Test your basic knowledge |

CISA Certified Information Systems Auditor Vocab

Instructions:
  • Answer 50 questions in 15 minutes.
  • If you are not ready to take this test, you can study here.
  • Match each statement with the correct term.
  • Don't refresh. All questions and answers are randomly picked and ordered every time you load a test.

This is a study tool. The 3 wrong answers for each question are randomly chosen from answers to other questions. So, you might find at times the answers obvious, but you will see it re-enforces your understanding as you take the test each time.
1. The communication lines that provide connectivity between the telecommunications carrier's central office and the subscriber's facilities






2. An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design; definition and maintenance of the database.






3. The actions/controls dealing with operational effectiveness; efficiency and adherence to regulations and management policies






4. A testing approach which focuses on the functionality of the application or product and does not require knowledge of the code intervals.






5. Requiring a great deal of computing power; processor intensive






6. Systems for which detailed specifications of their components composition are published in a nonproprietary environment; thereby enabling competing organizations to use these standard components to build competitive systems. The advantages of using o






7. A networking device that can send (route) data packets from one local area network (LAN) or wide area network (WAN) to another; based on addressing at the network layer (Layer 3) in the OSI model. Networks connected by routers can use different or si






8. A high level description of the audit work to be performed in a certain period of time (ordinarily a year). It includes the areas to be audited; the type of work planned; the high level objectives and scope of the work; and topics such as budget; res






9. Intentional violations of established management policy or regulatory requirements. Deliberate misstatements or omissions of information concerning the area under audit or the organization as a whole; gross negligence or unintentional illegal acts.






10. A method for downloading public files using the File Transfer Protocol (FTP). Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general; users enter the word anonymo






11. The policies; procedures; practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected.






12. The property that data meet with a priority expectation of quality and that the data can be relied upon






13. A resource whose loss will result in the loss of service or production






14. A computer program or set of programs that perform the processing of records for a specific function






15. Any technique designed to provide the electronic equivalent of a handwritten signature to demonstrate the origin and integrity of specific data. Digital signatures are an example of electronic signatures.






16. Purposefully hidden malicious or damaging code within an authorized computer program. Unlike viruses; they do not replicate themselves; but they can be just as destructive to a single computer.






17. A protocol for packet-switching networks






18. A biometric device that is used to authenticate a user through palm scans






19. A permanent connection between hosts in a packet switched network






20. The policies; procedures; organizational structure and electronic access controls designed to restrict access to computer software and data files






21. The primary language used by both application programmers and end users in accessing relational databases






22. In an asymmetric cryptographic scheme; the key that may be widely published to enable the operation of the scheme






23. The acts preventing; mitigating and recovering from disruption. The terms business resumption planning; disaster recovery planning and contingency planning also may be used in this context; they all concentrate on the recovery aspects of continuity.






24. A piece of information; a digitized form of signature; that provides sender authenticity; message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function.






25. The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk.






26. Used to ensure that input data agree with predetermined criteria stored in a table






27. An integrated set of computer programs designed to serve a particular function that has specific input; processing and output activities (e.g.; general ledger; manufacturing resource planning; human resource management)






28. The level of trust with which a system object is imbued






29. An evaluation of any part of an implementation project (e.g.; project management; test plans; user acceptance testing procedures)






30. Diligence which a person; who possesses a special skill; would exercise under a given set of circumstances






31. An IS backup facility that has the necessary electrical and physical components of a computer facility; but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the user






32. Use of the Internet as a remote delivery channel for banking services. Services include the traditional ones; such as opening an account or transferring funds to different accounts; and new banking services; such as electronic bill presentment and pa






33. A testing technique that is used to test program logic within a particular program or module. The purpose of the test is to ensure that the program meets system development guidelines and does not abnormally end during processing.






34. A numbering system that uses a base of 16 and uses 16 digits: 0; 1; 2; 3; 4; 5; 6; 7; 8; 9; A; B; C; D; E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers.






35. A report that identifies the elapsed time when a computer is not operating correctly because of machine failure






36. Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically






37. Audit evidence is relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support.






38. Also known as ''automated remote journaling of redo logs.'' A data recovery strategy that is similar to electronic vaulting; except that instead of transmitting several transaction batches daily; the archive logs are shipped as they are created.'






39. The act or function of developing and maintaining applications programs in production






40. A piece of information; in a digitized form; used to recover the plaintext from the corresponding ciphertext by decryption






41. A flag set in a packet to indicate to the sender that the previous packet sent was accepted correctly by the receiver without errors; or that the receiver is now ready to accept a transmission






42. Control Objectives for Information and related Technology; the international set of IT control objectives published by ISACF;® 2000; 1998; 1996






43. A communication network that serves several users within a specified geographic area. It is made up of servers; workstations; a network operating system and a communications link. Personal computer LANs function as distributed processing systems in w






44. In intrusion detection; an error that occurs when an attack is misdiagnosed as a normal activity






45. A row or record consisting of a set of attribute value pairs (column or field) in a relational data structure






46. The calendar can contain 'real' accounting periods and/or adjusting accounting periods. The 'real' accounting periods must not overlap; and cannot have any gaps between 'real' accounting periods. Adjusting accounting periods can overlap with other ac






47. A numeric value; which has been calculated mathematically; is added to data to ensure that original data have not been altered or that an incorrect; but valid match has occurred. This control is effective in detecting transposition and transcription






48. An intrusion detection system (IDS) inspects network activity to identify suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system






49. An authentication protocol; often used by remote-access servers






50. Analysis of information that occurs on a noncontinuous basis; also known as interval-based analysis