alarm; and water
Operator console
Controls (Control procedures)
Dry-pipe fire extinguisher system
File layout
12. A phone number that represents the area in which the communications provider or Internet service provider (ISP) provides service
Point-of-presence (POP)
Frame relay
Misuse detection
Electronic signature
13. An attack capturing sensitive pieces of information; such as passwords; passing through the network
Baud rate
Sniffing
Uninterruptible power supply (UPS)
Rulebase
14. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Data flow
Plaintext
Firewall
Data security
15. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Application programming interface (API)
L2TP (Layer 2 tunneling protocol)
Bridge
Business impact analysis (BIA)
16. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server
Honey pot
Audit trail
Corporate exchange rate
Anonymity
17. The dynamic; integrated processes; effected by the governing body; management and all other staff; that are designed to provide reasonable assurance regarding the achievement of the following general objectives: Effectiveness; efficiency and economy
Remote procedure calls (RPCs)
Run instructions
Internal control structure
Single point of failure
18. A collection of related information treated as a unit. Separate fields within the record are used for processing of the information.
Record
Unit testing
Hypertext
Hacker
19. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department
Half duplex
Comprehensive audit
Antivirus software
Control perimeter
20. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Public key cryptosystem
Asynchronous transmission
implementation life cycle review
Offline files
21. Analysis of the security state of a system or its compromise on the basis of information collected at intervals
Access control table
Baseband
Vulnerability analysis
Audit evidence
22. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.
Judgment sampling
Vulnerability analysis
world wide web (WWW)
Wiretapping
23. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Decryption
Normalization
Tape management system (TMS)
Application software tracing and mapping
24. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Masqueraders
Hyperlink
Embedded audit module
Real-time processing
25. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
TACACS+ (terminal access controller access control system plus)
Service bureau
IT governance
Cohesion
26. Computer operating instructions which detail the step-by-step processes that are to occur so an application system can be properly executed. It also identifies how to address problems that occur during processing.
Intelligent terminal
Run instructions
Validity check
Allocation entry
27. The quality or state of not being named or identified
X.500
Attribute sampling
Source code
Anonymity
28. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)
Application implementation review
Digital signature
Independence
Intrusion
29. An engagement where management does not make a written assertion about the effectiveness of their control procedures; and the IS auditor provides an opinion about subject matter directly; such as the effectiveness of the control procedures
System narratives
Credentialed analysis
Direct reporting engagement
Whitebox testing
30. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
E-mail/interpersonal messaging
Decryption key
Baseband
Uploading
31. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Credentialed analysis
Criteria
RSA
Executable code
32. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
Operator console
Utility software
Independent attitude
Internet banking
33. Deliberately testing only the value-added functionality of a software component
Incremental testing
Production programs
Local loop
X.25
34. The process of converting an analog telecommunications signal into a digital computer signal
Demodulation
Application software tracing and mapping
Biometric locks
Security testing
35. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population
Digital certification
Statistical sampling
Nonrepudiable trnasactions
Database management system (DBMS)
36. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules
Artificial intelligence
Telecommunications
Appearance
Audit trail
37. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Structured programming
Modem (modulator-demodulator)
Open systems
Editing
38. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed
Cathode ray tube (CRT)
Evidence
COCO
Cold site
39. The risk of giving an incorrect audit opinion
Message switching
Open systems
IDS (intrusion detection system)
Audit risk
40. Allows the network interface to capture all network traffic irrespective of the hardware device to which the packet is addressed
Validity check
Application layer
Promiscuous mode
Local area network (LAN)
41. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested
Registration authority (RA)
Circuit-switched network
Packet switching
Port
42. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.
HTTP (hyper text transfer protocol)
Check digit
Offline files
Intrusion detection
43. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Virtual private network (VPN)
Application software tracing and mapping
RFC (request for comments)
Structured Query Language (SQL)
44. Weaknesses in systems that can be exploited in ways that violate security policy
Honey pot
Posting
Hypertext
Vulnerabilities
45. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Transaction
Availability
Strategic risk
Subject matter (Area of activity)
46. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Evidence
Private key cryptosystems
Prototyping
Data owner
47. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
File
liquidity risk
Operational risk
Data integrity
48. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules
Trojan horse
Man-in-the-middle attack
PPP (point-to-point protocol)
Packet filtering
49. The main memory of the computer's central processing unit
Internal storage
Project team
Masking
Audit risk
50. The area of the central processing unit (CPU) that executes software; allocates internal memory and transfers operations between the arithmetic-logic; internal storage and output sections of the computer
Information processing facility (IPF)
Control weakness
Control section
Dynamic analysis