ISACA Exam Passing Principles
protacticus
Member Posts: 91 ■■■□□□□□□□
in CISM
Maintain a Risk Management point of view, technical questions are not predominant, questions are subtle but not tricky:
Crucial element is to identify the single domain from which question was drawn
1. First filter / eliminate answers not connected with identified domain
2. Then, apply general principles of that domain when finding answer
What is your experience from ISACA exams, are these principles correct?
- Have a rationale for selecting the option that you have
- Select a response option for reasons related to InfoSec or Risk Management: oversight vs. mere management
- “Best” answer is the one associated with better risk management, not necessarily “better’ result from some other perspective
Crucial element is to identify the single domain from which question was drawn
1. First filter / eliminate answers not connected with identified domain
2. Then, apply general principles of that domain when finding answer
- Exam includes few (if any) items related to the specifics of any particular Risk/ audit framework / principle / best practice. Seek broadest understanding of item, select answer that is most generally correct
- Apply the principles underling a given framework, rather than framework specific details
What is your experience from ISACA exams, are these principles correct?
Comments
-
Dolph
Member Posts: 12 ■□□□□□□□□□
I'd mostly agree. For CISM I would say think like a CEO or Senior Management. For example, very simplistically the best way to stop a cyber attack would be to block all incoming traffic, but this would harm the business as it would block legitimate trade traffic. Think in terms of cost effectiveness and what answer is best for the commercial side of the business.