Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






2. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






3. A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. In baseband the entire bandwidth of the transmission medium (e.g.; coaxial cable) is utilized for






4. Specialized security checker that tests user's passwords; searching for passwords that are easy to guess by repeatedly trying words from specially crafted dictionaries. Failing that; many password crackers can brute force all possible combinations in






5. The entire set of data from which a sample is selected and about which the IS auditor wishes to draw conclusions






6. It is composed of an insulated wire that runs through the middle of each cable; a second wire that surrounds the insulation of the inner wire like a sheath; and the outer insulation which wraps the second wire. Coaxial cable has a greater transmissio






7. Expert or decision support systems that can be used to assist IS auditors in the decision-making process by automating the knowledge of experts in the field. This technique includes automated risk analysis; systems software and control objectives sof






8. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






9. The proportion of known attacks detected by an intrusion detection system






10. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






11. An automated function that can be operating system or application based in which electronic data being transmitted between storage areas are spooled or stored until the receiving device or storage area is prepared and able to receive the information.






12. The Internet standards setting organization with affiliates internationally from network industry representatives. This includes all network industry developers and researchers concerned with evolution and planned growth of the Internet.






13. A set of utilities that implement a particular network protocol. For instance; in Windows machines a TCP/IP stack consists of TCP/IP software; sockets software and hardware driver software.






14. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






15. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






16. A trusted third party that serves authentication infrastructures or organizations and registers entities and issues them certificates






17. Any information collection mechanism utilized by an intrusion detection system






18. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.






19. An audit designed to evaluate the various internal controls; economy and efficiency of a function or department






20. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.






21. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private






22. Advanced computer systems that can simulate human capabilities; such as analysis; based on a predetermined set of rules






23. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks






24. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






25. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






26. A device that is used to authenticate a user; typically in addition to a username and password. It is usually a credit card-sized device that displays a pseudo random number that changes every few minutes.






27. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






28. Freedom from unauthorized intrusion






29. The act or function of developing and maintaining applications programs in production






30. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






31. Refers to the security of the infrastructure that supports the ERP networking and telecommunications; operating systems and databases.






32. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






33. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






34. To configure a computer or other network device to resist attacks






35. A popular local area network operating system developed by the Novell Corp.






36. A software engineering technique whereby an existing application system code can be redesigned and coded using computer-aided software engineering (CASE) technology






37. A computer file storage format in which one record follows another. Records can be accessed sequentially only. It is required with magnetic tape.






38. A manual or automated log of all updates to data files and databases






39. Programs that are used to process live or actual data that were received as input into the production environment.






40. Used to electronically scan and input written information from a source document






41. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems






42. A router that is configured to control network access by comparing the attributes of the incoming or outgoing packets to a set of rules






43. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca






44. A protocol for packet-switching networks






45. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no






46. Diligence which a person would exercise under a given set of circumstances






47. A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files.






48. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






49. A structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise's goals by adding value while balancing risk versus return over IT and its processes






50. An audit designed to determine the accuracy of financial records and information