How hard is the CGEIT exam?

packetlogpacketlog Member Posts: 24 ■□□□□□□□□□
Those of you who have done it, how hard is the CGEIT exam? Why has this exam only 150 questions compared to 200 in other ISACA exams? Does it mean the questions are more complex?

Apart from the ISACA materials, any good reading materials or short books you would recommend?


Thank you,
pkt

Comments

  • andhowandhow Member Posts: 151
    I just completed the exam on the 14th. It seemed more challenging at first. Certainly the first 45 minutes was painful. Then I got into a rhythm and the answers seem to come a bit more easily.

    I assume there are fewer questions because the subject is less broad than the other ISACA specialties. Understand the unique role of the different levels of leadership (board, governance committee, executive management, etc). Know how each measures and communicates risk (scorecards). Know who is responsible (accountable, informed, consulted) in different situations. Know the relationships between each leadership level.

    I used the CGEIT Review Manual 2014 from ISACA. It is a dry read. Knowledge of COBIT (especially Val IT and Risk IT) would also be very, very helpful. ITIL and ISO framework experience is also helpful.

    I'll let you know if I passed (only 7 more weeks...), but I think I did well. We'll see.
  • Grafixx01Grafixx01 Member Posts: 87 ■■■□□□□□□□
    I've never taken ISACA exams, I want to though. I'd love a copy of the CGEIT and CRISC books in PDF so I can put them on my iPad / Kindle.

    However, what I would love to know is when they are going to get with the times like ISC2 eventually did, and do the tests on computer! That's part of the reason why I haven't even looked at ISACA yet.
  • andhowandhow Member Posts: 151
    Grafixx01 wrote: »
    However, what I would love to know is when they are going to get with the times like ISC2 eventually did, and do the tests on computer! That's part of the reason why I haven't even looked at ISACA yet.

    I asked an exam proctor that same question right after the test. He said that ISACA is particularly concerned with losing their test material. Apparently many of the other electronic tests have been compromised and are already available get in their entirety online. This creates a number of problems, the biggest being the need to rewrite/reissue the entire test.
  • packetlogpacketlog Member Posts: 24 ■□□□□□□□□□
    @andhow, Thanks. I'm reading the Review Manual as well.

    Good luck for your results icon_smile.gif
  • packetlogpacketlog Member Posts: 24 ■□□□□□□□□□
    Grafixx01 wrote: »
    I've never taken ISACA exams, I want to though. I'd love a copy of the CGEIT and CRISC books in PDF so I can put them on my iPad / Kindle.

    However, what I would love to know is when they are going to get with the times like ISC2 eventually did, and do the tests on computer! That's part of the reason why I haven't even looked at ISACA yet.

    More than computer based test, what surprised me about ISC2 test -when I took CISSP - is that I had to provide signature on paper and in an electronic pad and provide palm prints electronically - left hand, then right hand - then repeat once more. After that they took my photo using a webcam.

    No such procedures when taking ISACA tests.

    To prevent persons taking exam in the name of someone else, ISACA may need to be more thorough or do more random checks. See the following news/video (of TOEIC test) in which you can see how exam systems can be subverted by corrupt invigilators.

    Student visa system fraud exposed in BBC investigation
    BBC News - Student visa system fraud exposed in BBC investigation

    However, I really don't mind pencil and paper-based tests. Once they have the scranton, the checking is done electronically anyway.
  • andhowandhow Member Posts: 151
    I certainly didn't see the same level of security at the ISACA tests. That said, the exam proctors did review my ID quite thoroughly. Before I entered the testing room, they stared at my ID. They stared at me. They stared at the ID. They stared at me. All the while with this skeptical expression. My ID is a state issued driver’s license and the picture is only a year old and… well… me. It’s not like I’ve grown a beard or look different that the picture.

    During the test they also came around and re-examined all of our IDs another time. It was a bit irritating. Part of me wanted to snatch my ID back and say, “What the hell is wrong with you guys?!” Of course, I just smiled and tried my best to ignore them.

    Assuming I passed this test, I only have to get a CISM and I’ve completed all the ISACA certs. If I do decide to go for my CISM, I think I may grow a goatee. Maybe pretend that I’m the evil version of myself from a different universe (Too much Star Trek when I was a kid…).

    On a halfway serious note, one exam proctor told us, no less than 5 times, that if we were caught with a cell phone during the test we'd fail the test and be reported. She took her job a bit too seriously and treated us all like children.
  • zxbanezxbane Member Posts: 740 ■■■■□□□□□□
    andhow,

    Having taken all of them but the CISM, which one would you say was the most difficult or stressful?

    The CISM is the only one I have taken so far and I am still awaiting results.
  • andhowandhow Member Posts: 151
    I'd say that CISA has the more facts to understand than the CRISC or CGEIT. I think that if you have some IT experience, you can successfully pass the exam by reading/studying any of the CISA study guides. It’s more of a traditional exam where you need to identify key concepts present in the study material.

    Both the CRISC and the CGEIT are really about understanding how you'd apply the ISACA fundamentals of risk management and governance. This changes the feel of the test significantly. If you don’t understand how to apply risk management or how to functionally apply governance concepts, you’re going to have a hard time. On the other hand, if you have any experience with either… it’ll be a breeze. Not surprisingly, there is some overlap between these two areas.

    Obviously others will have different experiences and opinions. Anyone else care to share their insight?
  • GoodBishopGoodBishop Member Posts: 359
    I took the exam a few years ago, and it wasn't hard. All I used was the review materials from ISACA, though it might help looking at some of the items like ValIT and RiskIT on the ISACA website.

    I think though that a lot of people who are taking the CGEIT exam already have items like the CISSP and CISA, so it's not as difficult to them as to a newbie.
  • GoodBishopGoodBishop Member Posts: 359
    I would agree that the CISA was the toughest. In order of toughness to easiest:

    CISA
    CGEIT
    CRISC
    CISM

    I only rate the CISM the easiest because at the time I had just done the CISSP, and had a wealth of security knowledge in my brain.
Sign In or Register to comment.