Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






2. The outward impression of being self-governing and free from conflict of interest and undue influence






3. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.






4. A programmed edit or routine that detects transposition and transcription errors by calculating and checking the check digit






5. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






6. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






7. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.






8. The person responsible for implementing; monitoring and enforcing security rules established and authorized by management






9. Defined minimum performance measures at or above which the service delivered is considered acceptable






10. An evaluation of any part of a project to perform maintenance on an application system (e.g.; project management; test plans; user acceptance testing procedures)






11. Cooperating packages of executable software that make their services available through defined interfaces. Components used in developing systems may be commercial off-the-shelf software (COTS) or may be purposely built. However; the goal of component






12. A common connection point for devices in a network; hubs commonly are used to connect segments of a LAN. A hub contains multiple ports. When a packet arrives at one port; it is copied to the other ports so that all segments of the LAN can see all pac






13. A vacuum tube that displays data by means of an electron beam striking the screen; which is coated with suitable phosphor material or a device similar to a television screen upon which data can be displayed






14. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;






15. Software packages that sequentially dial telephone numbers; recording any numbers that answer






16. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service






17. Way of thinking; behaving; feeling; etc.






18. Freedom from unauthorized intrusion






19. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch






20. A router configured to permit or deny traffic based on a set of permission rules installed by the administrator






21. The use of alphabetic characters or an alphabetic character string






22. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack






23. Individuals; normally managers or directors; who have responsibility for the integrity; accurate reporting and use of computerized data






24. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance






25. The boundary that defines the area of security concern and security policy coverage






26. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa






27. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.






28. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






29. The process of converting an analog telecommunications signal into a digital computer signal






30. The application of audit procedures to less than 100 percent of the items within a population to obtain audit evidence about a particular characteristic of the population






31. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






32. The risk of errors occurring in the area being audited






33. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






34. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.






35. The risk of giving an incorrect audit opinion






36. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






37. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






38. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






39. A set of metrics designed to measure the extent to which performance objectives are being achieved on an on-going basis. They can include service level agreements; critical success factors; customer satisfaction ratings; internal or external benchmar






40. Analysis that is performed in real time or in continuous form






41. The purpose is to provide usable data rather than a function. The focus of the development is to provide ad hoc reporting for users by developing a suitable accessible database of information.






42. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re






43. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development






44. Generally; the assumption that an entity will behave substantially as expected. Trust may apply only for a specific function. The key role of this term in an authentication framework is to describe the relationship between an authenticating entity an






45. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






46. A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source






47. The amount of time allowed for the recovery of a business function or resource after a disaster occurs






48. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






49. The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction






50. Controls; other than application controls; which relate to the environment within which computer-based application systems are developed; maintained and operated; and which are therefore applicable to all applications. The objectives of general contr