Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
BSP (business service provider)
Financial audit
Analog
Vaccine

2. Confidentiality concerns the protection of sensitive information from unauthorized disclosure
Confidentiality
Appearance
Program narratives
Residual risk

3. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management
Buffer
Spool (simultaneous peripheral operations online)
Incremental testing
Security administrator

4. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested
Registration authority (RA)
Performance testing
Security management
Subject matter (Area of activity)

5. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Transaction log
Input controls
Table look-ups
Intrusive monitoring

6. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities
Node
Fiber optic cable
Partitioned file
Local loop

7. A permanent connection between hosts in a packet switched network
Systems analysis
Fail-over
Permanent virtual circuit (PVC)
Artificial intelligence

8. An evaluation of an application system being acquired or evaluated; which considers such matters as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the applicat
Challenge/response token
Node
Application acquisition review
Point-of-presence (POP)

9. An exception report is generated by a program that identifies transactions or data that appear to be incorrect. These items may be outside a predetermined range or may not conform to specified criteria.
Indexed sequential file
Exception reports
RSA
Reciprocal agreement

10. A protocol used for transmitting data between two ends of a connection
Decryption
PPP (point-to-point protocol)
Telecommunications
Geographic disk mirroring

11. Computer hardware that houses the electronic circuits that control/direct all operations of the computer system
Budget organization
Central processing unit (CPU)
Regression testing
Piggy backing

12. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.
Audit evidence
Electronic signature
Topology
Scheduling

13. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
Integrity
Limit check
Brute force
Direct reporting engagement

14. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Run-to-run totals
RSA
Technical infrastructure security
Firewall

15. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Audit evidence
Project team
Default deny policy
Multiplexing

16. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Application security
Console log
Check digit
Normalization

17. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Hub
Corporate exchange rate
Promiscuous mode
Irregularities

18. A transmission signal that varies continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications.
Analog
Buffer
Piggy backing
Program flowcharts

19. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Availability
Wide area network (WAN)
Internal control structure
Local area network (LAN)

20. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea
Limit check
Cross-certification
Edit controls
Information processing facility (IPF)

21. A document distributed to software vendors requesting them to submit a proposal to develop or provide a software product
E-mail/interpersonal messaging
Protection domain
Request for proposal (RFP)
Electronic signature

22. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.
Incremental testing
Audit risk
Internet Engineering Task Force (IETF)
Run-to-run totals

23. Provide verification that all transmitted data are read and processed
Token ring topology
Run-to-run totals
Privacy
Harden

24. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Vulnerability analysis
Untrustworthy host
Finger
Systems analysis

25. A standardized body of data created for testing purposes. Users normally establish the data. Base cases validate production application systems and test the ongoing accurate operation of the system.
Active response
Systems analysis
Base case
Dial-back

26. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions
Allocation entry
Downtime report
Detection risk
Population

27. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.
Application
TACACS+ (terminal access controller access control system plus)
Gateway
Security perimeter

28. A point in a routine at which sufficient information can be stored to permit restarting the computation from that point. NOTE: seems to pertain to recover - shutting down database after all records have been committed for example
Compensating control
Utility software
Checkpoint restart procedures
Systems acquisition process

29. Identified by one central processor and databases that form a distributed processing configuration
Value-added network (VAN)
Controls (Control procedures)
Outsourcing
Centralized data processing

30. Criteria Of Control; published by the Canadian Institute of Chartered Accountants in 1995
Service level agreement (SLA)
Bulk data transfer
Journal entry
COCO

31. Auxiliary computer hardware equipment used for input; output and data storage. Examples include disk drives and printers.
Peripherals
Bulk data transfer
Point-of-sale systems (POS)
Internet Inter-ORB Protocol (IIOP)

32. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system
Business-to-consumer e-commerce (B2C)
Log
Password
Standing data

33. Any yearly accounting period without regard to its relationship to a calendar year.
IT governance
Fscal year
Addressing
Numeric check

34. A device for sending and receiving computerized data over transmission lines
Uploading
Terminal
Object Management Group (OMG)
Rootkit

35. A document that confirms the client's and the IS auditor's acceptance of a review assignment
Terms of reference
Magnetic ink character recognition (MICR)
Data security
Spoofing

36. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.
Dynamic analysis
Application proxy
Dumb terminal
Database specifications

37. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population
Redo logs
Cohesion
Reciprocal agreement
Audit sampling

38. A system's level of resilience to seamlessly react from hardware and/or software failure
Vulnerabilities
Packet switching
Fault tolerance
Computer-aided software engineering (CASE)

39. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes
ICMP (internet control message protocol)
DoS (denial-of-service) attack
IT governance
Hacker

40. Computer file storage media not physically connected to the computer; typically tapes or tape cartridges used for backup purposes
Offline files
Coupling
Service level agreement (SLA)
Business impact analysis (BIA)

41. A device that connects two similar networks together
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Record
Financial audit
Bridge

42. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas
Sampling risk
Local loop
Prototyping
Monitoring policy

43. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload
Corporate exchange rate
Active recovery site (mirrored)
Decision support systems (DSS)
Rootkit

44. A utility program that combines several separately compiled modules into one; resolving internal references between them
Computer-assisted audit technique (CAATs)
Link editor (linkage editor)
Terms of reference
ISP (Internet service provider)

45. A group of computers connected by a communications network; where the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server but it
Client-server
Simple Object Access Protocol (SOAP)
Signatures
Access control

46. A project management technique used in the planning and control of system projects
Addressing
Verification
Program evaluation and review technique (PERT)
System flowcharts

47. A named collection of related records
Foreign exchange risk
File
Generalized audit software
Application layer

48. Weaknesses in systems that can be exploited in ways that violate security policy
Encapsulation (objects)
Topology
Vulnerabilities
Database specifications

49. Editing ensures that data conform to predetermined criteria and enable early identification of potential errors.
Open systems
Compliance testing
Reciprocal agreement
Editing

50. A file of semipermanent information that is used frequently for processing data or for more than one purpose
Master file
Hexadecimal
Operating system
e-commerce