Passed CISM in two weeks

Hi guys,

i have cleared the cism exam today.

after i pass the Cisa on April, i have decided to take cism on August.

i just hit the QADB. First time a get about 65% on DB, i do it 2 times and nothing more!

i believe isaca exams passing score is ~ 60 %.

So, i advice that if you are about 65-70 % in DB, you will be ok on the exam. this was working with my cisa exam too.

just hit the DB in two week two times was enough for me.

BTW, my experience is 10 months on IT audit.
good luck in your journey!

Find more posts tagged with

SAVE $250 on Your ISACA Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View ISACA Boot Camps

Comments

cyberguypr

Congrats! Correction: passing score is 450 and since it's scaled you can't refer to it percentage-wise.

drose

cyberguypr wrote: »

Congrats! Correction: passing score is 450 and since it's scaled you can't refer to it percentage-wise.

i know it but in my and my friends journey shows us 60 percent in exam is ok. maybe in pbt times they use curve to determine who pass and who fail.

in cbt, they determine minimum number of right answers and i think it is about 60%.

kaiju

A QA&E score of 80% or above shows that a candidate really knows and understands the information. In my opinion, 60% on the QA&E is a mediocre score that shows a basic understanding of the material but enough knowledge to be useful to an organization.

cyberguypr

You are doing a disservice to test takers by taking the percentage approach. I have helped develop exams for GIAC, ISC2, and CompTIA and have helped set passing scores for several tests. One of the first things you learn in those workshop is how wrong thinking about it percentage-wise is.

And to kaiju's point, 60-70 in DB meand you certainly do not master the material.

To each their own but you will see no one here recommends what you are recommending.

drose

i do not see the isaca exams to be a "master".also isc2 exams do not truly show if you will doing your job good. maybe OSCP can show your ability to do your job. i think majority of test takers just want to pass the exam.

just here for encourage people who are afraid and want to know what percentage of QADB scores is enough.

when i was working cisa i am curious about the test passers percentage. of course it is not the exact true, just my humble opinion.

i was discouraged when see posts on the forums said that i have to beat 85% on DB.

anyway, good luck everyone on their certification exams.

kaiju

Like already mentioned: the actual test is graded on a sliding scale. Shooting for a barely passing score on the QA&E database shows that you do not have a desire to actually learn the material. We are not trying discourage people. We are trying to ensure that potential candidates actually KNOW the material.

The score on the QA&E is merely a benchmark that allows you gauge your ability to retain the information. Yes, I only studied for 3 weeks but I also was scoring well above 85% so I had no worries about my ability to pass the test. The QA&E database and study material prepared me for the exam format and supplemented what I had already learned from being in Cyber related jobs for 10+ years.

I personally know of a couple people who put some serious study time (150+ hours in less than a month) into ISACA exams but failed on the first couple of tries because they were shooting for the minimum score. They encountered questions on the exam that were just different enough to confuse them. If you are in the correct position, you WILL encounter material that is covered by ISACA, ISC2 and other exams.

i think majority of test takers just want to pass the exam.

This really depends on the actual reason for taking the exam. A person who is padding their resume doesn't care to learn the material/subject matter so they usually shoot for the minimum score. A person who is serious about knowing the material will put forth an effort to make as high of a score that their knowledge base will allow. Employers do not care about scores as long as you can pass the exam. However, I would be extremely upset with myself if I put forth maximum effort to pass a test but failed. But I would not be surprised if i shot for the minimum passing score but failed by a few points or questions. This takes me to a another situation. I know more than few people who passed their certs but flopped on subsequent interviews because they couldn't answer basic questions that were pulled straight from cert study material.

Short version: Shooting for a minimum score is the same as shooting for a failing score.

rasli79

I got another 2 weeks to go for my exam. I know, i dont have much time. I manage to complete udemy CISM course last year and sometimes reviewing the manual. Do you mean on QADB which is from ISACA?

drose

rasli79 wrote: »

I got another 2 weeks to go for my exam. I know, i dont have much time. I manage to complete udemy CISM course last year and sometimes reviewing the manual. Do you mean on QADB which is from ISACA?

yes, i mean isaca official qadb. online version is better but you can use book version also.

you can hit db maybe 2 times and focus on "trouble questions". you can also review the cism Manuel on missing questions.

roninkai

I studied for the CISM soon after my CISSP. I found very little content difference. I almost felt like I could take it the exam with minimal extra study since CISSP was fresh, but ultimately never did. Does anyone who has CISSP and taken CISM have any experiences to share in terms of content similarities. I know CISM is more management focused, but I found very little 'gotchas' during prep. I wish I just did it, but now Im on to other things, and off the cert train for a while.

chapter

I did my CISSP Last year and did CISM last week . CISM is easy compared to CISSP. I think the Q&A Database is sufficient for tackling the exam and if you work in the industry and use similar terminology - Enterprise Governance etc.. then you are fine. If not then brush up on the Manual. I read the manual as I wanted to get a better understanding of the 'governance /strategy planning' and compare with how that's implemented at my work. But if you are just after the cert and you know the stuff then just use the Q&A database.