Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A document that has been approved by the IETF becomes an RFC and is assigned a unique number once published. If it gains enough interest; it may evolve into an Internet standard.
Service provider
Detection risk
RFC (request for comments)
IPSec (Internet protocol security)

2. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication
Production programs
Vulnerabilities
Man-in-the-middle attack
System exit

3. The process of taking an unencrypted message (plaintext); applying a mathematical function to it (encryption algorithm with a key) and producing an encrypted message (ciphertext)
Multiplexing
Job control language (JCL)
Encryption
Data leakage

4. A proxy service that connects programs running on internal networks to services on exterior networks by creating two connections; one from the requesting client and another to the destination service
Encryption
Enterprise governance
Application proxy
L2TP (Layer 2 tunneling protocol)

5. Used to electronically scan and input written information from a source document
Optical character recognition
Cathode ray tube (CRT)
Password cracker
Hierarchical database

6. Used to enable remote access to a server computer. Commands typed are run on the remote server.
Telnet
Brute force
Components (as in component-based development)
Decision support systems (DSS)

7. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking
Enterprise resource planning
Electronic cash
Privilege
Point-of-sale systems (POS)

8. Also called permissions or privileges; these are the rights granted to users by the administrator or supervisor. Access rights determine the actions users can perform (e.g.; read; write; execute; create and delete) on files in shared volumes or file
Bus
Access rights
PPTP (point-to-point tunneling protocol)
Compliance testing

9. The process of determining what types of activities are permitted. Ordinarily; authorisation is in the context of authentication: once you have authenticated a user; he/she may be authorised to perform different types of access or activity
legal risk
Variable sampling
UNIX
Authorization

10. Disconnecting from the computer
Logon
SYN (synchronize)
Tuple
Logoff

11. An automated detail report of computer system activity
Discovery sampling
Public key
Point-of-sale systems (POS)
Console log

12. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'
Bypass label processing (BLP)
BSP (business service provider)
Redo logs
Transaction protection

13. Is present when a financial asset or liability is denominated in a foreign currency or is funded by borrowings in another currency
X.25
Foreign exchange risk
L2TP (Layer 2 tunneling protocol)
Verification

14. A type of local area network (LAN) architecture in which each station is directly attached to a common communication channel. Signals transmitted over the channel take the form of messages. As each message passes along the channel; each station recei
Queue
Bus topology
Baseband
Numeric check

15. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Population
Risk
RADIUS (remote authentication dial-in user service)
X.500

16. Special system software features and utilities that allow the user to perform complex system maintenance. Use of these exits often permits the user to operate outside of the security access control system.
UDDI
Whitebox testing
System exit
Parallel simulation

17. The consolidation in 1998 of the ''Cadbury;'' ''Greenbury'' and ''Hampel'' Reports. Named after the Committee Chairs; these reports were sponsored by the UK Financial Reporting Council; the London Stock Exchange; the Confederation of British Industry
Reasonableness check
Combined Code on Corporate Governance
Privilege
Sequence check

18. A communications terminal control hardware unit that controls a number of computer terminals. All messages are buffered by the controller and then transmitted to the receiver.
Cluster controller
Vulnerabilities
Static analysis
Proxy server

19. A discussion document which sets out an ''Enterprise Governance Model'' focusing strongly on both the enterprise business goals and the information technology enablers which facilitate good enterprise governance; published by the Information Systems
Control Objectives for Enterprise Governance
Intrusion
Offline files
Variable sampling

20. A low-level computer programming language which uses symbolic code and produces machine instructions
Biometrics
Assembly language
Standing data
HTTP (hyper text transfer protocol)

21. Files; equipment; data and procedures available for use in the event of a failure or loss; if the originals are destroyed or out of service
Dry-pipe fire extinguisher system
Application software tracing and mapping
Backup
virtual organizations

22. Any yearly accounting period without regard to its relationship to a calendar year.
Extended Binary-coded Decimal Interchange Code (EBCDIC)
Job control language (JCL)
Web page
Fscal year

23. A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is availa
Trojan horse
File server
Control perimeter
Authentication

24. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o
Information engineering
Incremental testing
Detection risk
Open systems

25. The practice of eavesdropping on information being transmitted over telecommunications links
Wiretapping
Coaxial cable
Discovery sampling
Accountability

26. An exchange rate; which can be used optionally to perform foreign currency conversion. The corporate exchange rate is generally a standard market rate determined by senior financial management for use throughout the organization.
Corporate exchange rate
Risk
Protocol converter
Memory dump

27. A device for sending and receiving computerized data over transmission lines
Interface testing
Whitebox testing
Terminal
Dry-pipe fire extinguisher system

28. Processes certified as supporting a security goal
Default deny policy
Data Encryption Standard (DES)
Trusted processes
Man-in-the-middle attack

29. A third party that delivers and manages applications and computer services; including security services to multiple users via the Internet or a private network
Star topology
ASP/MSP (application or managed service provider)
Bus
Transaction protection

30. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
legal risk
Production software
Terms of reference
Synchronous transmission

31. Programs that are used to process live or actual data that were received as input into the production environment.
Production programs
Vaccine
Cluster controller
Parity check

32. A type of service providing an authentication and accounting system often used for dial-up and remote access security
DNS (domain name system)
Modulation
RADIUS (remote authentication dial-in user service)
Dry-pipe fire extinguisher system

33. Source lines of code are often used in deriving single-point software-size estimations.
Source lines of code (SLOC)
Performance indicators
Test data
Control objective

34. A computer program or set of programs that perform the processing of records for a specific function
Request for proposal (RFP)
Credentialed analysis
Application
TCP/IP protocol (Transmission Control Protocol/Internet Protocol)

35. The systems development phase in which systems specifications and conceptual designs are developed; based on end-user needs and requirements
Systems analysis
IPSec (Internet protocol security)
Control section
Active response

36. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Black box testing
Optical scanner
Audit program
Hypertext

37. The rules by which a network operates and controls the flow and priority of transmissions
Structured programming
Private key
Sniffing
Protocol

38. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w
Software
Bulk data transfer
Passive assault
Local area network (LAN)

39. A utility program that combines several separately compiled modules into one; resolving internal references between them
Link editor (linkage editor)
Exposure
price risk
Reasonableness check

40. In open systems architecture; circular routing is the logical path of a message in a communications network based on a series of gates at the physical network layer in the open systems interconnection (OSI) model.
Switch
Project team
System flowcharts
Circular routing

41. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.
Interest rate risk
Relevant audit evidence
Generalized audit software
Corporate governance

42. The proportion of known attacks detected by an intrusion detection system
Continuous auditing approach
Sampling risk
Fail-safe
Coverage

43. Used in data encryption; it uses a secret key to encrypt the plaintext to the ciphertext. It also uses the same key to decrypt the ciphertext to the corresponding plaintext. In this case; the key is symmetric such that the encryption key is equivalen
Network
Private key cryptosystems
Project sponsor
Multiplexor

44. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code
Object code
Service provider
Bar case
Intrusive monitoring

45. The central database that stores and organizes data
Security software
Communications controller
Repository
Log

46. An empowering method/process by which management and staff of all levels collectively identify and evaluate IS related risks and controls under the guidance of a facilitator who could be an IS auditor. The IS auditor can utilise CRSA for gathering re
Smart card
Control risk self-assessment
UDDI
Node

47. A protocol for accessing a secure web server; whereby all data transferred is encrypted
Consumer
Peripherals
HTTPS (hyper text transfer protocol secure)
Data-oriented systems development

48. A procedure designed to ensure that no fields are missing from a record
Compensating control
Access control
Production programs
Completeness check

49. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context
Materiality
Trap door
Digital certification
Utility programs

50. The elimination of redundant data
Normalization
Central office (CO)
Blackbox testing
Coupling