CISM thoughts?

Hi All, whats your thoughts on the CISM exam today.. i thought it was quite challenging there are about 18 questions that i had no clue what the answer was and then another 20-25 that i guessed.

Find more posts tagged with

Comments

wd40

I did not take the CISM Exam (CISA), however I met a guy when I left the exam room, he is a CISSP like you and he told me that the exam was OK and it was like a walk in the park compared to CISSP.

On the other hand the guy setting next to me appeared to be broken by the difficulty of the CISM exam.

cesos3

The first half of my exam was smooth, then i hit #100 and found myself guessing for about 10 questions which threw me off. All in all I found it to be equally as subjective as the practice tests....here's to hoping!

kukku

I also had my exam today..It was Ok..Some questions were little bit confusing..All together a good exam, difficulty wise, it is no way near CISSP..

doctorreynaldo1969

Took exam today and had to guess on several questions. Also many questions had several correct answers but as always you must select the "best" answer based on the scenario. For example,

"You walk up to a flagpole and notice an American flag. What color do you observe first?"

A. Red
B. White
C. Blue
D. Silver

Anyhow, I used the cism study manual and crisc questions/answers guide but the questions on the exam were much harder.

orcwar

I found the exam a bit tough, some of the questions I had to guess

bdh12345

Took it Saturday as well - having read the book, and spent time with the ISACA question database where I was getting in the high 80's on practice tests, thought I was in good shape, but the actual exam felt a lot harder than the practice tests. Also seemed worse to me than when I did the CISSP - but that was a few years ago, and maybe I've repressed the memories?

I think the hardest part was the wording of the questions and some of the answers - seemed like they were making a real effort to avoid using the vocab from the book or the practice questions, and throw in a lot of answers as distractors that were just total nonsense, and seemed a lot more pronounced than in their question database.

To revise the flag example, to me it seemed more like:

"You walk up to a vertical tube. A cloth national ensign of a country founded in 1776 hangs from the top of the tube. What do you observe first?"

a) The wavelength hue associated with sunsets and fire engines
b) Silver
c) The steering committee
d) Hexagonal sheep fish peddle lawn toaster

Anyway, will be interesting to see how the results come out.

dustervoice

I noticed during the test that around the 45min- 1hr mark lots of people left the testing centre. I wasnt sure if they are just excellent test takers or gave up. ...............This is going to be a long 5 weeks of waiting.

rhaynal

I also took the test on Saturday. Would like to say I did alright but will wait for the official results.

wd40

Question to CISSP's, why are you taking the CISM exam if you are already CISSP's?

corpsec

I did the exam last Saturday as well. I only used the ISACA CISM Online DB Questions (1000+) subscription for review material, did 30-50 questions for about a month and on the last day did a timed practice 200 question test. I was getting about 70-80% when doing the 30-50 new question review. Once I completed all 1000+ new questions I focused on the "trouble questions" and re-did them until I could answer them correctly. When I did the 200 question practice test on the last day before the exam I was able to get 95% and complete it in under 2 hours. A lot of the questions were committed to memory so the score/time was not very representative of reality.

I thought overall the exam reflected the review questions and was pretty fair. It took me 2 hours to get through all the questions and an additional 30 minutes to fill in the bubble scantron and review the 40 questions I was unsure about. Compared to the CISSP exam this was a walk in the park. Let's hope we all pass in 4-5 weeks

corpsec

wd40 wrote: »

Question to CISSP's, why are you taking the CISM exam if you are already CISSP's?

I took it because it compliments the CISSP, I wanted to get a deeper dive into security management and also get assurance of my security management concepts. The actual certification process also validates 3 years of "Security Management" domain to provide assurance to future employers (or existing ones) of your previous experience.

dustervoice

wd40 wrote: »

Question to CISSP's, why are you taking the CISM exam if you are already CISSP's?

This link will explain why most of us pursue both CISSP and CISM. http://www.techexams.net/forums/isaca-cisa-cism/48126-cism-vs-cissp.html

rhaynal

wd40 wrote: »

Question to CISSP's, why are you taking the CISM exam if you are already CISSP's?

In addition to what others have already said, I find that some organizations heavily lean towards ISACA certs, even if you have a CISSP. Also in my town, ISACA has a good users group (networking) that meets often and has good training. All things considered ... it provides more options than just the CISSP alone.

eSenpai

wd40 wrote: »

Question to CISSP's, why are you taking the CISM exam if you are already CISSP's?

The thread posted by @dustervoice contains some very good input on the subject but I find what @rhaynal said resonated the most. For me it is not about getting one cert and calling it a day but about complementary certification experiences which not only keep me learning but which also keeps the mighty HR gatekeepers from saying, "But you don't have X cert right???". By the time I am done with everything I have planned in the next 5 years, that won't ever happen again. I blame myself for having the experience and initially thinking that was enough so I started late to the certification merry go round. Once upon a time experience was indeed enough but now you have to fight the applicant tracking systems (unless you know someone) and their HR masters who may not even understand what they are asking for when posting these pie-in-the-sky unrealistic job requirements.

As also pointed out, ISACA has a sterling reputation and as I have become fond of saying, if you have the experience then just get the certification already. The certification learning experience can only help you and your real world experience should make the test a cake walk. If you are otherwise spending 4 hours a night in front of your TV then take 2 of those hours and just do it...the time to question "Why?" passed us some years back IMHO.

wd40

Thanks for the replies.

I asked because I was thinking if CISM is easier than CISSP why not go for CISM then CISSP.

Now I understand why, this could be for a transition from a technical role (CISSP) to a management role (CISM).

needhelp

For my part i passed the CISSP and yes it's difficult as its cover plenty of things but if you know your stuff you can passed as the questions are well phrased and well explained.
But for the CISM, even you know your stuff.. the wording and phrases are very tricky .. it's more likely you need to go to take an english lessons and then try the exam.

eSenpai

wd40 wrote: »

I asked because I was thinking if CISM is easier than CISSP why not go for CISM then CISSP.

I hear this from both sides a lot actually. For some people the CISSP is a breeze and the CISM is a monster whereas for others the CISM is a breeze and the CISSP is a monster. I am not sure if the order matters since I am the only person I know who did them out of the conventional order. My personal experience was...I went to the wire on time with the CISM and felt like it was the worst test that I had ever taken (until I took the monster known as the PMP) but I finished the CISSP in like 3hours with a review and everything. I don't know what makes one test seem harder than another but I no longer take any one's word for how hard a test is going to be since it all seems relative to your experiences and possibly the luck of the draw with test questions.

dustervoice

For me the CISSP was easier because the wording of the questions are straight forward and uses common words in everyday spoken English. Questions that were "difficult", if you read it a few times you can get an idea of what they are asking and you can take a guess; however, CISM questions had the strangest wording i've every seen. some question I had no clue what they were asking. In my current role in infosec i use some of Isaca's terminology and my colleagues look at me strange

and I'm talking about people who has been in infosec for over 20 years. I can only imagine the struggle that non native English speakers go through for this test. Now the wait for my result is killing me..

TintinHerge

Looks like the Database (or the Question Answer Manual at the very least) is very important to passing the exam. Would you agree?

dustervoice

TintinHerge wrote: »

Looks like the Database (or the Question Answer Manual at the very least) is very important to passing the exam. Would you agree?

Yes and so is the Review Manual as boring as it is.

varungl

On first read Simply ignore in each Chapter the Part-1 i.e. the Knowledge statements and continue with the text i.e. Part-2. U can read like a story book. Once thru with Part-2 u can read the Part-1 or even IGNORE the PART-1. Review Manual and Q&A is enough however the practical experience cannot supplement anything.

varungl

One can try this free resource....!!!!! It has Q&A for various certifications (CISA, CISM, CGEIT, CRISC & a host of other certifications) as well.

http://www.aio********.com/isaca/

www. AIO Test King .com / isaca ..... pls remove all blanks .... not sure why its *ing the URL....

dustervoice

varungl wrote: »

One can try this free resource....!!!!! It has Q&A for various certifications (CISA, CISM, CGEIT, CRISC & a host of other certifications) as well.

http://www.aio********.com/isaca/

www. AIO Test King .com / isaca ..... pls remove all blanks .... not sure why its *ing the URL....

Its considered a **** site.. hence the *