Apa Itu CISA ISACA?
CISA (Certified Information Systems Auditor) adalah sertifikasi yang diakui secara global dan dikelola oleh ISACA (Information Systems Audit and Control Association). Sertifikasi ini dirancang untuk profesional audit IT, kontrol, dan keamanan sistem informasi. CISA menunjukkan kemampuan dalam mengaudit, mengontrol, dan memastikan keamanan sistem informasi.
Materi Ujian CISA
Materi ujian CISA mencakup lima domain utama:
- Proses Audit Sistem Informasi: Memahami standar audit, teknik, dan praktik terbaik.
- Tata Kelola dan Manajemen TI: Mengkaji kebijakan dan praktik manajemen TI.
- Pengadaan, Pengembangan, dan Implementasi Sistem Informasi: Fokus pada tahap pengembangan dan implementasi sistem.
- Operasi Sistem Informasi dan Ketahanan Bisnis: Mengatur operasi harian sistem dan memastikan ketahanan.
- Perlindungan Aset Informasi: Mempelajari keamanan informasi dan kontrol privasi.
Detail Ujian CISA
- Jumlah Soal: 150 pertanyaan pilihan ganda.
- Biaya Ujian: Biaya bervariasi; periksa situs web ISACA untuk informasi terbaru.
- Cara Mendaftar:
- Daftar di situs web ISACA.
- Pilih jendela ujian yang diinginkan.
- Lakukan pembayaran.
- Jadwalkan ujian Anda.
Tips Lulus Ujian
- Kuasai Materi: Pahami secara mendalam kelima domain.
- Latihan Soal: Kerjakan latihan soal untuk membiasakan diri dengan format ujian.
- Pengaturan Waktu: Latih pengaturan waktu saat menjawab soal.
- Baca Bahan Resmi: Gunakan materi resmi dari ISACA.
Waktu Belajar Ideal
- Dengan Pengalaman: 1-3 bulan belajar, sekitar 10-15 jam per minggu.
- Tanpa Pengalaman: 4-6 bulan dengan jam belajar yang sama.
Belajar Mandiri vs Training Center
- Belajar Mandiri: Efektif bagi yang dapat belajar secara disiplin dengan materi yang tersedia.
- Training Center: Sangat membantu untuk struktur dan panduan tambahan.
Pentingnya Pelatihan Bersertifikasi
Mengikuti pelatihan dengan trainer bersertifikasi dan berpengalaman seperti Bapak Hery Purnama dapat sangat bermanfaat. Trainer yang berpengalaman, seperti Bapak Purnama yang memiliki lebih dari 20 tahun pengalaman sebagai trainer dan IT project manager, dapat memberikan wawasan praktis, tips yang berharga, dan panduan yang disesuaikan berdasarkan pengalaman industri mereka. Pelatihan seperti ini tidak hanya membantu memahami materi tetapi juga memberikan perspektif aplikasi praktis yang bisa sangat berguna dalam karier profesional.
Contoh Soal CISA :
CISA EXAM PRACTICE (CONTOH SOAL)
1. For an auditor, it is very important to understand the different forms of project organization and their implication in the control of project management activities. In which of the following project organization form is management authority shared between the project manager and the department head?
⚪ Influence project organization
⚪ Pure project organization
⚫ Matrix project organization
⚪ Forward project organization
2. Which of the following type of testing validate functioning of the application under test with other system, where a set of data is transferred from one system to another?
⚫ Interface testing
⚪ Unit Testing
⚪ System Testing
⚪ Final acceptance testing
3. Which of the following statement correctly describes the difference between black box testing and white box testing?
⚫ Black box testing focuses on functional operative effectiveness where as white box assesses the effectiveness of software program logic
⚪ White box testing focuses on functional operative effectiveness where as black box assesses the effectiveness of software program logic
⚪ White box and black box testing focuses on functional operative effectiveness of an information systems without regard to any internal program structure
⚪ White box and black box testing focuses on the effectiveness of the software program logic
4. Which of the following risk handling technique involves the practice of being proactive so that the risk in question is not realized?
⚪ Risk Mitigation
⚪ Risk Acceptance
⚫ Risk Avoidance
⚪ Risk transfer
5. What are the different types of Audits?
⚫ Compliance, financial, operational, forensic and integrated
⚪ Compliance, financial, operational, G9 and integrated
⚪ Compliance, financial, SA1, forensic and integrated
⚪ Compliance, financial, operational, forensic and capability
6. In which of the following cloud computing service model are applications hosted by the service provider and made available to the customers over a network?
⚫ Software as a service
⚪ Data as a service
⚪ Platform as a service
⚪ Infrastructure as a service
7. Who is responsible for reviewing the result and deliverables within and at the end of each phase, as well as confirming compliance with requirements?
⚪ Project Sponsor
⚫ Quality Assurance
⚪ User Management
⚪ Senior Management
8. As an IS auditor it is very important to understand software release management process. Which of the following software release normally contains a significant change or addition of new functionality?
⚫ Major software Release
⚪ Minor software Release
⚪ Emergency software release
⚪ General software Release
9. Why would a database be renormalized?
⚪ To ensure data integrity
⚫ To increase processing efficiency
⚪ To prevent duplication of data
⚪ To save storage space
10. Which of the following is not a common method of multiplexing data?
⚫ Analytical multiplexing
⚪ Time-division multiplexing
⚪ Asynchronous time-division multiplexing
⚪ Frequency division multiplexing
11. Which of the following is the BEST way to detect software license violations?
⚪ Implementing a corporate policy on copyright infringements and software use.
⚪ Requiring that all PCs be diskless workstations.
⚪ Installing metering software on the LAN so applications can be accessed through the metered software
⚫ Regularly scanning PCs in use to ensure that unauthorized copies of software have not been loaded on the PC.
12. Who is responsible for providing technical support for the hardware and software environment by developing, installing and operating the requested system?
⚫ System Development Management
⚪ Quality Assurance
⚪ User Management
⚪ Senior Management
13. Which of the following type of testing uses a set of test cases that focus on control structure of the procedural design?
⚪ Interface testing
⚫ Unit Testing
⚪ System Testing
⚪ Final acceptance testing
14. Which of the following type of testing has two major categories: QAT and UAT?
⚪ Interface testing
⚪ Unit Testing
⚫ System Testing
⚪ Final acceptance testing
15. Which of the following data validation control validates input data against predefined range values?
⚫ Range Check
⚪ Table lookups
⚪ Existence check
⚪ Reasonableness check
16. Which of the following audit risk is related to material error exist that would not be prevented or detected on timely basis by the system of internal controls?
⚫ Inherent Risk
⚪ Control Risk
⚪ Detection Risk
⚪ Overall Audit Risk
17. In which of the following payment mode, the payer creates payment transfer instructions, signs it digitally and sends it to issuer?
⚪ Electronic Money Model
⚪ Electronics Checks model
⚫ Electronic transfer model
⚪ Electronic withdraw model
18. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a pattern of behaviors, effects, assumptions, attitude and ways of doing things?
⚪ Governing
⚫ Culture
⚪ Enabling and support
⚪ Emergence
19. Which of the following dynamic interaction of a Business Model for Information Security (BMIS) is a place to introduce possible solutions such as feedback loops; alignment with process improvement; and consideration of emergent issues in system design life cycle, change control, and risk management?
⚪ Governing
⚪ Culture
⚪ Enabling and Support
⚫ Emergence
20. Which of the following transmission media would NOT be affected by cross talk or interference?
⚪ Copper cable
⚪ Radio System
⚪ Satellite radio link
⚫ Fiber optic cables
Informasi Kelas , Materi dan Trainer CISA hubungi:
Hery Purnama
081-223344-506
0 comments:
Post a Comment
Silahkan isikan comment box untuk komentar Anda..