CISA Study Notes CISA Study Notes updated., Exams of Advanced Education

CISA Study Notes CISA Study Notes updated.

Typology: Exams

2025/2026

Available from 05/17/2026

Lec_adrian_becker
Lec_adrian_becker šŸ‡ŗšŸ‡ø

4K documents

1 / 57

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ANSWER
CISA Study Notes CISA Study Notes updated.
Area of the CPU that executes software, allocates internal memory and
transfers operations between the arithmetic-logic, internal storage and
output sections of the computer - ANSWERCONTROL SECTION
"A mathematical value that is assigned to a file and used to ""test"" the file at
a later date to verify that the data contained in the file have not been
maliciously changed. Uses algorithms to translate data into digts called a hash
value. " - ANSWERCHECKSUM
An internal computerized table of access rules regarding the levels of
computer acces permitted to logon IDs and computer terminals -
ANSWERACCESS CONTROL TABLE
Provides centralized access control for managing remote access dial-up
services. - ANSWERACCESS SERVERS
The number of distinct locations that may be referred to with the machine
address. - ANSWERADDRESS SPACE
A standardized body of data created for testing purposes. - ANSWERBASE
CASE
A layer within the ISO/OSI model. Used in information transfers between
users through application programs. - ANSWERAPPLICATION LAYER
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39

Partial preview of the text

Download CISA Study Notes CISA Study Notes updated. and more Exams Advanced Education in PDF only on Docsity!

CISA Study Notes CISA Study Notes updated.

Area of the CPU that executes software, allocates internal memory and transfers operations between the arithmetic-logic, internal storage and output sections of the computer - ANSWERCONTROL SECTION "A mathematical value that is assigned to a file and used to ""test"" the file at a later date to verify that the data contained in the file have not been maliciously changed. Uses algorithms to translate data into digts called a hash value. " - ANSWERCHECKSUM An internal computerized table of access rules regarding the levels of computer acces permitted to logon IDs and computer terminals - ANSWERACCESS CONTROL TABLE Provides centralized access control for managing remote access dial-up services. - ANSWERACCESS SERVERS The number of distinct locations that may be referred to with the machine address. - ANSWERADDRESS SPACE A standardized body of data created for testing purposes. - ANSWERBASE CASE A layer within the ISO/OSI model. Used in information transfers between users through application programs. - ANSWERAPPLICATION LAYER

Provides centralized access control for managing remote access dial-up services. - ANSWERACCESS SERVERS A service that allows the option of having an alternate route to complete a call when the marked destination is not available. - ANSWERALTERNATIVE ROUTING Information generated by an encryption algorithm to protect the cleartext. It is unintelligible to the unauthorized reader. - ANSWERCIPHERTEXT An automated detail report of computer system activity. - ANSWERCONSOLE LOG A way to identify, acquire and retain customers - ANSWERCUSTOMER RELATIONSHIP MANAGEMENT (CRM) A model used by many organizations to identify best practices useful in assessing and increasing the maturity of the software development process. - ANSWER(CMM) Capability Maturity Model An instrument for checking the continued validity of the cerificates for which the certification authority (CA) has reponsibility. - ANSWERCERTIFICATE REVOCATION LIST (CRL) A numeric value which has been calculated mathematically that is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred. Detects transposition and transcription errors. - ANSWERCHECK DIGIT

A device that connects two similar networks together. - ANSWERBRIDGE Members of the operations area that are responsible for the collection, logging and submission of input for various user groups. - ANSWERCONTROL GROUP Advanced computer systems that can simulate human capabilities, such as analysis, based on a predetermined set of rules. - ANSWERARTIFICIAL INTELLIGENCE Character-at-a-time transmission. - ANSWERASYNCHRONOUS TRANSMISSION A process to determine the impact of losing the support of any resource. It will establish the escalation of that loss over time. - ANSWERBUSINESS IMPACT ANALYSIS (BIA) A program that translates programming language (source code) into machine executable instructions (object code). - ANSWERCOMPILER The actions dealing with operational effectiveness, efficiency and adherence to regulations and management policies - ANSWERADMINISTRATIVE CONTROLS A group of computers connected by a communications network where the client is the requiring machine and the service is the supplying machine. - ANSWERCLIENT-SERVER

A transmission signal that varies continuously in amplitude and time, and is generated in wave formation. Used in telecommunications. - ANSWERANALOG A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks). - ANSWERCOMPLETELY CONNECTED (mesh) CONFIGURATION Permissions or privileges. The rights granted to users by the administrator or supervisor. - ANSWERACCESS RIGHTS Common path or channel between hardware devices. - ANSWERBUS A testing approach that focuses on the functionality of the application or product and does not require knowledge of the code intervals. - ANSWERBLACK BOX TESTING Any automated audit technique such as generalized audit sofware, test data generators, computerized audit programs and specialized audit utilities. - ANSWERCOMPUTER-ASSISTED AUDIT TECHNIQUE (CAAT) Measure of interconnectivity among software program modules' structures. It depends on the interface complexity between modules. - ANSWERCOUPLING A method often employed by antispam software to filter spam based on probabilities and a score applied. A message with a high score will be flagged as spam. - ANSWERBAYESIAN FILTER

A computer embedded in a communications system that generally performs basic tasks of classifying network traffic and enforcing network policy functions. - ANSWERCOMMUNICATIONS PROCESSOR A form of modulation in which data signals are pulsed directly on the transmission medium without frequency division and usually utilize a transceiver. - ANSWERBASEBAND A type of cable that has a greater transmission capacity than standard twisted-pair cable but has a limited range of effective distance. - ANSWERCOAXIAL CABLE "A set of routines, protocols and tools referred to as ""Building blocks"" used in business application software development.. " - ANSWERAPPLICATION PROGRAMMING INTERFACE (API) A program for the examination of data using logical or conditional tests to determine or to identify similarities or differences - ANSWERCOMPARISON PROGRAM The code used to designate the location of a specific piece of data within computer storage. - ANSWERADDRESS A group of people integrated at the organization with clear lines of reporting and responsibilities for standby support in case of an information systems emergency. - ANSWERCOMPUTER EMERGENCY RESPONSE TEAM (CERT) Modern expression for organizational development stemming from IS/IT impacts. The goal is to yield a better performing structure, more responsive

to the customer base and market conditions, while yielding material cost savings. - ANSWERBusiness process reengineering (BPR) The technique used for selecting records in a file, one at a time, for process, retrieval or storage. - ANSWERACCESS METHOD A program written in a portable, platform independent computer language such as Java. It is usually embedded in an HTML page downloaded from web servers. - ANSWERAPPLET Memory reserved to temporarily hold data. - ANSWERBUFFER The use of sofware packages that aid in the develpment of all phases of an information system. - ANSWERCOMPUTER-AIDED SOFTWARE ENGINEERING (CASE) A detailed set of rules governing the certificate authority's operations - ANSWERCERTIFICATION PRACTICE STATEMENTS (CPS) Any software package that automatically plays, displays or downloads advertising matierial to a computer after the software is installed. - ANSWERADWARE The process that limits and controls access to resources of a computer system. - ANSWERACCESS CONTROL

These controls are designed to fix errors, omissions and unauthorized uses and intrusions once the are detected. - ANSWERCORRECTIVE CONTROLS The transfer of data between separate computer processing sites/devices using telephone lines, microwave and/or satellite links. - ANSWERDATA COMMUNICATIONS Individuals and departments responsible for the storage and safeguarding of computerized information. This typically is within the IS organization. - ANSWERDATA CUSTODIAN A database that contains the name, type, range of values, source, and authorization for access for each data element in a database - ANSWERDATA DICTIONARY Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes. - ANSWERDATA LEAKAGE Individuals, normally managers or directors, who have responsibility for the integrity, accurate reporting and use of computerized data - ANSWERDATA OWNERS Those controls that seek to maintain confidentiality, integrity and availability of information - ANSWERDATA SECURITY The relationships among files in a database and among data items within each file. - ANSWERDATA STRUCTURE

An individual or department responsible for the security and information classification of the shared data stored on a database system including the design, definition and maintenance of the database. - ANSWERDATABASE ADMINISTRATOR (DBA) A complex set of software programs that control the organization, storage and retrieval of data in a database. It also controls the security and integrity of the database. - ANSWERDATABASE MANAGEMENT SYSTEM (DBMS) The requirements for establishing a database application includING field definitions, field requirements, and reporting requirements for the individual information in the database. - ANSWERDATABASE SPECIFICATIONS The process of distributing computer processing to different locations within an organization. - ANSWERDECENTRALIZATION An interactive system that provides the user with easy access to decision models and data from a wide range of sources, to support semistructured decision-making tasks typically for business purposes. - ANSWERDECISION SUPPORT SYSTEM (DSS) A technique used to recover the original plaintext from the ciphertext such that it is intelligible to the reader. It is a reverse process of the encryption. - ANSWERDECRYPTION A piece of information, in a digitized form, used to recover the plaintext from the corresponding ciphertext. - ANSWERDECRYPTION KEY

A workstation or PC on a network that does not have its own disk. Instead, it stores files on a network file server. - ANSWERDISKLESS WORKSTATION A system of computers connected together by a communications network. Each computer processes its data, and the network supports the system as a whole. - ANSWERDISTRIBUTED DATA PROCESSING NETWORK The method of routing traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. - ANSWERDIVERSE ROUTING Domain name system poisoning (also called DNS cache poisoning or cache poisoning) corrupts the table of an Internet server's DNS, replacing an Internet address with the address of another vagrant or scoundrel address. - ANSWERDNS POISONING A server that translates the names of network nodes into network (IP) addresses. - ANSWERDOMAIN NAME SERVER A report that identifies the elapsed time when a computer is not operating correctly because of machine failure. - ANSWERDOWNTIME REPORT A display terminal without processing capability and depend on the main computer for processing. All entered data are accepted without further editing or validation. - ANSWERDUMB TERMINAL A protocol used by networked computers (clients) to obtain IP addresses and other parameters such as the default gateway, subnet mask and IP addresses

of DNS servers from the protocol server. - ANSWERDYNAMIC HOST CONFIGURATION PROTOCOL (DHCP) Detects errors in the input portion of information that is sent to the computer for processing. - ANSWEREDIT CONTROLS The electronic transmission of transactions (information) between two organizations. - ANSWERELECTRONIC DATA INTERCHANGE (EDI) The exchange of money via telecommunications. Refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another - ANSWERELECTRONIC FUNDS TRANSFER (EFT) A screening process that is incorporated into the regular production programs. The module selects items during the regular production runs that fulfill certain criteria established by the IS auditor and usually outputs or copies these items to a file or report. - ANSWEREMBEDDED AUDIT MODULE (EAM) The technique used by layered protocols in which a lower-layer protocol accepts a message from a higher-layer protocol and places it in the data portion of a frame in the lower layer. - ANSWERENCAPSULATION (OBJECTS) A technique used to protect the plaintext by coding the data so they are unintelligible to the reader. - ANSWERENCRYPTION A piece of information, in a digitized form, used by an algorithm to convert the plaintext to the ciphertext. - ANSWERENCRYPTION KEY

A private network that resides on the Internet and allows a company to securely share business information with customers, suppliers, or other businesses as well as to execute electronic transactions and is located beyond the company's firewall. - ANSWEREXTRANET A plan of action or set of procedures to be performed if a system implementation, upgrade or modification does not work as intended. These may involve restoring the system to its state prior to the implementation or change. - ANSWERFALLBACK PROCEDURES It occurs when an unauthorized person is identified as an authorized person by the biometric system. - ANSWERFALSE AUTHORIZATION Occurs when an unauthorized person manages to enroll into the biometric system - ANSWERFALSE ENROLLMENT A phase of a system development life cycle (SDLC) methodology that researches the possibility and adequacy of resources for the development or acquisition of a system solution to a user need. - ANSWERFEASABILITY STUDY Glass fibers that transmit binary signals over a telecommunications network.

  • ANSWERFIBER OPTIC CABLE A table used by the operating system to keep track of where every file is located on the disk. - ANSWERFILE ALLOCATION TABLE (FAT) Specifies the length of the file's record, and the sequence and size of its fields. It also will specify the type of data contained within each field. - ANSWERFILE LAYOUT

A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. - ANSWERFILE SERVER An audit designed to determine the accuracy of financial records and information. - ANSWERFINANCIAL AUDIT A device that enforces security policies for traffic traversing to and from different network segments. - ANSWERFIREWALL Memory chips with embedded program code that hold their content when power is turned off. - ANSWERFIRMWARE A value that represents a reference to a tuple (a row in a table) containing the matching candidate key value in a database. - ANSWERFOREIGN KEY English-like, user friendly, nonprocedural computer languages used to program and/or read and process computer files. - ANSWERFOURTH- GENERATION LANGUAGE (4GL) A packet-switched wide area network (WAN) technology that provides faster performance than older packet-switched WAN technologies, such as X. networks, because it was designed for today's reliable circuits and performs less rigorous error detection. It is best suited for data and image transfers. - ANSWERFRAME RELAY A hardware/software package that is used to connect networks with different protocols. It has its own processor and memory, and can perform protocol and bandwidth conversions. - ANSWERGATEWAY

The process of electronically inputting source documents by taking an image of the document, thereby eliminating the need for key entry - ANSWERIMAGE PROCESSING A study of the potential future effects of a development project on current projects and resources. - ANSWERIMPACT ASSESSMENT Impersonation, as a security concept related to Windows NT, allows a server application to temporarily "be" the client in terms of access to secure objects.

  • ANSWERIMPERSONATION An IS auditor's self-governance and freedom from conflict of interest and undue influence. The IS auditor should be free to make his/her own decisions, not influenced by the organization being audited and its people, - ANSWERINDEPENDENCE A disk access method that stores data sequentially while also maintaining an index of key fields to all the records in the file for direct access capability. - ANSWERINDEXED SEQUENTIAL ACCESS METHOD (ISAM) The computer room and support areas. - ANSWERINFORMATION PROCESSING FACILITY (IPF) The leadership organizational structures and processes that safeguard information. - ANSWERINFORMATION SECURITY GOVERNANCE

The risk that a material error could occur, assuming that there are no related internal controls to prevent or detect the error (see control risk). - ANSWERINHERENT RISK Techniques and procedures used to verify, validate and edit data, to ensure that only correct data are entered into the computer. - ANSWERINPUT CONTROLS A public, end-to-end, digital telecommunications network with signaling, switching, and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of digital voice, video and data over 64 Kpbs lines. - ANSWERINTEGRATED SERVICES DIGITAL NETWORK (ISDN) A testing methodology where test data are processed in production systems. The data usually represent a set of fictitious entities such as departments, customers and products. Output reports are verified to confirm the correctness of the processing. - ANSWERINTEGRATED TEST FACILITY The Internet standards setting organization with international affiliates from network industry representatives. This includes all network industry developers and researchers concerned with the evolution and planned growth of the Internet. - ANSWERINTERNET ENGINEERING TASK FORCE (IETF) An attack using packets with the spoofed source Internet packet (IP) addresses. This technique exploits applications that use authentication based on IP addresses. This technique also may enable an unauthorized user to gain root access on the target system. - ANSWERINTERNET PACKET (IP) SPOOFING