BANK SOAL GRATIS CONTOH SOAL LATIHAN UJIAN CISA ISACA (Certified Information Systems Auditor)

Ulasan : Hery Purnama (Certified CISA Trainer)

Mengenal Sertifikasi ISACA CISA

ISACA CISA (Certified Information Systems Auditor) adalah sertifikasi yang diberikan oleh Information Systems Audit and Control Association (ISACA) untuk para profesional di bidang audit sistem informasi.



Materi Ujian

  • Domain 1: Proses Audit Sistem Informasi
    • Tugas terkait perencanaan dan organisasi audit.
  • Domain 2: Tata Kelola dan Manajemen TI
    • Penilaian struktur dan efektivitas tata kelola TI.
  • Domain 3: Akuisisi, Pengembangan, dan Implementasi Sistem Informasi
    • Evaluasi praktik akuisisi, pengembangan, dan implementasi sistem informasi.
  • Domain 4: Operasi Sistem Informasi dan Ketahanan Bisnis
    • Penilaian operasi dan ketahanan sistem informasi.
  • Domain 5: Perlindungan Aset Informasi
    • Evaluasi efektivitas perlindungan aset informasi.

Detail Ujian

  • Jumlah Soal: Ujian terdiri dari 150 soal pilihan ganda.
  • Biaya Ujian: Bervariasi berdasarkan keanggotaan ISACA dan lokasi.
  • Proses Pendaftaran: Pendaftaran dilakukan melalui situs web ISACA.

Tips Sukses dalam Ujian

  1. Pahami Area Praktik Kerja ISACA: Kenali area praktik kerja yang diuraikan oleh ISACA.
  2. Latihan Soal Ujian Terdahulu: Gunakan soal ujian terdahulu untuk memahami format ujian.
  3. Buat Rencana Studi Terstruktur: Rencanakan waktu belajar Anda secara efektif, mencakup semua domain.

Durasi Ideal Belajar

  • Waktu belajar yang disarankan bervariasi, tetapi kandidat sering menghabiskan beberapa bulan untuk mempersiapkan ujian.

Belajar Mandiri vs. Pusat Pelatihan

  • Belajar mandiri dapat efektif bagi individu yang memiliki pengalaman dalam audit sistem informasi.
  • Mendaftar dalam program pelatihan dengan seorang instruktur bersertifikasi dan berpengalaman seperti Bapak Hery Purnama memberikan pembelajaran terstruktur, wawasan praktis, dan bimbingan ahli.

Pentingnya Pelatihan Bersertifikasi

  • Pelatihan bersertifikasi meningkatkan pemahaman melalui kerangka kerja terstruktur dan contoh dunia nyata.
  • Dengan pengalaman lebih dari 20 tahun di bidang IT dan manajemen proyek, Bapak Hery Purnama membawa pengetahuan praktis dan aplikatif ke pelatihan, membantu kandidat dalam persiapan ujian CISA

 

Berikut Contoh latihan soal ISACA CISA (50 Questions and Answer)


1. For an auditor, it is very important to understand the different forms of project organization and their implication in the control of project management activities. In which of the following project organization form is management authority shared between the project manager and the department head?

 

      Influence project organization

      Pure project organization

      Matrix project organization

      Forward project organization


2. Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?

      Interface testing

      Unit Testing

      System Testing

      Final acceptance testing


3. Which of the following statement correctly describes the difference between black box testing and white box testing?

      Black box testing focuses on functional operative effectiveness where as white box assesses the effectiveness of software program logic

      White box testing focuses on functional operative effectiveness where as black box assesses the effectiveness of software program logic

      White box and black box testing focuses on functional operative effectiveness of an information systems without regard to any internal program structure

      White box and black box testing focuses on the effectiveness of the software program logic


4. Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?

      Risk Mitigation

      Risk Acceptance

      Risk Avoidance

      Risk transfer


5. What are the different types of Audits?

      Compliance, financial, operational, forensic and integrated

      Compliance, financial, operational, G9 and integrated

      Compliance, financial, SA1, forensic and integrated

      Compliance, financial, operational, forensic and capability


6. In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?

      Software as a service

      Data as a service

      Platform as a service

      Infrastructure as a service


7. Who is responsible for reviewing the result and deliverables within and at the end of each phase, as well as confirming compliance with requirements?

      Project Sponsor

      Quality Assurance

      User Management

      Senior Management


8. As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains a significant change or addition of new functionality?

      Major software Release

      Minor software Release

      Emergency software release

      General software Release


9. Why would a database be renormalized?

      To ensure data integrity

      To increase processing efficiency

      To prevent duplication of data

      To save storage space


10. Which of the following is not a common method of multiplexing data?

      Analytical multiplexing

      Time-division multiplexing

      Asynchronous time-division multiplexing

      Frequency division multiplexing


11. Which of the following is the BEST way to detect software license violations?

      Implementing a corporate policy on copyright infringements and software use.

      Requiring that all PCs be diskless workstations.

      Installing metering software on the LAN so applications can be accessed through the metered software

      Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.


12. Who is responsible for providing technical support for the hardware and software environment by developing, installing and operating the requested system?

      System Development Management

      Quality Assurance

      User Management

      Senior Management


13. Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?

      Interface testing

      Unit Testing

      System Testing

      Final acceptance testing


14. Which of the following type of testing has two major categories: QAT and UAT?

      Interface testing

      Unit Testing

      System Testing

      Final acceptance testing


15. Which of the following data validation control validates input data against predefined range values?

      Range Check

      Table lookups

      Existence check

      Reasonableness check


16. Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?

      Inherent Risk

      Control Risk

      Detection Risk

      Overall Audit Risk


17. In which of the following payment mode, the payer creates payment transfer instructions, signs it digitally and sends it to issuer?

      Electronic Money Model

      Electronics Checks model

      Electronic transfer model

      Electronic withdraw model


18. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?

      Governing

      Culture

      Enabling and support

      Emergence


19. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management?

      Governing

      Culture

      Enabling and Support

      Emergence


20. Which of the following transmission media would NOT be affected by cross talk or interference?

      Copper cable

      Radio System

      Satellite radio link

      Fiber optic cables


21. Which of the following factor is LEAST important in the measurement of critical success factors of productivity in the SDLC phases?

      Dollar Spent per use

      Number of transactions per month

      Number of transactions per user

      Number of occurrences of fraud/misuse detection


22. Which of the following is NOT an example of preventive control?

      Physical access control like locks and door

      User login screen which allows only authorize user to access website

      Encrypt the data so that only authorize user can view the same

      Duplicate checking of a calculations


23. Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?

      Initial, Managed, Defined, Quantitatively managed, optimized

      Initial, Managed, Defined, optimized, Quantitatively managed

      Initial, Defined, Managed, Quantitatively managed, optimized

      Initial, Managed, Quantitatively managed, Defined, optimized


24. Identify the INCORRECT statement from below mentioned testing types

      Recovery Testing – Making sure the modified/new system includes provisions for appropriate access control and does not introduce any security holes that might compromise other systems

      Load Testing – Testing an application with large quantities of data to evaluate its performance during peak hour

      Volume testing – Studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records that application can process

      Stress Testing – Studying the impact on the application by testing with an incremental umber of concurrent users/services on the application to determine maximum number of concurrent user/service the application can process


25. In which of the following database model is the data organized into a tree-like structure, implying a single parent for each record?

      Hierarchical database model

      Network database model

      Relational database model

      Object-relational database model


26. Which of the following type of a computer network covers a limited area such as a home, office or campus?

      LAN

      WAN

      SAN

      PAN


27. Which of the following would BEST maintain the integrity of a firewall log?

      Granting access to log information only to administrators

      Capturing log events in the operating system layer

      Writing dual logs onto separate storage media

      Sending log information to a dedicated third-party log server


28. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:

      recommend that the database be normalized

      review the conceptual data model

      review the stored procedures.

      review the justification.


29. Which of the following step of PDCA request a corrective actions on significant differences between the actual versus the planned result?

      Plan

      Do

      Check

      Act


30. Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?

 

      Initial, Managed, Defined, Quantitatively managed, optimized

      Initial, Managed, Defined, optimized, Quantitatively managed

      Initial, Defined, Managed, Quantitatively managed, optimized

      Initial, Managed, Quantitatively managed, Defined, optimized


31. Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?

      Bridge

      Repeater

      Router

      Gateway


32. Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption?

      Application layer

      Session layer

      Presentation layer

      Transport layer


33. Which of the following is NOT a defined ISO basic task related to network management?

      Fault management

      Accounting resources

      Security management

      Communications management


34. Who provides the funding to the project and works closely with the project manager to define critical success factor (CSF)?

      Project Sponsor

      Security Officer

      User Management

      Senior Management


35. Identify the INCORRECT statement from below mentioned testing types

      Recovery Testing – Making sure the modified/new system includes provisions for appropriate access control and does not introduce any security holes that might compromise other systems

      Load Testing – Testing an application with large quantities of data to evaluate its performance during peak hour

      Volume testing – Studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records that application can process

      Stress Testing – Studying the impact on the application by testing with an incremental umber of concurrent users/services on the application to determine maximum number of concurrent user/service the application can process


36. Which of the following audit include specific tests of control to demonstrate adherence to specific regulatory or industry standard?

      Compliance Audit

      Financial Audit

      Operational Audit

      Forensic audit


37. Why would a database be renormalized?

      To ensure data integrity

      To increase processing efficiency

      To prevent duplication of data

      To save storage space


38. Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?

      Interface testing

      Unit Testing

      System Testing

      Final acceptance testing


39. Which of the following ACID property in DBMS requires that each transaction is "all or nothing"?

      Atomicity

      Consistency

      Isolation

      Durability


40. Which of the following database model allow many-to-many relationships in a tree-like structure that allows multiple parents?

      Hierarchical database model

      Network database model

      Relational database model

      Object-relational database model


41. Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?

      Multiplexer

      Modem

      Protocol converter

      Concentrator


42. What is the most effective means of determining that controls are functioning properly within an operating system?

      Interview with computer operator

      Review of software control features and/or parameters

      Review of operating system manual

      Interview with product vendor


43. Which of the following characteristics pertaining to databases is not true?

      A data model should exist and all entities should have a significant name

      Justifications must exist for normalized data.

      No NULLs should be allowed for primary keys.

      All relations must have a specific cardinality


44. Who is responsible for ensuring that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures?

      Project Sponsor

      Security Officer

      User Management

      Senior Management


45. Who is responsible for reviewing the result and deliverables within and at the end of each phase, as well as confirming compliance with requirements?

      Project Sponsor

      Quality Assurance

      User Management

      Senior Management


46. Which of the following statement correctly describes the difference between QAT and UAT?

      QAT focuses on technical aspect of the application and UAT focuses on functional aspect of the application

      UAT focuses on technical aspect of the application and QAT focuses on functional aspect of the application

      UAT and QAT both focuses on functional aspect of the application

      UAT and QAT both focuses on technical aspect of the application


47. Which of the following is the process of repeating a portion of a test scenario or test plan to ensure that changes in information system have not introduced any errors?

      Parallel Test

      Black box testing

      Regression Testing

      Pilot Testing


48. Which of the following is the process of feeding test data into two systems – the modified system and alternative system and comparing the result?

      Parallel Test

      Black box testing

      Regression Testing

      Pilot Testing


49. Which of the following control make sure that input data comply with predefined criteria maintained in computerized table of possible values?

      Range Check

      Table lookups

      Existence check

      Reasonableness check


50. Which of the following control is intended to discourage a potential attacker?

      Deterrent

      Preventive

      Corrective

      Recovery




Posting Komentar

0 Komentar