Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A process to authenticate (or certify) a party's digital signature; carried out by trusted third parties.
Editing
Digital certification
Protocol
Record

2. A method of computer fraud involving a computer code that instructs the computer to remove small amounts of money from an authorized computer transaction by rounding down to the nearest whole value denomination and rerouting the rounded off amount to
Intrusion
Rounding down
Pervasive IS controls
Control group

3. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Transaction log
Generalized audit software
Access rights
Protection domain

4. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
E-mail/interpersonal messaging
Asynchronous Transfer Mode (ATM)
Application proxy
Business impact analysis (BIA)

5. Simulated transactions that can be used to test processing logic; computations and controls actually programmed in computer applications. Individual programs or an entire system can be tested. This technique includes Integrated Test Facilities (ITFs)
Trusted systems
Test data
Virus
FTP (file transfer protocol)

6. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.
Piggy backing
Confidentiality
Audit trail
Control Objectives for Enterprise Governance

7. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Dial-back
Relevant audit evidence
ICMP (internet control message protocol)
Due care

8. A phase of an SDLC methodology where the affected user groups define the requirements of the system for meeting the defined needs
Default deny policy
Test data
Man-in-the-middle attack
Requirements definition

9. Specifies the format of packets and the addressing scheme
IP (Internet protocol)
Audit authority
Systems analysis
Password cracker

10. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
UDP (User Datagram Protocol)
Idle standby
Encryption key
Card swipes

11. The transfer of service from an incapacitated primary component to its backup component
Sequential file
Pervasive IS controls
Fail-over
Record

12. A measurement of the point prior to an outage to which data are to be restored
Taps
Detective controls
Auditability
Recovery point objective (RPO)—

13. Detection on the basis of whether the system activity matches that defined as bad
Privacy
Misuse detection
Piggy backing
Audit trail

14. Provides short-term backup power from batteries for a computer system when the electrical power fails or drops to an unacceptable voltage level
Internet banking
Passive response
Uninterruptible power supply (UPS)
Passive assault

15. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription
Check digit
Payment system
E-mail/interpersonal messaging
Logoff

16. Processes certified as supporting a security goal
Logon
Trusted processes
Reasonable assurance
Registration authority (RA)

17. A warm-site is similar to a hot-site; however; it is not fully equipped with all necessary hardware needed for recovery.
Data diddling
Baseband
Warm-site
Blackbox testing

18. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Uploading
FIN (final)
Capacity stress testing
Variable sampling

19. A test to check the system's ability to recover after a software or hardware failure
Recovery testing
Indexed sequential file
Ciphertext
Service provider

20. A type of LAN architecture in which the cable forms a loop; with stations attached at intervals around the loop. Signals transmitted around the ring take the form of messages. Each station receives the messages and each station determines; on the bas
Leased lines
Local loop
Ring topology
Terms of reference

21. Interface between data terminal equipment and data communications equipment employing serial binary data interchange
Access control table
RS-232 interface
Data structure
Coupling

22. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Masking
Budget organization
Risk
Technical infrastructure security

23. Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period
Man-in-the-middle attack
Passive assault
Systems analysis
Compliance testing

24. Computer programs provided by a computer hardware manufacturer or software vendor and used in running the system. This technique can be used to examine processing activities; to test programs; system activities and operational procedures; to evaluate
Real-time processing
Coverage
Detailed IS ontrols
Utility software

25. A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. The decryption is a reverse process of the encryption.
Hierarchical database
L2TP (Layer 2 tunneling protocol)
Card swipes
Decryption

26. A biometric device that is used to authenticate a user through palm scans
Handprint scanner
Random access memory (RAM)
System exit
Windows NT

27. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer
Data custodian
FTP (file transfer protocol)
Parity check
Input controls

28. A resource whose loss will result in the loss of service or production
Test data
ISO17799
Node
Single point of failure

29. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if
UDP (User Datagram Protocol)
Production software
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Master file

30. The range between the highest and lowest transmittable frequencies. It equates to the transmission capacity of an electronic line and is expressed in bytes per second or Hertz (cycles per second).
Card swipes
Bandwidth
Procedure
Transaction protection

31. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.
Due care
Online data processing
PPTP (point-to-point tunneling protocol)
Combined Code on Corporate Governance

32. The act of giving the idea or impression of being or doing something
Appearance
Authorization
Interest rate risk
Range check

33. Availability relates to information being available when required by the business process now and in the future. It also concerns the safeguarding of necessary resources and associated capabilities.
Penetration testing
Single point of failure
Check digit verification (self-checking digit)
Availability

34. The router at the extreme edge of the network under control; usually connected to an ISP or other service provider; also known as border router
Program evaluation and review technique (PERT)
Electronic funds transfer (EFT)
Uninterruptible power supply (UPS)
External router

35. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Simple Object Access Protocol (SOAP)
Digital certification
Protocol converter
Object code

36. A master control program that runs the computer and acts as a scheduler and traffic controller. It is the first program copied into the computer's memory after the computer is turned on and must reside in memory at all times. It is the software that
Variable sampling
Trust
Program narratives
Operating system

37. An audit designed to determine the accuracy of financial records and information
Performance indicators
Evidence
Financial audit
Corporate exchange rate

38. A protocol used to transmit data securely between two end points to create a VPN
Internal storage
Protocol stack
Bridge
PPTP (point-to-point tunneling protocol)

39. The denial by one of the parties to a transaction or participation in all or part of that transaction or of the content of communications related to that transaction.
Repudiation
Modem (modulator-demodulator)
Confidentiality
Generalized audit software

40. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Optical character recognition
Password cracker
Recovery time objective (RTO)
Hexadecimal

41. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas
ASCII (American Standard Code for Information Interchange)
Local area network (LAN)
Enterprise resource planning
Prototyping

42. A port configured on a network switch to receive copies of traffic from one or more other ports on the switch
Fail-safe
Spanning port
Data analysis
Audit objective

43. Any situation or event that has the potential to harm a system
Intrusion detection
ISP (Internet service provider)
Independent attitude
Threat

44. To the basic border firewall; add a host that resides on an untrusted network where the firewall cannot protect it. That host is minimally configured and carefully managed to be as secure as possible. The firewall is configured to require incoming an
Authentication
Untrustworthy host
Console log
Computationally greedy

45. These controls are designed to prevent or restrict an error; omission or unauthorized intrusion.
Preventive controls
Virtual private network (VPN)
System testing
Active recovery site (mirrored)

46. A process used to identify and evaluate risks and their potential effects
Authorization
Harden
Risk assessment
Static analysis

47. A statement of the position within the organization; including lines of reporting and the rights of access
Run-to-run totals
Dial-in access controls
Audit authority
Fscal year

48. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Access path
Data Encryption Standard (DES)
Database administrator (DBA)
Nonrepudiable trnasactions

49. In vulnerability analysis; gaining information by performing checks that affects the normal operation of the system; even crashing the system
Piggy backing
Intrusive monitoring
Audit accountability
Demodulation

50. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
DoS (denial-of-service) attack
Reasonable assurance
Computer sequence checking
Vulnerability analysis