Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Subjects : certifications, cisa, it-skills

Instructions:

Answer 50 questions in 15 minutes.
If you are not ready to take this test, you can study here.
Match each statement with the correct term.
Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.

1. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo
Detective controls
Anonymous File Transfer Protocol (FTP)
Journal entry
Application proxy

2. An ASP that also provides outsourcing of business processes such as payment processing; sales order processing and application development
Synchronous transmission
BSP (business service provider)
Output analyzer
Irregularities

3. An extension to PPP to facilitate the creation of VPNs. L2TP merges the best features of PPTP (from Microsoft) and L2F (from Cisco).
Generalized audit software
Service bureau
Privacy
L2TP (Layer 2 tunneling protocol)

4. A device for sending and receiving computerized data over transmission lines
Electronic cash
Terminal
Decentralization
Real-time analysis

5. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of
Audit evidence
Proxy server
Source lines of code (SLOC)
Management information system (MIS)

6. A data recovery strategy that takes a set of physically disparate disks and synchronously mirrors them over high performance communication lines. Any write to a disk on one side will result in a write on the other. The local write will not return unt
Substantive testing
Console log
Batch control
Geographic disk mirroring

7. The list of rules and/or guidance that is used to analyze event data
Rulebase
Controls (Control procedures)
Dumb terminal
Vulnerabilities

8. A measurement of the point prior to an outage to which data are to be restored
Data leakage
Function point analysis
Simple Object Access Protocol (SOAP)
Recovery point objective (RPO)—

9. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme
Public key
Validity check
Universal Description; Discovery and Integration (UDDI)
Third-party review

10. An interactive system that provides the user with easy access to decision models and data; to support semistructured decision-making tasks
Security/transaction risk
world wide web (WWW)
Security perimeter
Decision support systems (DSS)

11. Used in data encryption; it uses an encryption key; as a public key; to encrypt the plaintext to the ciphertext. It uses the different decryption key; as a secret key; to decrypt the ciphertext to the corresponding plaintext. In contrast to a private
Bar case
Public key cryptosystem
War dialler
Leased lines

12. Source code is the language in which a program is written. Source code is translated into object code by assemblers and compilers. In some cases; source code may be converted automatically into another language by a conversion program. Source code is
Table look-ups
Technical infrastructure security
Open systems
Source code

13. A flag set in a packet to indicate that this packet is the final data packet of the transmission
Bulk data transfer
Management information system (MIS)
FIN (final)
Requirements definition

14. A level of comfort short of a guarantee but considered adequate given the costs of the control and the likely benefits achieved
Reasonable assurance
Screening routers
Echo checks
Centralized data processing

15. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.
Split DNS
Intrusion
Uploading
Normalization

16. A specially configured server; designed to attract intruders so that their actions do not affect production systems; also known as a decoy server
Sampling risk
Artificial intelligence
Security policy
Honey pot

17. A group of budgets linked together at different levels such that the budgeting authority of a lower-level budget is controlled by an upper-level budget.
Internet
Budget hierarchy
Detective controls
Audit

18. Refer to the transactions and data relating to each computer-based application system and are therefore specific to each such application. The objectives of application controls; which may be manual; or programmed; are to ensure the completeness and
Audit accountability
Application controls
Confidentiality
Executable code

19. Attackers that penetrate systems by using user identifiers and passwords taken from legitimate users
Simple fail-over
Privilege
Administrative controls
Masqueraders

20. Detection on the basis of whether the system activity matched that defined as abnormal
Discovery sampling
Screening routers
Anomaly detection
Test generators

21. A system that authentically distributes users' public keys using certificates
Integrity
Machine language
Public key infrastructure
Intrusion detection

22. The current and prospective effect on earnings or capital arising from adverse business decisions; improper implementation of decisions or lack of responsiveness to industry changes.
Strategic risk
Compensating control
Tcpdump
Security management

23. An Internet standard that allows a network to use one set of IP addresses for internal traffic and a second set of addresses for external traffic. The server; providing the NAT service; changes the source address of outgoing packets from the internal
Web site
TACACS+ (terminal access controller access control system plus)
NAT (Network Address Translation)
Log

24. A telecommunications carrier's facilities in a local area in which service is provided where local service is switched to long distance
Central office (CO)
Baseband
Client-server
Appearance

25. A testing approach that uses knowledge of a program/module's underlying implementation and code intervals to verify its expected behavior.
Brute force
Masqueraders
Program evaluation and review technique (PERT)
Whitebox testing

26. A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster
Hot site
Data dictionary
Queue
Split DNS

27. Is the risk to earnings or capital arising from violations of; or nonconformance with; laws; rules; regulations; prescribed practices or ethical standards. Banks are subject to various forms of legal risk. This can include the risk that assets will t
legal risk
Independent appearance
Brouters
COSO

28. The extent to which a system unit--subroutine; program; module; component; subsystem--performs a single dedicated function. Generally; the more cohesive are units; the easier it is to maintain and enhance a system; since it is easier to determine whe
Control section
Split data systems
Cohesion
LDAP (Lightweight Directory Access Protocol)

29. A web-based version of the traditional phone book's yellow and white pages enabling businesses to be publicly listed in promoting greater e-commerce activities.
Universal Description; Discovery and Integration (UDDI)
Bus
Microwave transmission
COSO

30. English-like; user friendly; nonprocedural computer languages used to program and/or read and process computer files
Third-party review
X.25 interface
Integrated test facilities (ITF)
Fourth generation language (4GL)

31. The probability that the IS auditor has reached an incorrect conclusion because an audit sample; rather than the whole population; was tested. While sampling risk can be reduced to an acceptably low level by using an appropriate sample size and selec
Access rights
Logon
Demodulation
Sampling risk

32. Detects errors in the input portion of information that is sent to the computer for processing. The controls may be manual or automated and allow the user to edit data errors before processing.
Comprehensive audit
Data dictionary
Artificial intelligence
Edit controls

33. Common path or channel between hardware devices. It can be between components internal to a computer or between external computers in a communications network.
Combined Code on Corporate Governance
Cohesion
Bus
COBIT

34. Detection on the basis of whether the system activity matches that defined as bad
Misuse detection
Systems analysis
Data-oriented systems development
Exposure

35. An attack strategy in which the attacker successively hacks into a series of connected systems; obscuring his/her identify from the victim of the attack
Business impact analysis (BIA)
Access path
Handprint scanner
Network hop

36. The property that data meet with a priority expectation of quality and that the data can be relied upon
Single point of failure
Data integrity
Fail-over
Abend

37. The ability to exercise judgement; express opinions and present recommendations with impartiality
Dial-back
Statistical sampling
Geographic disk mirroring
Objectivity

38. Controls over the acquisition; implementation; delivery and support of IS systems and services. They are made up of application controls plus those general controls not included in pervasive controls.
Fail-over
Structured programming
Detailed IS ontrols
E-mail/interpersonal messaging

39. Authorized users of a computer system who overstep their legitimate access rights. This category is divided into masqueraders and clandestine users.
Fourth generation language (4GL)
Ciphertext
Internal penetrators
Computer-assisted audit technique (CAATs)

40. General controls which are designed to manage and monitor the IS environment and which; therefore; affect all IS-related activities
Test generators
Circuit-switched network
Pervasive IS controls
Normalization

41. An input device that reads characters and images that are printed or painted on a paper form into the computer.
Detailed IS ontrols
Optical scanner
Alpha
browser

42. A network monitoring and data acquisition tool that performs filter translation; packet acquisition and packet display
File server
Warm-site
Tcpdump
Object Management Group (OMG)

43. The code used to designate the location of a specific piece of data within computer storage
Audit sampling
Data communications
Address
Regression testing

44. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information
Trusted systems
System exit
business process integrity
Windows NT

45. The possibility of an act or event occurring that would have an adverse effect on the organization and its information systems
Risk
Degauss
Object code
Corporate governance

46. Identified by one central processor and databases that form a distributed processing configuration
Application proxy
Symmetric key encryption
Centralized data processing
Data leakage

47. The act of connecting to the computer. It typically requires entry of a user ID and password into a computer terminal.
Payment system
Logon
Master file
Point-of-presence (POP)

48. An approach used to plan; design; develop; test and implement an application system or a major modification to an application system. Typical phases include the feasibility study; requirements study; requirements definition; detailed design; programm
Credentialed analysis
Netware
Systems development life cycle (SDLC)
Reasonable assurance

49. Freedom from unauthorized intrusion
Privacy
Fail-over
Nonrepudiation
Sniffing

50. The name given to a class of algorithms that repeatedly try all possible combinations until a solution is found
PPP (point-to-point protocol)
Web site
Data diddling
Brute force