Contoh Soal Ujian CISA (1)


Lanjutan tulisan ini.

Contoh soal ujian CISA

1. The extent to which data will be collected during an IS audit should be determined based on the:
A. availability of critical and required information.
B. auditor’s familiarity with the circumstances.
C. auditee’s ability to find relevant evidence.
D. purpose and scope of the audit being done.

2. Which of the following ensures a sender’s authenticity and an e-mail’s confidentiality?
A. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the hash of the message with the receiver’s public key
B. The sender digitally signing the message and thereafter encrypting the hash of the message with the sender’s private key
C. Encrypting the hash of the message with the sender’s private key and thereafter encrypting the message with the receiver’s public key
D. Encrypting the message with the sender’s private key and encrypting the message hash with the receiver’s public key

3. Which of the following is the GREATEST advantage of elliptic curve encryption over RSA encryption?
A. Computation speed
B. Ability to support digital signatures
C. Simpler key distribution
D. Greater strength for a given key length

4. Which of the following controls would provide the GREATEST assurance of database integrity?
A. Audit log procedures
B. Table link/reference checks
C. Query/table access time checks
D. Rollback and rollforward database features

5. A benefit of open system architecture is that it:
A. facilitates interoperability.
B. facilitates the integration of proprietary components.
C. will be a basis for volume discounts from equipment vendors.
D. allows for the achievement of more economies of scale for equipment.

Jawaban

1. ANSWER: D

NOTE: The extent to which data will be collected during an IS audit should be related directly to the scope and purpose of the audit. An audit with a narrow purpose and scope would result most likely in less data collection, than an audit with a wider purpose and scope. The scope of an IS audit should not be constrained by the ease of obtaining the information or by the auditor’s familiarity with the area being audited. Collecting all the required evidence is a required element of an IS audit, and the scope of the audit should not be limited by the auditee’s ability to find relevant evidence.

2. ANSWER: C

NOTE: To ensure authenticity and confidentiality, a message must be encrypted twice: first with the sender’s private key, and then with the receiver’s public key. The receiver can decrypt the message, thus ensuring confidentiality of the message. Thereafter, the decrypted message can be decrypted with the public key of the sender, ensuring authenticity of the message. Encrypting the message with the sender’s private key enables anyone to decrypt it.

3. ANSWER: A

NOTE: The main advantage of elliptic curve encryption over RSA encryption is its computation speed. This method was first independently suggested by Neal Koblitz and Victor S. Miller. Both encryption methods support digital signatures and are used for public key encryption and distribution. However, a stronger key per se does not necessarily guarantee better performance, but rather the actual algorithm employed.

4. ANSWER: B

NOTE: Performing table link/reference checks serves to detect table linking errors (such as completeness and accuracy of the contents of the database), and thus provides the greatest assurance of database integrity. Audit log procedures enable recording of all events that have been identified and help in tracing the events. However, they only point to the event and do not ensure completeness or accuracy of the database’s contents. Querying/monitoring table access time checks helps designers improve database performance, but not integrity. Rollback and rollforward database features ensure recovery from an abnormal disruption. They assure the integrity of the transaction that was being processed at the time of disruption, but do not provide assurance on the integrity of the contents of the database.

5. ANSWER: A

NOTE: Open systems are those for which suppliers provide components whose interfaces are defined by public standards, thus facilitating interoperability between systems made by different vendors. In contrast, closed system components are built to proprietary standards so that other suppliers’ systems cannot or will not interface with existing systems.

About these ads

6 Comments

Filed under Contoh Soal CISA

6 responses to “Contoh Soal Ujian CISA (1)

  1. Teguh Sugiharto

    Mas, kalau ada CISA Holder yang berminat gabung dengan PT Indonesia Korea. Salary Package terbaik yang bisa ditawarkan perusahaan di Indonesia untuk IT-man.

    Jangan ragu hubungi: gooodel@gmail.com atau 08179923479.

    • Waw… denger ‘salary package terbaik’ saya jadi ngiler :) tapi sayangnya bukan bidang saya…

      Monggo visitor dan blogger lain yang mungkin tertarik untuk ngontak Mas Teguh (dan jangan lupa bagi2 traktiran salary ‘terbaiknya’ ya! hehe2x…)

  2. Mas muxon rofi , nama saya hargun sy akan magang d kap yang banyak nanganin koperasi. Sy mo tany skill dasar apa yang diperlukan auditee selain skill auditing tentunya??? Apa harus ngerti bahasa pemograman etc…share dong

    • maksudnya skill dasar yang diperlukan auditor ya, (auditee kan artinya orang yang di-audit), skill dasarnya ya accounting, audit, manajemen project, communication & presentation, dll..

  3. Terimakasih sebanyak-banyaknya.
    Semoga postingan ini dinilai sebagai amal kebajikan penulisnya yang telah sudi berbagi karyanya…

  4. Thanks Bro.
    Minta izin copy-paste untuk bahan ngajar saya :)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s