Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A code whose representation is limited to 0 and 1






2. Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes






3. A system software tool that logs; monitors and directs computer tape usage






4. Programs and supporting documentation that enable and facilitate use of the computer. Software controls the operation of the hardware.






5. A method used in the information processing facility (IPF) to determine and establish the sequence of computer job processing






6. System narratives provide an overview explanation of system flowcharts; with explanation of key control points and system interfaces.






7. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe






8. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






9. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm






10. Controlling access to a network by analyzing the attributes of the incoming and outgoing packets and either letting them pass; or denying them; based on a list of rules






11. A device used for combining several lower-speed channels into a higher-speed channel






12. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






13. A manual or automated log of all updates to data files and databases






14. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network






15. The machine language code that is generally referred to as the object or load module






16. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.






17. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






18. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.






19. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied






20. Range checks ensure that data fall within a predetermined range (also see limit checks).






21. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






22. Freedom from unauthorized intrusion






23. A certificate issued by one certification authority to a second certification authority so that users of the first certification authority are able to obtain the public key of the second certification authority and verify the certificates it has crea






24. Transactions that cannot be denied after the fact






25. Behavior adequate to meet the situations occurring during audit work (interviews; meetings; reporting; etc.). The IS auditor should be aware that appearance of independence depends upon the perceptions of others and can be influenced by improper acti






26. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






27. The risk associated with an event when the control is in place to reduce the effect or likelihood of that event being taken into account






28. Controls over the business processes that are supported by the ERP






29. A program for the examination of data; using logical or conditional tests to determine or to identify similarities or differences






30. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.






31. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






32. A version of the Windows operating system that supports preemptive multitasking






33. Wiring devices that may be inserted into communication links for use with analysis probes; LAN analyzers and intrusion detection security systems






34. Interface between data terminal equipment and data communications equipment employing serial binary data interchange






35. A 24-hour; stand-alone mini-bank; located outside branch bank offices or in public places like shopping malls. Through ATMs; clients can make deposits; withdrawals; account inquiries and transfers. Typically; the ATM network is comprised of two spher






36. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






37. A certificate identifying a public key to its subscriber; corresponding to a private key held by that subscriber. It is a unique code that typically is used to allow the authenticity and integrity of communicated data to be verified.






38. A sub-network of the Internet through which information is exchanged by text; graphics; audio and video.






39. Emergency processing agreements between two or more organizations with similar equipment or applications. Typically; participants promise to provide processing time to each other when an emergency arises.






40. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






41. The current and prospective effect on earnings and capital arising from negative public opinion. This affects the bank's ability to establish new relationships or services or continue servicing existing relationships. Reputation risk may expose the b






42. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






43. Making sure the modified/new system includes appropriate access controls and does not introduce any security holes that might compromise other systems






44. The boundary that defines the area of security concern and security policy coverage






45. A sampling technique used to estimate the average or total value of a population based on a sample; a statistical model used to project a quantitative characteristic; such as a dollar amount






46. A computer facility that provides data processing services to clients on a continual basis






47. The ability of end users to design and implement their own information system utilizing computer software products






48. The list of rules and/or guidance that is used to analyze event data






49. A fail-over process in which the primary node owns the resource group. The backup node runs a non-critical application (e.g.; a development or test environment) and takes over the critical resource group but not vice versa.






50. The current and prospective risk to earnings and capital arising from fraud; error and the inability to deliver products or services; maintain a competitive position and manage information. Security risk is evident in each product and service offered