Ulasan : Hery Purnama (Certified CISA Trainer)
Mengenal Sertifikasi ISACA CISA
ISACA
CISA (Certified Information Systems Auditor) adalah sertifikasi yang diberikan
oleh Information Systems Audit and Control Association (ISACA) untuk para
profesional di bidang audit sistem informasi.
Materi Ujian
- Domain 1: Proses Audit Sistem
Informasi
- Tugas terkait perencanaan dan
organisasi audit.
- Domain 2: Tata Kelola dan
Manajemen TI
- Penilaian struktur dan
efektivitas tata kelola TI.
- Domain 3: Akuisisi,
Pengembangan, dan Implementasi Sistem Informasi
- Evaluasi praktik akuisisi,
pengembangan, dan implementasi sistem informasi.
- Domain 4: Operasi Sistem
Informasi dan Ketahanan Bisnis
- Penilaian operasi dan ketahanan
sistem informasi.
- Domain 5: Perlindungan Aset
Informasi
- Evaluasi efektivitas
perlindungan aset informasi.
Detail Ujian
- Jumlah Soal: Ujian terdiri
dari 150 soal pilihan ganda.
- Biaya Ujian: Bervariasi
berdasarkan keanggotaan ISACA dan lokasi.
- Proses Pendaftaran: Pendaftaran
dilakukan melalui situs web ISACA.
Tips Sukses dalam Ujian
- Pahami Area Praktik Kerja
ISACA: Kenali area praktik kerja yang diuraikan oleh ISACA.
- Latihan Soal Ujian Terdahulu: Gunakan soal
ujian terdahulu untuk memahami format ujian.
- Buat Rencana Studi
Terstruktur: Rencanakan waktu belajar Anda secara efektif, mencakup semua
domain.
Durasi Ideal Belajar
- Waktu belajar yang disarankan
bervariasi, tetapi kandidat sering menghabiskan beberapa bulan untuk
mempersiapkan ujian.
Belajar Mandiri vs. Pusat Pelatihan
- Belajar mandiri dapat efektif
bagi individu yang memiliki pengalaman dalam audit sistem informasi.
- Mendaftar dalam program pelatihan
dengan seorang instruktur bersertifikasi dan berpengalaman seperti Bapak
Hery Purnama memberikan pembelajaran terstruktur, wawasan praktis, dan
bimbingan ahli.
Pentingnya Pelatihan Bersertifikasi
- Pelatihan bersertifikasi
meningkatkan pemahaman melalui kerangka kerja terstruktur dan contoh dunia
nyata.
- Dengan pengalaman lebih dari 20
tahun di bidang IT dan manajemen proyek, Bapak Hery Purnama membawa
pengetahuan praktis dan aplikatif ke pelatihan, membantu kandidat dalam
persiapan ujian CISA
Berikut Contoh latihan soal ISACA CISA (50 Questions and Answer)
1. For an auditor, it is very important to understand the different forms of project organization and their implication in the control of project management activities. In which of the following project organization form is management authority shared between the project manager and the department head?
⚪ Influence project organization
⚪ Pure project organization
⚫ Matrix project organization
⚪ Forward project organization
2. Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?
⚫ Interface testing
⚪ Unit Testing
⚪ System Testing
⚪ Final acceptance testing
3. Which of the following statement correctly describes the difference between black box testing and white box testing?
⚫ Black box testing focuses on functional operative effectiveness where as white box assesses the effectiveness of software program logic
⚪ White box testing focuses on functional operative effectiveness where as black box assesses the effectiveness of software program logic
⚪ White box and black box testing focuses on functional operative effectiveness of an information systems without regard to any internal program structure
⚪ White box and black box testing focuses on the effectiveness of the software program logic
4. Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?
⚪ Risk Mitigation
⚪ Risk Acceptance
⚫ Risk Avoidance
⚪ Risk transfer
5. What are the different types of Audits?
⚫ Compliance, financial, operational, forensic and integrated
⚪ Compliance, financial, operational, G9 and integrated
⚪ Compliance, financial, SA1, forensic and integrated
⚪ Compliance, financial, operational, forensic and capability
6. In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?
⚫ Software as a service
⚪ Data as a service
⚪ Platform as a service
⚪ Infrastructure as a service
7. Who is responsible for reviewing the result and deliverables within and at the end of each phase, as well as confirming compliance with requirements?
⚪ Project Sponsor
⚫ Quality Assurance
⚪ User Management
⚪ Senior Management
8. As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains a significant change or addition of new functionality?
⚫ Major software Release
⚪ Minor software Release
⚪ Emergency software release
⚪ General software Release
9. Why would a database be renormalized?
⚪ To ensure data integrity
⚫ To increase processing efficiency
⚪ To prevent duplication of data
⚪ To save storage space
10. Which of the following is not a common method of multiplexing data?
⚫ Analytical multiplexing
⚪ Time-division multiplexing
⚪ Asynchronous time-division multiplexing
⚪ Frequency division multiplexing
11. Which of the following is the BEST way to detect software license violations?
⚪ Implementing a corporate policy on copyright infringements and software use.
⚪ Requiring that all PCs be diskless workstations.
⚪ Installing metering software on the LAN so applications can be accessed through the metered software
⚫ Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.
12. Who is responsible for providing technical support for the hardware and software environment by developing, installing and operating the requested system?
⚫ System Development Management
⚪ Quality Assurance
⚪ User Management
⚪ Senior Management
13. Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?
⚪ Interface testing
⚫ Unit Testing
⚪ System Testing
⚪ Final acceptance testing
14. Which of the following type of testing has two major categories: QAT and UAT?
⚪ Interface testing
⚪ Unit Testing
⚫ System Testing
⚪ Final acceptance testing
15. Which of the following data validation control validates input data against predefined range values?
⚫ Range Check
⚪ Table lookups
⚪ Existence check
⚪ Reasonableness check
16. Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?
⚫ Inherent Risk
⚪ Control Risk
⚪ Detection Risk
⚪ Overall Audit Risk
17. In which of the following payment mode, the payer creates payment transfer instructions, signs it digitally and sends it to issuer?
⚪ Electronic Money Model
⚪ Electronics Checks model
⚫ Electronic transfer model
⚪ Electronic withdraw model
18. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
⚪ Governing
⚫ Culture
⚪ Enabling and support
⚪ Emergence
19. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management?
⚪ Governing
⚪ Culture
⚪ Enabling and Support
⚫ Emergence
20. Which of the following transmission media would NOT be affected by cross talk or interference?
⚪ Copper cable
⚪ Radio System
⚪ Satellite radio link
⚫ Fiber optic cables
21. Which of the following factor is LEAST important in the measurement of critical success factors of productivity in the SDLC phases?
⚪ Dollar Spent per use
⚪ Number of transactions per month
⚪ Number of transactions per user
⚫ Number of occurrences of fraud/misuse detection
22. Which of the following is NOT an example of preventive control?
⚪ Physical access control like locks and door
⚪ User login screen which allows only authorize user to access website
⚪ Encrypt the data so that only authorize user can view the same
⚫ Duplicate checking of a calculations
23. Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?
⚪ Initial, Managed, Defined, Quantitatively managed, optimized
⚪ Initial, Managed, Defined, optimized, Quantitatively managed
⚫ Initial, Defined, Managed, Quantitatively managed, optimized
⚪ Initial, Managed, Quantitatively managed, Defined, optimized
24. Identify the INCORRECT statement from below mentioned testing types
⚫ Recovery Testing – Making sure the modified/new system includes provisions for appropriate access control and does not introduce any security holes that might compromise other systems
⚪ Load Testing – Testing an application with large quantities of data to evaluate its performance during peak hour
⚪ Volume testing – Studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records that application can process
⚪ Stress Testing – Studying the impact on the application by testing with an incremental umber of concurrent users/services on the application to determine maximum number of concurrent user/service the application can process
25. In which of the following database model is the data organized into a tree-like structure, implying a single parent for each record?
⚫ Hierarchical database model
⚪ Network database model
⚪ Relational database model
⚪ Object-relational database model
26. Which of the following type of a computer network covers a limited area such as a home, office or campus?
⚫ LAN
⚪ WAN
⚪ SAN
⚪ PAN
27. Which of the following would BEST maintain the integrity of a firewall log?
⚪ Granting access to log information only to administrators
⚪ Capturing log events in the operating system layer
⚪ Writing dual logs onto separate storage media
⚫ Sending log information to a dedicated third-party log server
28. When performing a database review, an IS auditor notices that some tables in the database are not normalized. The IS auditor should next:
⚪ recommend that the database be normalized
⚪ review the conceptual data model
⚪ review the stored procedures.
⚫ review the justification.
29. Which of the following step of PDCA request a corrective actions on significant differences between the actual versus the planned result?
⚪ Plan
⚪ Do
⚪ Check
⚫ Act
30. Which of the following answer specifies the correct sequence of levels within the Capability Maturity Model (CMM)?
⚪ Initial, Managed, Defined, Quantitatively managed, optimized
⚪ Initial, Managed, Defined, optimized, Quantitatively managed
⚫ Initial, Defined, Managed, Quantitatively managed, optimized
⚪ Initial, Managed, Quantitatively managed, Defined, optimized
31. Which device acting as a translator is used to connect two networks or applications from layer 4 up to layer 7 of the ISO/OSI Model?
⚪ Bridge
⚪ Repeater
⚪ Router
⚫ Gateway
32. Which of the following ISO/OSI layers performs transformations on data to provide a standardized application interface and to provide common communication services such as encryption?
⚪ Application layer
⚪ Session layer
⚫ Presentation layer
⚪ Transport layer
33. Which of the following is NOT a defined ISO basic task related to network management?
⚪ Fault management
⚪ Accounting resources
⚪ Security management
⚫ Communications management
34. Who provides the funding to the project and works closely with the project manager to define critical success factor (CSF)?
⚫ Project Sponsor
⚪ Security Officer
⚪ User Management
⚪ Senior Management
35. Identify the INCORRECT statement from below mentioned testing types
⚫ Recovery Testing – Making sure the modified/new system includes provisions for appropriate access control and does not introduce any security holes that might compromise other systems
⚪ Load Testing – Testing an application with large quantities of data to evaluate its performance during peak hour
⚪ Volume testing – Studying the impact on the application by testing with an incremental volume of records to determine the maximum volume of records that application can process
⚪ Stress Testing – Studying the impact on the application by testing with an incremental umber of concurrent users/services on the application to determine maximum number of concurrent user/service the application can process
36. Which of the following audit include specific tests of control to demonstrate adherence to specific regulatory or industry standard?
⚫ Compliance Audit
⚪ Financial Audit
⚪ Operational Audit
⚪ Forensic audit
37. Why would a database be renormalized?
⚪ To ensure data integrity
⚫ To increase processing efficiency
⚪ To prevent duplication of data
⚪ To save storage space
38. Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?
⚪ Interface testing
⚫ Unit Testing
⚪ System Testing
⚪ Final acceptance testing
39. Which of the following ACID property in DBMS requires that each transaction is "all or nothing"?
⚫ Atomicity
⚪ Consistency
⚪ Isolation
⚪ Durability
40. Which of the following database model allow many-to-many relationships in a tree-like structure that allows multiple parents?
⚪ Hierarchical database model
⚫ Network database model
⚪ Relational database model
⚪ Object-relational database model
41. Which of the following is a telecommunication device that translates data from digital to analog form and back to digital?
⚪ Multiplexer
⚫ Modem
⚪ Protocol converter
⚪ Concentrator
42. What is the most effective means of determining that controls are functioning properly within an operating system?
⚪ Interview with computer operator
⚫ Review of software control features and/or parameters
⚪ Review of operating system manual
⚪ Interview with product vendor
43. Which of the following characteristics pertaining to databases is not true?
⚪ A data model should exist and all entities should have a significant name
⚫ Justifications must exist for normalized data.
⚪ No NULLs should be allowed for primary keys.
⚪ All relations must have a specific cardinality
44. Who is responsible for ensuring that system controls and supporting processes provides an effective level of protection, based on the data classification set in accordance with corporate security policies and procedures?
⚪ Project Sponsor
⚫ Security Officer
⚪ User Management
⚪ Senior Management
45. Who is responsible for reviewing the result and deliverables within and at the end of each phase, as well as confirming compliance with requirements?
⚪ Project Sponsor
⚫ Quality Assurance
⚪ User Management
⚪ Senior Management
46. Which of the following statement correctly describes the difference between QAT and UAT?
⚫ QAT focuses on technical aspect of the application and UAT focuses on functional aspect of the application
⚪ UAT focuses on technical aspect of the application and QAT focuses on functional aspect of the application
⚪ UAT and QAT both focuses on functional aspect of the application
⚪ UAT and QAT both focuses on technical aspect of the application
47. Which of the following is the process of repeating a portion of a test scenario or test plan to ensure that changes in information system have not introduced any errors?
⚪ Parallel Test
⚪ Black box testing
⚫ Regression Testing
⚪ Pilot Testing
48. Which of the following is the process of feeding test data into two systems – the modified system and alternative system and comparing the result?
⚫ Parallel Test
⚪ Black box testing
⚪ Regression Testing
⚪ Pilot Testing
49. Which of the following control make sure that input data comply with predefined criteria maintained in computerized table of possible values?
⚪ Range Check
⚫ Table lookups
⚪ Existence check
⚪ Reasonableness check
50. Which of the following control is intended to discourage a potential attacker?
⚫ Deterrent
⚪ Preventive
⚪ Corrective
⚪ Recovery
0 Komentar