Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. Detects line errors by retransmitting data back to the sending device for comparison with the original transmission






2. The process of converting an analog telecommunications signal into a digital computer signal






3. Processing is achieved by entering information into the computer via a video display terminal. The computer immediately accepts or rejects the information; as it is entered.






4. Hardware devices; such as asynchronous and synchronous transmissions; that convert between two different types of transmission






5. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






6. Is the risk to earnings or capital arising from movements in interest rates. From an economic perspective; a bank focuses on the sensitivity of the value of its assets; liabilities and revenues to changes in interest rates. Internet banking may attra






7. Measure of interconnectivity among software program modules' structure. Coupling depends on the interface complexity between modules. This can be defined as the point at which entry or reference is made to a module; and what data passes across the in






8. The ability to exercise judgement; express opinions and present recommendations with impartiality






9. Deliberately testing only the value-added functionality of a software component






10. 1) Following an authorized person into a restricted access area; 2) electronically attaching to an authorized telecommunications link to intercept and possibly alter transmissions.






11. Memory reserved to temporarily hold data. Buffers are used to offset differences between the operating speeds of different devices; such as a printer and a computer. In a program; buffers are reserved areas of RAM that hold data while they are being






12. A public key cryptosystem developed by R. Rivest; A. Shamir and L. Adleman. The RSA has two different keys; the public encryption key and the secret decryption key. The strength of the RSA depends on the difficulty of the prime number factorization.






13. The process that limits and controls access to resources of a computer system; a logical or physical control designed to protect against unauthorized entry or use. Access control can be defined by the system (mandatory access control; or MAC) or defi






14. A document that confirms the client's and the IS auditor's acceptance of a review assignment






15. A language used to control run routines in connection with performing tasks on a computer






16. A recovery solution provided by recovery and/or hardware vendors and includes a pre-established contract to deliver hardware resources within a specified number amount of hours after a disaster occurs. This solution usually provides organizations wit






17. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






18. A workstation or PC on a network that does not have its own disk. Instead; it stores files on a network file server.






19. The computer's primary working memory. Each byte of memory can be accessed randomly regardless of adjacent bytes.






20. A communication protocol used to connect to servers on the World Wide Web. Its primary function is to establish a connection with a web server and transmit HTML pages to the client browser.






21. A cipher technique whereby different cryptographic keys are used to encrypt and decrypt a message (see public key cryptosystems)






22. A communication line permanently assigned to connect two points; as opposed to a dial-up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line.






23. An assault on a service from a single source that floods it with so many requests that it becomes overwhelmed and is either stopped completely or operates at a significantly reduced rate






24. A test to check the system's ability to recover after a software or hardware failure






25. 1)A computer dedicated to servicing requests for resources from other computers on a network. Servers typically run network operating systems. 2)A computer that provides services to another computer (the client).






26. The information systems auditor (IS auditor) gathers information in the course of performing an IS audit. The information used by the IS auditor to meet audit objectives is referred to as audit evidence (evidence). Also used to describe the level of






27. A general hardware control; which helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is od






28. A protocol used for transmitting data between two ends of a connection






29. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






30. The process of feeding test data into two systems; the modified system and an alternative system (possibly the original system) and comparing results






31. A communications channel over which data can be sent and received simultaneously






32. Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization.






33. The risk that the IS auditor's substantive procedures will not detect an error which could be material; individually or in combination with other errors






34. An audit designed to determine the accuracy of financial records; as well as evaluate the internal controls of a function or department






35. The property that data meet with a priority expectation of quality and that the data can be relied upon






36. A display terminal without processing capability. Dumb terminals are dependent upon the main computer for processing. All entered data are accepted without further editing or validation.






37. Standard that defines how global directories should be structured. X.500 directories are hierarchical with different levels for each category of information; such as country; state and city.






38. A technique used to determine the size of a development task; based on the number of function points. Function points are factors such as inputs; outputs; inquiries and logical internal sites.






39. A file format in which the file is divided into multiple subfiles and a directory is established to locate each subfile






40. A system that authentically distributes users' public keys using certificates






41. A connectionless Internet protocol that is designed for network efficiency and speed at the expense of reliability. A data request by the client is served by sending packets without testing to verify if they actually arrive at the destination; not if






42. The process of generating; recording and reviewing a chronological record of system events to ascertain their accuracy






43. A test that has been designed to evaluate the performance of a system. In a benchmark test; a system is subjected to a known workload and the performance of the system against this workload is measured. Typically; the purpose is to compare the measur






44. A low-level computer programming language which uses symbolic code and produces machine instructions






45. An entity that may be given responsibility for performing some of the administrative tasks necessary in the registration of subjects; such as confirming the subject's identity; validating that the subject is entitled to have the attributes requested






46. The highest level of management in the organization; responsible for direction and control of the organization as a whole (such as director; general manager; partner; chief officer and executive manager).






47. A collection of computer programs used in the design; processing and control of all applications. The programs and processing routines that control the computer hardware; including the operating system and utility programs. Refers to the operating sy






48. Parallel simulation involves the IS auditor writing a program to replicate those application processes that are critical to an audit opinion and using this program to reprocess application system data. The results produced are compared with the resul






49. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






50. A top-down technique of designing programs and systems. It makes programs more readable; more reliable and more easily maintained.