Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






2. A hardware/software package that is used to connect networks with different protocols. The gateway has its own processor and memory and can perform protocol and bandwidth conversions.






3. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is






4. A recurring journal entry used to allocate revenues or costs. For example; an allocation entry could be defined to allocate costs to each department based on headcount.






5. A private key cryptosystem published by the National Bureau of Standards (NBS); the predecessor of the US National Institute of Standards and Technology (NIST). DES has been used commonly for data encryption in the forms of software and hardware impl






6. The act of copying raw data from one place to another with little or no formatting for readability. Usually; dump refers to copying data from main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails; o






7. The physical layout of how computers are linked together. Examples include ring; star and bus.






8. Recovery strategy that involves two active sites; each capable of taking over the other's workload in the event of a disaster. Each site will have enough idle processing power to restore data from the other site and to accommodate the excess workload






9. Checks that data are entered correctly






10. An interface point between the CPU and a peripheral device






11. Techniques and procedures used to verify; validate and edit data; to ensure that only correct data are entered into the computer






12. Verifies that the control number follows sequentially and any control numbers out of sequence are rejected or noted on an exception report for further research (can be alpha or numeric and usually utilizes a key field)






13. Members of the operations area that are responsible for the collection; logging and submission of input for the various user groups






14. The level to which transactions can be traced and audited through a system






15. An electronic form functionally equivalent to cash in order to make and receive payments in cyberbanking






16. A weakness in system security procedures; system design; implementation or internal controls that could be exploited to violate system security.






17. The traditional Internet service protocol widely used for many years on UNIX-based operating systems and supported by the Internet Engineering Task Force (IETF) that allows a program on one computer to execute a program on another (e.g.; server). The






18. A response option in intrusion detection in which the system simply reports and records the problem detected; relying on the user to take subsequent action






19. A special terminal used by computer operations personnel to control computer and systems operations functions. These terminals typically provide a high level of computer access and should be properly secured.






20. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






21. To configure a computer or other network device to resist attacks






22. Promulgated through the World Wide Web Consortium; XML is a web-based application development technique that allows designers to create their own customized tags; thus; enabling the definition; transmission; validation and interpretation of data betw






23. Audit evidence is useful if it assists the IS auditors in meeting their audit objectives.






24. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






25. A process used to identify and evaluate risks and their potential effects






26. Tests of detailed activities and transactions; or analytical review tests; designed to obtain audit evidence on the completeness; accuracy or existence of those activities or transactions during the audit period






27. 1) The set of management statements that documents an organization's philosophy of protecting its computing and information assets 2) The set of security rules enforced by the system's security features






28. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster






29. A viewable screen displaying information; presented through a web browser in a single view sometimes requiring the user to scroll to review the entire page. A bank web page may display the bank's logo; provide information about bank products and serv






30. Disturbances; such as static; in data transmissions that cause messages to be misinterpreted by the receiver






31. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






32. Audit evidence is sufficient if it is adequate; convincing and would lead another IS auditor to form the same conclusions.






33. An algorithm that maps or translates one set of bits into another (generally smaller) so that a message yields the same result every time the algorithm is executed using the same message as input. It is computationally infeasible for a message to be






34. The risk of giving an incorrect audit opinion






35. These controls exist to detect and report when errors; omissions and unauthorized uses or entries occur.






36. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt






37. A protocol used to transfer files over a TCP/IP network (Internet; UNIX; etc.)






38. A method of selecting a portion of a population; by means of mathematical calculations and probabilities; for the purpose of making scientifically and mathematically sound inferences regarding the characteristics of the entire population






39. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription






40. A policy whereby access is denied unless it is specifically allowed. The inverse of default allow.






41. Detection on the basis of whether the system activity matched that defined as abnormal






42. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






43. Specialized tools that can be used to analyze the flow of data; through the processing logic of the application software; and document the logic; paths; control conditions and processing sequences. Both the command language or job control statements






44. The logical language a computer understands






45. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






46. An XML-formatted language used to describe a web service's capabilities as collections of communication endpoints capable of exchanging messages. WSDL is the language that UDDI uses. (Also see Universal Description; Discovery and Integration (UDDI))






47. A computer network connecting different remote locations that may range from short distances; such as a floor or building; to extremely long transmissions that encompass a large region or several countries






48. A set of protocols for accessing information directories. It is based on the X.500 standard; but is significantly simpler.






49. The accuracy and completeness of information as well as to its validity in accordance with business values and expectations






50. Changing data with malicious intent before or during input into the system