SUBJECTS
|
BROWSE
|
CAREER CENTER
|
POPULAR
|
JOIN
|
LOGIN
Business Skills
|
Soft Skills
|
Basic Literacy
|
Certifications
About
|
Help
|
Privacy
|
Terms
|
Email
Search
Test your basic knowledge |
CISA Certified Information Systems Auditor Vocab
Start Test
Study First
Subjects
:
certifications
,
cisa
,
it-skills
Instructions:
Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can
study here
.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.
This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.
Bar code
Bulk data transfer
Multiplexor
Default deny policy
2. A device that connects two similar networks together
Packet filtering
Bridge
Table look-ups
Administrative controls
3. The use of software packages that aid in the development of all phases of an information system. System analysis; design programming and documentation are provided. Changes introduced in one CASE chart will update all other related charts automatical
System narratives
Computer-aided software engineering (CASE)
Anonymity
Demodulation
4. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Brute force
Whitebox testing
Data communications
Partitioned file
5. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.
DoS (denial-of-service) attack
LDAP (Lightweight Directory Access Protocol)
Nonrepudiation
Allocation entry
6. A consortium with more than 700 affiliates from the software industry. Its purpose is to provide a common framework for developing applications using object-oriented programming techniques. For example; OMG is known principally for promulgating the C
Cluster controller
Independent appearance
Object Management Group (OMG)
Information processing facility (IPF)
7. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Proxy server
Network hop
Rotating standby
Bypass label processing (BLP)
8. An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target
Application programming interface (API)
Internet packet (IP) spoofing
Gateway
Access control table
9. A testing technique used to retest earlier program abends or logical errors that occurred during the initial testing phase
Central processing unit (CPU)
Voice mail
Regression testing
Terminal
10. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Detailed IS ontrols
IT governance
Repudiation
Intrusion detection
11. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.
Logoff
Outsourcing
Digital signature
Whitebox testing
12. A computer program or series of programs designed to perform certain automated functions. These functions include reading computer files; selecting data; manipulating data; sorting data; summarizing data; performing calculations; selecting samples an
Generalized audit software
Irregularities
PPP (point-to-point protocol)
System flowcharts
13. Specifies the length of the file's record and the sequence and size of its fields. A file layout also will specify the type of data contained within each field. For example; alphanumeric; zoned decimal; packed and binary are types of data.
World Wide Web Consortium (W3C)
Modulation
Cold site
File layout
14. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors
Detection risk
Card swipes
Source code compare programs
implementation life cycle review
15. The amount of time allowed for the recovery of a business function or resource after a disaster occurs
Coverage
Offline files
Data structure
Recovery time objective (RTO)
16. The risk of giving an incorrect audit opinion
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Binary code
Audit risk
Central office (CO)
17. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.
Useful audit evidence
Allocation entry
Database replication
Sufficient audit evidence
18. An individual data element in a computer record. Examples include employee name; customer address; account number; product unit price and product quantity in stock.
Record
Hierarchical database
Handprint scanner
Field
19. Analysis that is performed in real time or in continuous form
Fail-over
Dynamic analysis
Protocol converter
Indexed sequential access method (ISAM)
20. The Committee on the Financial Aspects of Corporate Governance; set up in May 1991 by the UK Financial Reporting Council; the London Stock Exchange and the UK accountancy profession; was chaired by Sir Adrian Cadbury and produced a report on the subj
Cadbury
Vulnerabilities
Objectivity
Recovery time objective (RTO)
21. A fail-over process in which the primary node owns the resource group. The backup node runs idle; only supervising the primary node. In case of a primary node outage; the backup node takes over. The nodes are prioritized; which means the surviving no
Idle standby
Hash function
Vulnerabilities
Assembler
22. Detection on the basis of whether the system activity matches that defined as bad
Logon
File server
Misuse detection
Active response
23. A process used to identify and evaluate risks and their potential effects
Risk assessment
X.25
Mapping
Systems development life cycle (SDLC)
24. The use of alphabetic characters or an alphabetic character string
Access rights
Memory dump
Strategic risk
Alpha
25. The processing of a group of transactions at the same time. Transactions are collected and processed against the master files at a specified time.
Integrated test facilities (ITF)
Batch processing
Numeric check
IEEE (Institute of Electrical and Electronics Engineers)--Pronounced I-triple-E
26. Files created specifically to record various actions occurring on the system to be monitored; such as failed login attempts; full disk drives and e-mail delivery failures
Circular routing
Pervasive IS controls
Signatures
Logs/Log file
27. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.
Brute force
Credentialed analysis
File layout
Rootkit
28. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.
TACACS+ (terminal access controller access control system plus)
Misuse detection
Run instructions
Database management system (DBMS)
29. Electronic communications by special devices over distances or around devices that preclude direct interpersonal exchange
Telecommunications
Data structure
Data leakage
Dynamic analysis
30. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.
world wide web (WWW)
Irregularities
RSA
Uploading
31. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards
Librarian
Telecommunications
Reputational risk
Professional competence
32. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data
Value-added network (VAN)
Gateway
Baseband
Intelligent terminal
33. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.
UDDI
Password cracker
Certificate Revocation List
Function point analysis
34. A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements
Offsite storage
Packet switching
Audit sampling
Database
35. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files
Logical access controls
Generalized audit software
Audit
Asynchronous Transfer Mode (ATM)
36. Program narratives provide a detailed explanation of program flowcharts; including control points and any external input.
Protocol
Passive response
Program narratives
Wide area network (WAN)
37. A terminal with built-in processing capability. It has no disk or tape storage but has memory. The terminal interacts with the user by editing and validating data as they are entered prior to final processing.
Top-level management
Intelligent terminal
Digital certification
Program flowcharts
38. A type of LAN architecture that utilizes a central controller to which all nodes are directly connected. All transmissions from one station to another pass through the central controller; which is responsible for managing and controlling all communic
Circular routing
Subject matter (Area of activity)
Idle standby
Star topology
39. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.
Digital certificate
Bulk data transfer
Detective controls
Cryptography
40. An approach to system development where the basic unit of attention is an object; which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template ca
Object orientation
business process integrity
Bulk data transfer
Control objective
41. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals
Database
Magnetic ink character recognition (MICR)
Independent appearance
Access control table
42. A system's level of resilience to seamlessly react from hardware and/or software failure
HTTP (hyper text transfer protocol)
System narratives
Coverage
Fault tolerance
43. A platform-independent XML-based formatted protocol enabling applications to communicate with each other over the Internet. Use of this protocol may provide a significant security risk to web application operations; since use of SOAP piggybacks onto
Digital certification
Dumb terminal
Distributed data processing network
Simple Object Access Protocol (SOAP)
44. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.
PPP (point-to-point protocol)
Bandwidth
RS-232 interface
Leased lines
45. The process of actually entering transactions into computerized or manual files. Such transactions might immediately update the master files or may result in memo posting; in which the transactions are accumulated over a period of time; then applied
Posting
Reverse engineering
Structured programming
Business risk
46. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.
Access path
COBIT
Black box testing
Fraud risk
47. Connects a terminal or computer to a communications network via a telephone line. Modems turn digital pulses from the computer into frequencies within the audio range of the telephone system. When acting in the receiver capacity; a modem decodes inco
Exception reports
Hyperlink
Modem (modulator-demodulator)
Remote procedure calls (RPCs)
48. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Relevant audit evidence
Data-oriented systems development
ASCII (American Standard Code for Information Interchange)
Remote procedure calls (RPCs)
49. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Anonymity
Duplex routing
File layout
L2TP (Layer 2 tunneling protocol)
50. A sampling technique that estimates the amount of overstatement in an account balance
Monetary unit sampling
Error risk
Audit
Reasonable assurance
