Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. The level of trust with which a system object is imbued
Privilege
Salami technique
Signatures
Rapid application development

2. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
liquidity risk
BSP (business service provider)
Control risk self-assessment
Network administrator

3. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate
Masqueraders
DoS (denial-of-service) attack
Extensible Markup Language (XML)
Downtime report

4. Those policies and procedures implemented to achieve a related control objective
Surge suppressor
Mapping
Controls (Control procedures)
Alpha

5. In a passive assault; intruders attempt to learn some characteristic of the data being transmitted. They may be able to read the contents of the data so the privacy of the data is violated. Alternatively; although the content of the data itself may r
Application software tracing and mapping
Bus topology
Passive assault
Information processing facility (IPF)

6. A piece of information; in a digitized form; used by an encryption algorithm to convert the plaintext to the ciphertext
Hash total
System narratives
Encryption key
Broadband

7. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Hash total
Redo logs
Network hop
Utility programs

8. Point at which terminals are given access to a network
Monitor
Internet packet (IP) spoofing
Node
X.25

9. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Worm
Transaction protection
Performance indicators
Software

10. The person responsible for maintaining a LAN and assisting end users
Network administrator
Fail-over
Virus
Journal entry

11. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.
Top-level management
Internal control
Sequence check
PPP (point-to-point protocol)

12. Detection on the basis of whether the system activity matched that defined as abnormal
Control weakness
Scheduling
Components (as in component-based development)
Anomaly detection

13. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences
Application acquisition review
Service provider
IPSec (Internet protocol security)
Comparison program

14. The number of distinct locations that may be referred to with the machine address. For most binary machines; it is equal to 2n; where n is the number of bits in the machine address.
Address space
Format checking
IPSec (Internet protocol security)
Bar code

15. A protocol and program that allows the remote identification of users logged into a system
Finger
Audit program
Recovery point objective (RPO)—
Downloading

16. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered
Inherent risk
X.25
Microwave transmission
Security/transaction risk

17. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Threat
Error
Fail-over
Whitebox testing

18. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver
Echo checks
Data communications
Computer server
Noise

19. The quality or state of not being named or identified
HTTPS (hyper text transfer protocol secure)
Remote job entry (RJE)
Anonymity
Universal Description; Discovery and Integration (UDDI)

20. A data dictionary is a database that contains the name; type; range of values; source and authorization for access for each data element in a database. It also indicates which application programs use that data so that when a data structure is contem
Modem (modulator-demodulator)
Data dictionary
Checkpoint restart procedures
Monitor

21. A denial-of-service (DoS) assault from multiple sources; see DoS
Modulation
Switch
DDoS (distributed denial-of-service) attack
Project team

22. The ability of end users to design and implement their own information system utilizing computer software products
Network
Decision support systems (DSS)
End-user computing
Middleware

23. A language used to control run routines in connection with performing tasks on a computer
Brouters
IDS (intrusion detection system)
Job control language (JCL)
Worm

24. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Dial-back
Repository
Public key cryptosystem
Software

25. The elimination of redundant data
Token
Default password
Normalization
Taps

26. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw
Completeness check
Editing
Appearance
Firewall

27. A device for sending and receiving computerized data over transmission lines
Simple fail-over
Appearance
Terminal
Reverse engineering

28. Is the risk to earnings or capital arising from a bank's inability to meet its obligations when they come due; without incurring unacceptable losses. Internet banking may increase deposit volatility from customers who maintain accounts solely on the
Windows NT
Data analysis
liquidity risk
world wide web (WWW)

29. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Bus topology
Topology
Generalized audit software
Open systems

30. A card reader that reads cards with a magnetizable surface on which data can be stored and retrieved
Check digit verification (self-checking digit)
COBIT
Access rights
Magnetic card reader

31. A physical control technique that uses a secured card or ID to gain access to a highly sensitive location. Card swipes; if built correctly; act as a preventative control over physical access to those sensitive locations. After a card has been swiped;
Alpha
Test programs
Datagram
Card swipes

32. A protocol for accessing a secure web server; whereby all data transferred is encrypted
Data structure
HTTPS (hyper text transfer protocol secure)
Sniff
Journal entry

33. A hierarchical database that is distributed across the Internet that allows names to be resolved into IP addresses (and vice versa) to locate services such as web and e-mail servers
Communications controller
Brouters
DNS (domain name system)
Auditability

34. An exercise that determines the impact of losing the support of any resource to an organization and establishes the escalation of that loss over time; identifies the minimum resources needed to recover and prioritizes the recovery of processes and su
Magnetic ink character recognition (MICR)
world wide web (WWW)
Business impact analysis (BIA)
Dial-back

35. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur
FIN (final)
Data owner
Benchmark
Object code

36. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use
Topology
System flowcharts
Port
Web site

37. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Optical scanner
Applet
Anonymous File Transfer Protocol (FTP)
Detective controls

38. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
DoS (denial-of-service) attack
Decision support systems (DSS)
Business risk
Inheritance (objects)

39. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac
Virtual private network (VPN)
Spoofing
Anonymous File Transfer Protocol (FTP)
Adjusting period

40. A biometric device that is used to authenticate a user through palm scans
X.25 interface
Handprint scanner
Buffer
DDoS (distributed denial-of-service) attack

41. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period
FTP (file transfer protocol)
Application proxy
Foreign exchange risk
Substantive testing

42. To configure a computer or other network device to resist attacks
Harden
Remote procedure calls (RPCs)
Applet
Reciprocal agreement

43. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission
Fail-safe
Attribute sampling
Preventive controls
Protocol converter

44. A protocol used to transmit data securely between two end points to create a VPN
PPTP (point-to-point tunneling protocol)
Audit trail
Prototyping
Audit responsibility

45. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Payment system
Node
Audit authority
Sampling risk

46. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.
Database administrator (DBA)
Monitor
Digital certificate
Screening routers

47. Tests of specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used; the test may be called a range check.
TACACS+ (terminal access controller access control system plus)
Central office (CO)
Limit check
Expert systems

48. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Corporate exchange rate
Proxy server
Blackbox testing
Bus topology

49. These controls deal with the everyday operation of a company or organization to ensure all objectives are achieved.
Windows NT
Incremental testing
Detective controls
Operational control

50. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software
Multiplexor
Local loop
Sniff
NAT (Network Address Translation)