Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. An organization composed of engineers; scientists and students. The IEEE is best known for developing standards for the computer and electronics industry.






2. A response; in which the system (automatically or in concert with the user) blocks or otherwise affects the progress of a detected attack. The response takes one of three forms--amending the environment; collecting more information or striking back a






3. Controlling access to a network by analyzing the contents of the incoming and outgoing packets and either letting them pass or denying them based on a list of rules. Differs from packet filtering in that it is the data in the packet that are analyzed






4. Controls over the business processes that are supported by the ERP






5. The act of capturing network packets; including those not necessarily destined for the computer running the sniffing software






6. An evaluation of an application system under development which considers matters such as: appropriate controls are designed into the system; the application will process information in a complete; accurate and reliable manner; the application will fu






7. A protected; generally computer-encrypted string of characters that authenticate a computer user to the computer system






8. A mathematical key (kept secret by the holder) used to create digital signatures and; depending upon the algorithm; to decrypt messages or files encrypted (for confidentiality) with the corresponding public key






9. Systems that employ sufficient hardware and software assurance measures to allow their use for processing of a range of sensitive or classified information






10. An attack strategy in which the attacker intercepts the communications stream between two parts of the victim system and then replaces the traffic between the two components with the intruder's own; eventually assuming control of the communication






11. The relationships among files in a database and among data items within each file






12. Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code






13. An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context






14. Small computers used to connect and coordinate communication links between distributed or remote devices and the main computer; thus freeing the main computer from this overhead function






15. A process used to identify and evaluate risks and their potential effects






16. An implementation of DNS intended to secure responses provided by the server such that different responses are given to internal vs. external users






17. A data communication network that adds processing services such as error correction; data translation and/or storage to the basic function of transporting data






18. An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals






19. A device that connects two similar networks together






20. Diligence which a person would exercise under a given set of circumstances






21. A report on Internal Control--An Integrated Framework sponsored by the Committee of Sponsoring Organizations of the Treadway Commission in 1992. It provides guidance and a comprehensive framework of internal control for all organizations.'






22. Information generated by an encryption algorithm to protect the plaintext. The ciphertext is unintelligible to the unauthorized reader.






23. One who obtains products or services from a bank to be used primarily for personal; family or household purposes.






24. To apply a variable; alternating current (AC) field for the purpose of demagnetizing magnetic recording media. The process involves increasing the AC field gradually from zero to some maximum value and back to zero; which leaves a very low residue of






25. An international consortium founded in 1994 of affiliates from public and private organizations involved with the Internet and the web. The W3C's primary mission is to promulgate open standards to further enhance the economic growth of Internet web s






26. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






27. Freedom from unauthorized intrusion






28. Unusual or statistically rare






29. The process of electronically sending computerized information from one computer to another computer. Most often; the transfer is from a smaller computer to a larger one.






30. A method of user authentication. Challenge response authentication is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server; the server sends the user a ''challenge;'' which is a r






31. A printed machine-readable code that consists of parallel bars of varied width and spacing






32. The technique used for selecting records in a file; one at a time; for processing; retrieval or storage. The access method is related to; but distinct from; the file organization that determines how the records are stored.






33. Any information collection mechanism utilized by an intrusion detection system






34. The code used to designate the location of a specific piece of data within computer storage






35. Glass fibers that transmit binary signals over a telecommunications network. Fiber optic systems have low transmission losses as compared to twisted-pair cables. They do not radiate energy or conduct electricity. They are free from corruption and lig






36. Proven level of ability; often linked to qualifications issued by relevant professional bodies and compliance with their codes of practice and standards






37. In vulnerability analysis; passive monitoring approaches in which passwords or other access credentials are required. This sort of check usually involves accessing a system data object.






38. Transactions that cannot be denied after the fact






39. A phase of an SDLC methodology that researches the feasibility and adequacy of resources for the development or acquisition of a system solution to a user need






40. System flowcharts are graphical representations of the sequence of operations in an information system or program. Information system flowcharts show how data from source documents flow through the computer to final distribution to users. Symbols use






41. A layer within the International Organization for Standardization (ISO)/Open Systems Interconnection (OSI) model. It is used in information transfers between users through application programs and other devices. In this layer various protocols are ne






42. A complex set of software programs that control the organization; storage and retrieval of data in a database. It also controls the security and integrity of the database.






43. Is the risk to earnings or capital arising from changes in the value of portfolios of financial instruments. Price risk arises from market making; dealing and position taking in interest rate; foreign exchange; equity and commodities markets. Banks m






44. A security technique that verifies an individual's identity by analyzing a unique physical attribute; such as a handprint






45. The method or communication mode of routing data over the communication network (also see half duplex and full duplex)






46. A device that forms a barrier between a secure and an open environment. Usually; the open environment is considered hostile. The most notable hostile environment is the Internet. In other words; a firewall enforces a boundary between two or more netw






47. Door and entry locks that are activated by such biometric features as voice; eye retina; fingerprint or signature






48. A system development technique that enables users and developers to reach agreement on system requirements. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphas






49. A low-level computer programming language which uses symbolic code and produces machine instructions






50. A third party that provides organizations with a variety of Internet; and Internet-related services






Can you answer 50 questions in 15 minutes?



Let me suggest you:



Major Subjects



Tests & Exams


AP
CLEP
DSST
GRE
SAT
GMAT

Most popular tests