Download CISA Terms 2024 Questions And Answers and more Exams Entrepreneurship Development in PDF only on Docsity! CISA Terms 2024 Questions And Answers Abend - correct answer An abnormal end to a computer job; termination of a task prior to its completion because of an error condition that cannot be resolved by recovery facilities while the task is executing Acceptable use policy - correct answer A policy that establishes an agreement between users and the enterprise and defines for all parties' the ranges of use that are approved before gaining access to a network or the Internet Access control - correct answer The processes, rules and deployment mechanisms that control access to information systems, resources and physical access to premises Access control list (ACL) - correct answer An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals. Also referred to as access control tables. Access control table - correct answer An internal computerized table of access rules regarding the levels of computer access permitted to logon IDs and computer terminals CISA Terms 2024 Questions And Answers Access method - correct answer The technique used for selecting records in a file, one at a time, for processing, retrieval or storage. The access method is related to, but distinct from, the file organization, which determines how the records are stored. Access path - correct answer The logical route an end user takes to access computerized information. Typically, it includes a route through the operating system, telecommunications software, selected application software and the access control system. Access rights - correct answer The permission or privileges granted to users, programs or workstations to create, change, delete or view data and files within a system, as defined by rules established by data owners and the information security policy Access servers - correct answer Provides centralized access control for managing remote access dial-up services CISA Terms 2024 Questions And Answers continuously in amplitude and time and is generated in wave formation. Analog signals are used in telecommunications. Anonymous File Transfer Protocol (FTP) - correct answer A method for downloading public files using the File Transfer Protocol. Anonymous FTP is called anonymous because users do not need to identify themselves before accessing files from a particular server. In general, users enter the word "anonymous" when the host prompts for a username; anything can be entered for the password, such as the user's email address or simply the word "guest." In many cases, an anonymous FTP site will not even prompt users for a name and password. Antivirus software - correct answer An application software deployed at multiple points in an IT architecture. It is designed to detect and potentially eliminate virus code before damage is done and repair or quarantine files that have already been infected. Applet - correct answer A program written in a portable, platform independent computer language such as Java, JavaScript or Visual Basic. An applet is usually embedded in a Hypertext Markup Language (HTML) page downloaded CISA Terms 2024 Questions And Answers from web servers and then executed by a browser on client machines to run any web-based application (e.g., generate web page input forms, run audio/video programs, etc.). Applets can only perform a restricted set of operations, thus preventing, or at least minimizing, the possible security compromise of the host computers. However, applets expose the user's machine to risk if not properly controlled by the browser, which should not allow an applet to access a machine's information without prior authorization of the user. Application - correct answer A computer program or set of programs that perform the processing of records for a specific function. Contrasts with systems programs, such as an operating system or network control program, and with utility programs, such as copy or sort. Application controls - correct answer The policies, procedures and activities designed to provide reasonable assurance that objectives relevant to a given automated solution (application) are achieved Application layer - correct answer In the Open Systems Interconnection (OSI) communications model, the application layer provides services for an application program to ensure that CISA Terms 2024 Questions And Answers effective communication with another application program in a network is possible. The application layer is not the application that is doing the communication; a service layer that provides these services. Application program - correct answer A program that processes business data through activities such as data entry, update or query. Contrasts with systems programs, such as an operating system or network control program, and with utility programs such as copy or sort. Application programming - correct answer The act or function of developing and maintaining applications programs in production Application programming interface (API) - correct answer A set of routines, protocols and tools referred to as building blocks used in business application software development. A good API makes it easier to develop a program by providing all the building blocks related to functional characteristics of an operating system that applications need to specify, for example, when interfacing with the operating system (e.g., provided by Microsoft Windows, different versions of UNIX). A programmer uses these APIs in developing applications that can operate effectively and efficiently on the platform chosen. CISA Terms 2024 Questions And Answers selecting all those items that have certain attributes or characteristics (such as all items over a certain size) Audit evidence - correct answer The information used to support the audit opinion Audit objective - correct answer The specific goal(s) of an audit. These often center on substantiating the existence of internal controls to minimize business risk. Audit plan - correct answer 1. A plan containing the nature, timing and extent of audit procedures to be performed by engagement team members to obtain sufficient appropriate audit evidence to form an opinion. Includes the areas to be audited, the type of work planned, the high-level objectives and scope of the work, and topics such as budget, resource allocation, schedule dates, type of report, its intended audience and other general aspects of the work 2. A high-level description of the audit work to be performed in a certain period of time Audit program - correct answer A step-by-step set of audit procedures and CISA Terms 2024 Questions And Answers instructions that should be performed to complete an audit Audit risk - correct answer The probability that information or financial reports may contain material errors and that the auditor may not detect an error that has occurred Audit trail - correct answer A visible trail of evidence enabling one to trace information contained in statements or reports back to the original input source Authentication - correct answer The act of verifying the identity of a user and the user's eligibility to access computerized information. Authentication is designed to protect against fraudulent logon activity. It can also refer to the verification of the correctness of a piece of data. Backbone - correct answer The main communications channel of a digital network. The part of the network that handles the major traffic. Employs the highest-speed transmission paths in the network and may also run the longest distances. Smaller networks are attached to the backbone, and networks that connect directly to the end CISA Terms 2024 Questions And Answers user or customer are called access networks. A backbone can span a geographic area of any size, from a single building to an office complex, to an entire country. Or, it can be as small as a backplane in a single cabinet. Backup - correct answer Files, equipment, data and procedures available for use in the event of a failure or loss, if the originals are destroyed or out of service Badge - correct answer A card or other device that is presented or displayed to obtain access to an otherwise restricted facility, as a symbol of authority (e.g., police) or as a simple means of identification. Also used in advertising and publicity. Balanced scorecard (BSC) - correct answer Developed by Robert S. Kaplan and David P. Norton as a coherent set of performance measures organized into four categories that includes traditional financial measures, but adds customer, internal business process, and learning and growth perspectives Bandwidth - correct answer The range between the highest and lowest transmittable frequencies. It equates to the transmission CISA Terms 2024 Questions And Answers Examples include benchmarking of quality, logistic efficiency and various other metrics. Binary code - correct answer A code whose representation is limited to 0 and 1 Biometrics - correct answer A security technique that verifies an individual's identity by analyzing a unique physical attribute such as a handprint Black box testing - correct answer A testing approach that focuses on the functionality of the application or product and does not require knowledge of the code intervals Bridge - correct answer A device that connects two similar networks together Broadband - correct answer Multiple channels are formed by dividing the transmission medium into discrete frequency segments. Broadband generally requires the use of a modem. CISA Terms 2024 Questions And Answers Brouters - correct answer Devices that perform the functions of both a bridge and a router. A brouter operates at both the data link and the network layers. It connects same data-link- type local area network (LAN) segments and different data-link ones, which is a significant advantage. Like a bridge, it forwards packets based on the data-link layer address to a different network of the same type. Also, whenever required, it processes and forwards messages to a different data-link-type network based on the network protocol address. When connecting same data- link type networks, it is as fast as a bridge and is able to connect different data-link type networks. Buffer - correct answer Memory reserved to temporarily hold data to offset differences between the operating speeds of different devices, such as a printer and a computer. In a program, buffers are reserved areas of random access memory (RAM) that hold data while they are being processed. Bus - correct answer Common path or channel between hardware devices. Can be located between components internal to a computer or between external computers in a communications network. CISA Terms 2024 Questions And Answers Bus configuration - correct answer All devices (nodes) are linked along one communication line where transmissions are received by all attached nodes. This architecture is reliable in very small networks and is easy to use and understand. This configuration requires the least amount of cable to connect the computers together and, therefore, is less expensive than other cabling arrangements. It is also easy to extend, and two cables can be easily joined with a connector to make a longer cable for more computers to join the network. A repeater can also be used to extend a bus configuration. Business case - correct answer Documentation of the rationale for making a business investment, used to support a business decision on whether to proceed with the investment and as an operational tool to support management of the investment through its full economic life cycle Business continuity plan (BCP) - correct answer A plan used by an organization to respond to disruption of critical business processes. Depends on the contingency plan for restoration of critical systems. CISA Terms 2024 Questions And Answers authentication infrastructures or organizations, and registers entities and issues them certificates Certificate revocation list (CRL) - correct answer An instrument for checking the continued validity of the certificates for which the certification authority (CA) has responsibility. The CRL details digital certificates that are no longer valid. The time gap between two updates is very critical and is also a risk in digital certificates verification. Certification practice statement (CPS) - correct answer A detailed set of rules governing the certificate authority's operations. It provides an understanding of the value and trustworthiness of certificates issued by a given CA. In terms of the controls that an organization observes, the method it uses to validate the provides an understanding of the value and trustworthiness of certificates issued by a given CA. In terms of the controls that an organization observes, the method it uses to validate the authenticity of certificate applicants and the CA's expectations of how its certificates may be used. Chain of custody - correct answer A legal principle regarding the validity and integrity of evidence. It requires accountability for anything that will be used as evidence in a legal CISA Terms 2024 Questions And Answers proceeding to ensure that it can be accounted for from the time it was collected until the time it is presented in a court of law. Includes documentation as to who had access to the evidence and when, as well as the ability to identify evidence as being the exact item that was recovered or tested. Lack of control over evidence can lead to it being discredited. Chain of custody depends on the ability to verify that evidence could not have been tampered with. This is accomplished by sealing off the evidence, so it cannot be changed, and providing a documentary record of custody to prove that the evidence was at all times under strict control and not subject to tampering. Challenge/response token - correct answer A method of user authentication that is carried out through use of the Challenge Handshake Authentication Protocol (CHAP). When a user tries to log into the server using CHAP, the server sends the user a "challenge," which is a random value. The user enters a password, which is used as an encryption key to encrypt the "challenge" and return it to the server. The server is aware of the password. It, therefore, encrypts the "challenge" value and compares it with the value received from the user. If the values match, the user is authenticated. The challenge/response activity continues throughout the session and this protects the session from password sniffing attacks. In addition, addition, CHAP is not vulnerable to "man-in-the- middle" attacks because CISA Terms 2024 Questions And Answers the challenge value is a random value that changes on each access attempt. Change management - correct answer A holistic and proactive approach to managing the transition from a current to a desired organizational state, focusing specifically on the critical human or "soft" elements of change. Includes activities such as culture change (values, beliefs and attitudes), development of reward systems (measures and appropriate incentives) incentives), organizational design, stakeholder management, human resources (HR) policies and procedures, executive coaching, change leadership training, team building and communication planning and execution Channel Service Unit/Digital Service Unit (CSU/ DSU) - correct answer Interfaces at the physical layer of the open systems interconnection (OSI) reference model, data terminal equipment (DTE) to data circuit terminating equipment (DCE), for switched carrier networks Check digit - correct answer A numeric value, which has been calculated mathematically, that is added to data to ensure that original data have not been altered or that an incorrect, but valid match has occurred. Check digit CISA Terms 2024 Questions And Answers Client-server - correct answer A group of computers connected by a communications network, in which the client is the requesting machine and the server is the supplying machine. Software is specialized at both ends. Processing may take place on either the client or the server, but it is transparent to the user. Cloud computing - correct answer A model for enabling convenient, on- demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction Coaxial cable - correct answer Composed of an insulated wire that runs through the middle of each cable, a second wire that surrounds the insulation of the inner wire like a sheath, and the outer insulation which wraps the second wire. Has a greater transmission capacity than standard twisted-pair cables but has a limited range of effective distance. Cohesion - correct answer The extent to which a system unit— subroutine, program, module, component, subsystem— CISA Terms 2024 Questions And Answers performs a single dedicated function. Generally, the more cohesive are units, the easier it is to maintain and enhance a system because it is easier to determine where and how to apply a change. Cold site - correct answer An IS backup facility that has the necessary electrical and physical components of a computer facility but does not have the computer equipment in place. The site is ready to receive the necessary replacement computer equipment in the event the users have to move from their main computing location to the alternative computer facility. Communication processor - correct answer A computer embedded in a communications system that generally performs basic tasks of classifying network traffic and enforcing network policy functions. An example is the message data processor of a digital divide network (DDN) switching center. More advanced communications processors may perform additional functions. Comparison program - correct answer A program for the examination of data, using logical or conditional tests to determine or to identify similarities or differences CISA Terms 2024 Questions And Answers Compensating control - correct answer An internal control that reduces the risk of an existing or potential control weakness resulting in errors and omissions Compiler - correct answer A program that translates programming language (source code) into machine executable instructions (object code) Completely connected (mesh) configuration - correct answer A network topology in which devices are connected with many redundant interconnections between network nodes (primarily used for backbone networks) Completeness check - correct answer A procedure designed to ensure that no fields are missing from a record Compliance testing - correct answer Tests of control designed to obtain audit evidence on both the effectiveness of the controls and their operation during the audit period CISA Terms 2024 Questions And Answers Concurrency control - correct answer Refers to a class of controls used in database management systems (DBMS) to ensure that transactions are processed in an atomic, consistent, isolated and durable manner (ACID). This implies that only serial and recoverable schedules are permitted, and that committed transactions are not discarded when undoing aborted transactions. Configuration management - correct answer The control of changes to a set of configuration items over a system life cycle Console log - correct answer An automated detail report of computer system activity Contingency planning - correct answer Process of developing advance arrangements and procedures that enable an enterprise to respond to an event that could occur by chance or unforeseen circumstances Continuity - correct answer Preventing, mitigating and recovering from disruption. The terms "business resumption planning," "disaster recovery planning" and "contingency CISA Terms 2024 Questions And Answers planning" also may be used in this context; they all concentrate on the recovery aspects of continuity. Continuous auditing approach - correct answer This approach allows IS auditors to monitor system reliability on a continuous basis and to gather selective audit evidence through the computer. Continuous improvement - correct answer The goals of continuous improvement (Kaizen) include the elimination of waste, defined as "activities that add cost, but do not add value;" just-in- time (JIT) delivery; production load leveling of amounts and types; standardized work; paced moving lines; right- sized equipment. A closer definition of the Japanese usage of Kaizen is "to take it apart and put back together in a better way." What is taken apart is usually a process, system, product or service. Kaizen is a daily activity whose purpose goes beyond improvement. It is also a process that, when done correctly, humanizes the workplace, eliminates hard work (both mental and physical), and teaches people how to do rapid experiments using the scientific method and how to learn to see and eliminate waste in business processes. Control group - correct answer Members of the operations area that are CISA Terms 2024 Questions And Answers responsible for the collection, logging and submission of input for the various user groups Control objective - correct answer A statement of the desired result or purpose to be achieved by implementing control procedures in a particular process Control practice - correct answer Key control mechanism that supports the achievement of control objectives through responsible use of resources, appropriate management of risk and alignment of IT with business Control risk - correct answer The risk that a material error exists that would not be prevented or detected on a timely basis by the system of internal controls Control section - correct answer The area of the central processing unit (CPU) that executes software, allocates internal memory and transfers operations between the arithmetic-logic, internal storage and output sections of the computer CISA Terms 2024 Questions And Answers Customer relationship management (CRM) - correct answer A way to identify, acquire and retain customers. CRM is also an industry term for software solutions that help an organization manage customer relationships in an organized manner. Data communications - correct answer The transfer of data between separate computer processing sites/devices using telephone lines, microwave and/or satellite links Data custodian - correct answer Individual(s) and department(s) responsible for the storage and safeguarding of computerized information. This typically is within the IS organization. Data dictionary - correct answer A database that contains the name, type, range of values, source, and authorization for access for each data element in a database. It also indicates which application programs use those data so that when a data structure is contemplated, a list of the affected programs can be generated. May be a stand-alone information system used for management or documentation purposes, or it may control the operation of a database. CISA Terms 2024 Questions And Answers Data diddling - correct answer Changing data with malicious intent before or during input into the system Data Encryption Standard (DES) - correct answer An algorithm for encoding binary data. It is a secret key cryptosystem published by the National Bureau of Standards (NBS), the predecessor of the US National Institute of Standards and Technology (NIST). DES was defined as a Federal Information Processing Standard (FIPS) in 1976 and has been used commonly for data encryption in the forms of software and hardware implementation. (See private key cryptosystem.) Data leakage - correct answer Siphoning out or leaking information by dumping computer files or stealing computer reports and tapes Data owner - correct answer Individual(s), normally a manager or director, who have responsibility for the integrity, accurate reporting and use of computerized data Data security - correct answer Those controls that seek to maintain confidentiality, integrity and availability of information CISA Terms 2024 Questions And Answers Data structure - correct answer The relationships among files in a database and among data items within each file Database - correct answer A stored collection of related data needed by organizations and individuals to meet their information processing and retrieval requirements Database administrator (DBA) - correct answer An individual or department responsible for the security and information classification of the shared data stored on a database system. This responsibility includes the design, definition and maintenance of the database. Database management system (DBMS) - correct answer A software system that controls the organization, storage and retrieval of data in a database Database replication - correct answer The process of creating and managing duplicate versions of a database. Replication not only copies a database but also synchronizes a set of replicas so that changes made to one replica are reflected in all of the others. The beauty of replication is that it enables CISA Terms 2024 Questions And Answers Detection risk - correct answer The risk that material errors or misstatements that have occurred will not be detected by the IS auditor Detective control - correct answer Exists to detect and report when errors, omissions and unauthorized uses or entries occur. Dial-back - correct answer Used as a control over dial-up telecommunications lines. The telecommunications link established through dial-up into the computer from a remote location is interrupted so the computer can dial back to the caller. The link is permitted only if the caller is from a valid phone number or telecommunications channel. Dial-in access control - correct answer Prevents unauthorized access from remote users who attempt to access a secured environment. Ranges from a dial-back control to remote user authentication. Digital certificate - correct answer A piece of information, a digitized form of signature, that provides sender authenticity, message CISA Terms 2024 Questions And Answers integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function. Digital signature - correct answer A piece of information, a digitized form of a signature, that provides sender authenticity, message integrity and nonrepudiation. A digital signature is generated using the sender's private key or applying a one-way hash function. Disaster recovery plan (DRP) - correct answer A set of human, physical, technical and procedural resources to recover, within a defined time and cost, an activity interrupted by an emergency or disaster Disaster tolerance - correct answer The time gap during which the business can accept the non-availability of IT facilities. Discovery sampling - correct answer A form of attribute sampling that is used to determine a specified probability of finding at least one example of an occurrence (attribute) in a population CISA Terms 2024 Questions And Answers Discretionary access control (DAC) - correct answer A means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. Diskless workstations - correct answer A workstation or PC on a network that does not have its own disk, but instead stores files on a network file server Distributed data processing network - correct answer A system of computers connected together by a communications network. Each computer processes its data and the network supports the system as a whole. Such a network enhances communication among the linked computers and allows access to shared files. Diverse routing - correct answer The method of routing traffic through split cable facilities or duplicate cable facilities. This can be accomplished with different and/or duplicate cable sheaths. If different cable sheaths are used, the cable may be in the same conduit and, therefore, subject to the same interruptions as the cable it is backing up. The CISA Terms 2024 Questions And Answers Dumb terminal - correct answer A display terminal without processing capability. Dumb terminals are dependent on the main computer for processing. All entered data are accepted without further editing or validation. Dynamic Host Configuration Protocol (DHCP) - correct answer A protocol used by networked computers (clients) to obtain IP addresses and other parameters, such as the default gateway, subnet mask and IP addresses of domain name system (DNS) servers from a DHCP server. The DHCP server ensures that all IP addresses are unique (e.g., no IP address is assigned to a second client while the first client's assignment is valid [its lease has not expired]). Thus, IP address pool management is done by the server and not by a human network administrator. Echo checks - correct answer Detects line errors by retransmitting data back to the sending device for comparison with the original transmission Ecommerce - correct answer The processes by which enterprises conduct business electronically with their customers, CISA Terms 2024 Questions And Answers suppliers and other external business partners, using the Internet as an enabling technology. Ecommerce encompasses both business-to-business (B2B) and business-to-consumer (B2C) ecommerce models but does not include existing non-Internet Internet ecommerce methods based on private networks, such as electronic data interchange (EDI) and Society for Worldwide Interbank Financial Telecommunication (SWIFT). Edit control - correct answer Detects errors in the input portion of information that is sent to the computer for processing. May be manual or automated and allow the user to edit data errors before processing. Editing - correct answer Ensures that data conform to predetermined criteria and enable early identification of potential errors Electronic data interchange (EDI) - correct answer The electronic transmission of transactions (information) between two organizations. EDI promotes a more efficient paperless environment. EDI transmissions can replace the use of standard documents, including invoices or purchase orders. CISA Terms 2024 Questions And Answers Electronic funds transfer (EFT) - correct answer The exchange of money via telecommunications. EFT refers to any financial transaction that originates at a terminal and transfers a sum of money from one account to another. Email/interpersonal messaging - correct answer An individual using a terminal, PC or an application can access a network to send an unstructured message to another individual or group of people Embedded audit module (EAM) - correct answer Integral part of an application system that is designed to identify and report specific transactions or other information based on predetermined criteria. Identification of reportable items occurs as part of real- time processing. Reporting may be real-time online or may use store and forward methods. Also known as integrated test facility or continuous auditing module. Encapsulation (objects) - correct answer The technique used by layered protocols in which a lower-layer protocol accepts a message from a higher-layer protocol and places it in the data portion of a frame in the lower layer. CISA Terms 2024 Questions And Answers Ethernet - correct answer A popular network protocol and cabling scheme that uses a bus topology and carrier sense multiple access/collision detection (CSMA/CD) to prevent network failures or collisions when two devices try to access the network at the same time Evidence - correct answer The information an auditor gathers in the course of performing an IS audit; relevant if it pertains to the audit objectives and has a logical relationship to the findings and conclusions it is used to support Exception reports - correct answer An exception report is generated by a program that identifies transactions or data that appear to be incorrect. Exception reports may be outside a predetermined range or may not conform to specified criteria. Exclusive-OR (XOR) - correct answer The exclusive-OR operator returns a value of TRUE only if just one of its operands is TRUE. The XOR operation is a Boolean operation that produces a 0 if its two Boolean inputs are the same (0 and 0 or 1 and 1) and it produces a 1 if its two inputs are different (1 and 0). In contrast, an inclusive- OR operator returns a value of TRUE if either or both of its operands are TRUE. CISA Terms 2024 Questions And Answers Executable code - correct answer The machine language code that is generally referred to as the object or load module Expert system - correct answer The most prevalent type of computer system that arises from the research of artificial intelligence. An expert system has a built-in hierarchy of rules, which are acquired from human experts in the appropriate field. Once input is provided, the system should be able to define the nature of the problem and provide recommendations to solve the problem. Exposure - correct answer The potential loss to an area due to the occurrence of an adverse event Extended Binary-coded Decimal Interchange Code (EBCDIC) - correct answer An 8-bit code representing 256 characters; used in most large computer systems Extensible Markup Language (XML) - correct answer Promulgated through the World Wide Web Consortium, XML is a web-based application development technique that allows designers to create their own CISA Terms 2024 Questions And Answers customized tags, thus enabling the definition, transmission, validation and interpretation of data between applications and organizations Extranet - correct answer A private network that resides on the Internet and allows a company to securely share business information with customers, suppliers, or other businesses as well as to execute electronic transactions. different from an intranet in that it is located beyond the company's firewall. Therefore, an extranet relies on the use of securely issued digital certificates (or alternative methods of user authentication) and encryption of messages. A virtual private network (VPN) and tunneling are often used to implement extranets, to ensure security and privacy. Fallback procedures - correct answer A plan of action or set of procedures to be performed if a system implementation, upgrade or modification does not work as intended. May involve restoring the system to its state prior to the implementation or change. Fallback procedures are needed to ensure that normal business processes continue in the event of failure and should always be considered in system migration or implementation. CISA Terms 2024 Questions And Answers File server - correct answer A high-capacity disk storage device or a computer that stores data centrally for network users and manages access to that data. File servers can be dedicated so that no process other than network management can be executed while the network is available; file servers can be nondedicated so that standard user applications can run while the network is available. File Transfer Protocol (FTP) - correct answer A protocol used to transfer files over a Transmission Control Protocol/Internet Protocol (TCP/IP) network (Internet, UNIX, etc.) Financial audit - correct answer An audit designed to determine the accuracy of financial records and information Firewall - correct answer A system or combination of systems that enforces a boundary between two or more networks typically forming a barrier between a secure and an open environment, such as the Internet CISA Terms 2024 Questions And Answers Firmware - correct answer Memory chips with embedded program code that hold their content when power is turned off Foreign key - correct answer A value that represents a reference to a tuple (a row in a table) containing the matching candidate key value. The problem of ensuring that the database does not include any invalid foreign key values is known as the referential integrity problem. The constraint that values of a given foreign key must match values of the corresponding candidate key is known as a referential constraint. The relation (table) that contains the foreign key is referred to as the referencing relation and the relation that contains the corresponding candidate key as the referenced relation or target relation. (In the relational theory it would be a candidate key, but in real database management systems (DBMSs) implementations it is always the primary key.) Format checking - correct answer The application of an edit, using a predefined field definition to a submitted information stream; a test to ensure that data conform to a predefined format Fourth-generation language (4GL) - correct answer High-level, user-friendly, nonprocedural CISA Terms 2024 Questions And Answers computer languages used to program and/or read and process computer files Frame relay - correct answer A packet-switched wide-area network (WAN) technology that provides faster performance than older packet- switched WAN technologies. Best suited for data and image transfers. Because of its variable-length packet architecture, it is not the most efficient technology for real-time voice and video. In a frame-relay network, end nodes establish a connection via a permanent virtual circuit (PVC). Function point analysis - correct answer A technique used to determine the size of a development task, based on the number of function points. Function points are factors, such as inputs, outputs, inquiries and logical internal sites. Gateway - correct answer A device (router, firewall) on a network that serves as an entrance to another network General computer control - correct answer A control, other than an application control, that relates to the environment within which computer- based application systems are developed, CISA Terms 2024 Questions And Answers Hardware - correct answer The physical components of a computer system Help desk - correct answer A service offered via phone/Internet by an organization to its clients or employees that provides information, assistance, and troubleshooting advice regarding software, hardware, or networks. A help desk is staffed by people that can either resolve the problem on their own or escalate the problem to specialized personnel. A help desk is often equipped with dedicated customer relationship management (CRM) software that logs the problems and tracks them until they are solved. Heuristic filter - correct answer A method often employed by antispam software to filter spam using criteria established in a centralized rule database. Every email message is given a rank, based upon its header and contents, which is then matched against preset thresholds. A message that surpasses the threshold will be flagged as spam and discarded, returned to its sender or put in a spam directory for further review by the intended recipient. Hexadecimal - correct answer A numbering system that uses a base of 16 and uses 16 digits: 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, A, B, C, D, CISA Terms 2024 Questions And Answers E and F. Programmers use hexadecimal numbers as a convenient way of representing binary numbers. Hierarchical database - correct answer A database structured in a tree/root or parent/child relationship. Each parent can have many children, but each child may have only one parent. Honeypot - correct answer A specially configured server, also known as a decoy server, designed to attract and monitor intruders in a manner such that their actions do not affect production systems. Hot site - correct answer A fully operational offsite data processing facility equipped with both hardware and system software to be used in the event of a disaster Hypertext Markup Language (HTML) - correct answer A language designed for the creation of web pages with hypertext and other information to be displayed in a web browser. HTML is used to structure information—denoting certain text as headings, paragraphs, lists and so on—and can be used to describe, to some degree, the appearance and semantics of a document. CISA Terms 2024 Questions And Answers Image processing - correct answer The process of electronically inputting source documents by taking an image of the document, thereby eliminating the need for key entry Impact assessment - correct answer A review of the possible consequences of a risk Impersonation - correct answer A security concept related to Windows NT that allows a server application to temporarily "be" the client in terms of access to secure objects. Impersonation has three possible levels: identification, letting the server inspect the client's identity; impersonation, letting the server act on behalf of the client; and delegation, the same as impersonation but extended to remote systems to which the server connects (through the preservation of credentials). Impersonation by imitating or copying the identification, behavior or actions of another may also be used in social engineering to obtain otherwise unauthorized physical access. Incident - correct answer Any event that is not part of the standard operation of a service and that causes, or may cause, an CISA Terms 2024 Questions And Answers information system has an IT component that interacts with the process components. Inherent risk - correct answer The risk level or exposure without considering the actions that management has taken or might take (e.g., implementing controls) Inheritance (objects) - correct answer Database structures that have a strict hierarchy (no multiple inheritance). Inheritance can initiate other objects irrespective of the class hierarchy, thus there is no strict hierarchy of objects Initial program load (IPL) - correct answer The initialization procedure that causes an operating system to be loaded into storage at the beginning of a workday or after a system malfunction Input control - correct answer Techniques and procedures used to verify, validate and edit data, to ensure that only correct data are entered into the computer Instant messaging (IM) - correct answer An online mechanism or a form of real- CISA Terms 2024 Questions And Answers time communication among two or more people based on typed text and multimedia data. The text is conveyed via computers or another electronic device (e.g., cell phone or handheld device) connected over a network, such as the Internet. Integrated services digital network (ISDN) - correct answer A public end- to-end, digital telecommunications network with signaling, switching, and transport capabilities supporting a wide range of service accessed by standardized interfaces with integrated customer control. The standard allows transmission of digital voice, video and data over 64 kbps lines. Integrated test facilities (ITF) - correct answer A testing methodology where test data are processed in production systems. The data usually represent a set of fictitious entities, such as departments, customers and products. Output reports are verified to confirm the correctness of the processing. Integrity - correct answer The guarding against improper information modification or destruction, and includes ensuring information nonrepudiation and authenticity CISA Terms 2024 Questions And Answers Interface testing - correct answer A testing technique that is used to evaluate output from one application while the information is sent as input to another application Internal controls - correct answer The policies, procedures, practices and organizational structures designed to provide reasonable assurance that business objectives will be achieved, and undesired events will be prevented or detected and corrected Internet - correct answer 1) Two or more networks connected by a router; 2) the world's largest network using Transmission Control Protocol/Internet Protocol (TCP/IP) to link government, university and commercial institutions. Internet Engineering Task Force (IETF) - correct answer An organization with international affiliates as network industry representatives that sets Internet standards. This includes all network industry developers and researchers concerned with the evolution and planned growth of the Internet. Internet packet (IP) spoofing - correct answer An attack using packets with the spoofed CISA Terms 2024 Questions And Answers IT strategic plan - correct answer A long-term plan (i.e., three- to five-year horizon) in which business and IT management cooperatively describe how IT resources will contribute to the enterprise's strategic objectives (goals) IT strategy committee - correct answer A committee at the level of the board of directors to ensure that the board is involved in major IT matters and decisions. The committee is primarily accountable for managing the portfolios of IT-enabled investments, IT services and other IT resources. The committee is the owner of the portfolio. Judgment sampling - correct answer Any sample that is selected subjectively or in such a manner that the sample selection process is not random or the sampling results are not evaluated mathematically Key goal indicator (KGI) - correct answer A measure that tells management, after the fact, whether an IT process has achieved its business requirements; usually expressed in terms of information criteria CISA Terms 2024 Questions And Answers Key management practice - correct answer Management practices that are required to successfully execute business processes Key performance indicator (KPI) - correct answer A measure that determines how well the process is performing in enabling the goal to be reached. A lead indicator of whether a goal will likely be reached or not, and a good indicator of capabilities, practices and skills. It measures the activity goal, which is an action that the process owner must take to achieve effective process performance. Leased line - correct answer A communication line permanently assigned to connect two points, as opposed to a dial up line that is only available and open when a connection is made by dialing the target machine or network. Also known as a dedicated line. Librarian - correct answer The individual responsible for the safeguard and maintenance of all program and data files Licensing agreement - correct answer A contract that establishes the terms and conditions under which a piece of software is being CISA Terms 2024 Questions And Answers licensed (i.e., made legally available for use) from the software developer (owner) to the user Life cycle - correct answer A series of stages that characterize the course of existence of an organizational investment (e.g., product, project, program) Limit check - correct answer Tests specified amount fields against stipulated high or low limits of acceptability. When both high and low values are used, the test may be called a range check. Literals - correct answer Any notation for representing a value within programming language source code (e.g., a string literal); a chunk of input data that is represented "as is" in compressed data Local area network (LAN) - correct answer Communication network that serves several users within a specified geographical area. A personal computer LAN functions as distributed processing system in which each computer in the network does its own processing and manages some of its data. CISA Terms 2024 Questions And Answers Masking - correct answer A computerized technique of blocking out the display of sensitive information, such as passwords, on a computer terminal or report Master file - correct answer A file of semi-permanent information that is used frequently for processing data or for more than one purpose Materiality - correct answer An auditing concept regarding the importance of an item of information with regard to its impact or effect on the functioning of the entity being audited. An expression of the relative significance or importance of a particular matter in the context of the organization as a whole. Maturity - correct answer In business, indicates the degree of reliability or dependency that the business can place on a process achieving the desired goals or objectives Maturity model - correct answer See capability maturity model (CMM). CISA Terms 2024 Questions And Answers Media Access Control (MAC) - correct answer Applied to the hardware at the factory and cannot be modified, MAC is a unique, 48-bit, hard- coded address of a physical layer device, such as an Ethernet local area network (LAN) or a wireless network card. Media oxidation - correct answer The deterioration of the media on which data are digitally stored due to exposure to oxygen and moisture. Tapes deteriorating in a warm, humid environment are an example of media oxidation. Proper environmental controls should prevent, or significantly slow, this process. Memory dump - correct answer The act of copying raw data from one place to another with little or no formatting for readability. Usually, dump refers to copying data from the main memory to a display screen or a printer. Dumps are useful for diagnosing bugs. After a program fails, one can study the dump and analyze the contents of memory at the time of the failure. A memory dump will not help unless each person knows what to look for because dumps are usually output in a difficult-to-read form (binary, octal or hexadecimal). Message switching - correct answer A telecommunications methodology that CISA Terms 2024 Questions And Answers controls traffic in which a complete message is sent to a concentration point and stored until the communications path is established Microwave transmission - correct answer A high-capacity line-of-sight transmission of data signals through the atmosphere which often requires relay stations Middleware - correct answer Another term for an application programmer interface (API). It refers to the interfaces that allow programmers to access lower- or higher-level services by providing an intermediary layer that includes function calls to the services. Milestone - correct answer A terminal element that marks the completion of a work package or phase. Typically marked by a high-level event, such as project completion, receipt, endorsement or signing of a previously-defined deliverable or a high-level review meeting at which the appropriate level of project completion is determined and agreed to. A milestone is associated with some sort of decision that outlines the future of a project and, for an outsourced project, may have a payment to the contractor associated with it. CISA Terms 2024 Questions And Answers wish to share with one another for certain purposes but wish to restrict from generalized use; a contract through which the parties agree not to disclose information covered by the agreement. Also called a confidential disclosure agreement (CDA), confidentiality agreement or secrecy agreement. An NDA creates a confidential relationship between the parties to protect any type of trade secret. As such, an NDA can protect non-public business information. In the case of certain governmental entities, the confidentiality of information other than trade secrets may be subject to applicable statutory requirements and, in some cases, may be required to be revealed to an outside party requesting the information. Generally, the governmental entity will include a provision in the contract to allow the seller to review a request for information the seller identifies as confidential and the seller may appeal such a decision requiring disclosure. NDAs are commonly signed when two companies or individuals are considering doing business together and need to understand the processes used in one another's businesses solely for the purpose of evaluating Normalization - correct answer The elimination of redundant data Numeric check - correct answer An edit check designed to ensure that the data element in a particular field is numeric CISA Terms 2024 Questions And Answers Object code - correct answer Machine-readable instructions produced from a compiler or assembler program that has accepted and translated the source code Object orientation - correct answer An approach to system development in which the basic unit of attention is an object, which represents an encapsulation of both data (an object's attributes) and functionality (an object's methods). Objects usually are created using a general template called a class. A class is the basis for most design work in objects. A class and its objects communicate in defined ways. Aggregate classes interact through messages, which are directed requests for services from one class (the client) to another class (the server). A class may share the structure or methods defined in one or more other classes—a relationship known as inheritance. Objectivity - correct answer The ability of the IS auditor to exercise judgment, express opinions and present recommendations with impartiality Offsite storage - correct answer A facility located away from the building CISA Terms 2024 Questions And Answers housing the primary information processing facility (IPF), used for storage of computer media, such as offline backup data and storage files Online data processing - correct answer Achieved by entering information into the computer via a video display terminal. With online data processing, the computer immediately accepts or rejects the information as it is entered. Open system - correct answer System for which detailed specifications of the composition of its component are published in a nonproprietary environment, thereby enabling competing enterprises to use these standard components to build competitive systems. The advantages of using open systems include portability, interoperability and integration. Operating system (OS) - correct answer A master control program that runs the computer and acts as a scheduler and traffic controller. The operating system is the first program copied into the computer's memory after the computer is turned on; it must reside in memory at all times. It is the software that interfaces between the computer hardware (disk, keyboard, mouse, network, modem, printer) and the application software (word processor, spreadsheet, CISA Terms 2024 Questions And Answers demonstrate the consistency and inconsistency between two versions of the application Parity check - correct answer A general hardware control that helps to detect data errors when data are read from memory or communicated from one computer to another. A 1-bit digit (either 0 or 1) is added to a data item to indicate whether the sum of that data item's bit is odd or even. When the parity bit disagrees with the sum of the other bits, the computer reports an error. The probability of a parity check detecting an error is 50 percent. Partitioned file - correct answer A file format in which the file is divided into multiple sub files and a directory is established to locate each sub file Passive assault - correct answer Intruders attempt to learn some characteristic of the data being transmitted. With a passive assault, intruders may be able to read the contents of the data, so the privacy of the data is violated. Alternatively, although the content of the data itself may remain secure, intruders may read and analyze the plaintext source and destination identifiers attached to a message for routing purposes, or they may examine CISA Terms 2024 Questions And Answers the lengths and frequency of messages being transmitted. Password - correct answer A protected, generally computer- encrypted string of characters that authenticate a computer user to the computer system Patch management - correct answer An area of systems management that involves acquiring, testing, and installing multiple patches (code changes) to an administered computer system in order to maintain up-to-date software and often to address security risk. Patch management tasks include the following: maintaining current knowledge of available patches; deciding what patches are appropriate for particular systems; ensuring that patches are installed properly; testing systems after installation; and documenting all associated procedures, such as specific configurations required. A number of products are available to automate patch management tasks. Patches are sometimes ineffective and can sometimes cause more problems than they fix. Patch management experts suggest that system administrators take simple steps to avoid problems, such as performing backups and testing patches on non-critical systems prior to installations. Patch management can be viewed as part of change management. CISA Terms 2024 Questions And Answers Payroll system - correct answer An electronic system for processing payroll information and the related electronic (e.g., electronic timekeeping and/or human resources system), human (e.g., payroll clerk), and external party (e.g., bank) interfaces. In a more limited sense, it is the electronic system that performs the processing for generating payroll checks and/or bank direct deposits to employees. Penetration testing - correct answer A live test of the effectiveness of security defenses through mimicking the actions of real life attackers Performance driver - correct answer A measure that is considered the "driver" of a lag indicator. It can be measured before the outcome is clear and, therefore, is called a "lead indicator." There is an assumed relationship between the two that suggests that improved performance in a leading indicator will drive better performance in the lagging indicator. They are also referred to as key performance indicators (KPIs) and are used to indicate whether goals are likely to be met. CISA Terms 2024 Questions And Answers Policy - correct answer 1. Generally, a document that records a high-level principle or course of action that has been decided on. The intended purpose is to influence and guide both present and future decision making to be in line with the philosophy, objectives and strategic plans established by the enterprise's management teams. In addition to policy content, policies need to describe the consequences of failing to comply with the policy, the means for handling exceptions, and the manner in which compliance with the policy will be checked and measured. 2. Overall intention and direction as formally expressed by management (COBIT 5 perspective) Portfolio - correct answer A grouping of "objects of interest" (investment programs, IT services, IT projects, other IT assets or resources) managed and monitored to optimize business value (The investment portfolio is of primary interest to Val IT. IT service, project, asset and other resource portfolios are of primary interest to COBIT.) Preventive control - correct answer An internal control that is used to avoid undesirable events, errors and other occurrences that an enterprise has determined could have a negative material effect on a process or end product CISA Terms 2024 Questions And Answers Privacy - correct answer The rights of an individual to trust that others will appropriately and respectfully use, store, share and dispose of his/her associated personal and sensitive information within the context, and according to the purposes, for which it was collected or derived. What is appropriate depends on the associated circumstances, laws and the individual's reasonable expectations. An individual also has the right to reasonably control and be aware of the collection, use and disclosure of his\her associated personal and sensitive information. Private branch exchange (PBX) - correct answer A telephone exchange that is owned by a private business, as opposed to one owned by a common carrier or by a telephone company Private key cryptosystem - correct answer Used in data encryption, it uses a secret key to encrypt the plaintext to the ciphertext. Private key cryptosystems also use the same key to decrypt the ciphertext to the corresponding plaintext. In this case, the key is symmetric such that the encryption key is equivalent to the decryption key. Problem escalation procedure - correct answer The process of escalating a problem up from junior to senior support staff, and ultimately to CISA Terms 2024 Questions And Answers higher levels of management. Problem escalation procedure is often used in help desk management, when an unresolved problem is escalated up the chain of command, until it is solved. Procedure - correct answer A document containing a detailed description of the steps necessary to perform specific operations in conformance with applicable standards. Procedures are defined as part of processes. Process - correct answer Generally, a collection of activities influenced by the enterprise's policies and procedures that takes inputs from a number of sources (including other processes), manipulates the inputs and produces outputs. Processes have clear business reasons for existing, accountable owners, clear roles and responsibilities around the execution of the process, and the means to measure performance. Production program - correct answer Program used to process live or actual data that were received as input into the production environment CISA Terms 2024 Questions And Answers Prototyping - correct answer The process of quickly putting together a working model (a prototype) in order to test various aspects of a design, illustrate ideas or features and gather early user feedback. Prototyping uses programmed simulation techniques to represent a model of the final system to the user for advisement and critique. The emphasis is on end-user screens and reports. Internal controls are not a priority item since this is only a model. Proxy server - correct answer A server that acts on behalf of a user. Typical proxies accept a connection from a user, decide as to whether the user or client IP address is permitted to use the proxy, perhaps perform additional authentication, authentication and complete a connection to a remote destination on behalf of the user. Public key cryptosystem - correct answer Used in data encryption, it uses an encryption key, as a public key, to encrypt the plaintext to the ciphertext. It uses a different decryption key, as a secret key, to decrypt the ciphertext to the corresponding plaintext. In contrast to a private key cryptosystem, the decryption key should be secret; however, the encryption key can be known to everyone. In a public key cryptosystem, the two keys are asymmetric, such that the encryption key is not equivalent to the decryption key. CISA Terms 2024 Questions And Answers Public key encryption - correct answer A cryptographic system that uses two keys: one is a public key, which is known to everyone, and the second is a private or secret key, which is only known to the recipient of the message Public key infrastructure (PKI) - correct answer A series of processes and technologies for the association of cryptographic keys with the entity to whom those keys were issued Quality assurance (QA) - correct answer A planned and systematic pattern of all actions necessary to provide adequate confidence that an item or product conforms to established technical requirements (ISO/ IEC 24765). Queue - correct answer A group of items that are waiting to be serviced or processed Radio wave interference - correct answer The superposition of two or more radio waves resulting in a different radio wave pattern that is more difficult to intercept and decode properly CISA Terms 2024 Questions And Answers Random access memory (RAM) - correct answer The computer's primary working memory. Each byte of RAM can be accessed randomly regardless of adjacent bytes. Range check - correct answer Range checks ensure that data fall within a predetermined range Rapid application development - correct answer A methodology that enables enterprises to develop strategically important systems faster, while reducing development costs and maintaining quality by using a series of proven application development techniques, within a well-defined methodology Real-time processing - correct answer An interactive online system capability that immediately updates computer files when transactions are initiated through a terminal Reasonable assurance - correct answer A level of comfort short of a guarantee, but considered adequate given the costs of the control and the likely benefits achieved