CISM - Failed twice, need better strategy to 3rd try

rasli79rasli79 Posts: 23Member ■■□□□□□□□□
I know it was my fault which is not really in preparation for the exam. All those two exams consider less than a month of preparation and use my own 10 years IT security experience and sometimes a grammar when answer the questions.
1st exam without QADB but complete Udemy CISM course. marks 438. 2nd exam with QADB and less than month inconsistency study plan marks - 422. I'm planning to re-take next mid-year since the QADB still valid till Sept 2019. Any advise and what the best study plan should i use. I'm planning to do other cert as well next year. If anyone can suggest 3 months study plan will be great. 


  • kaijukaiju Posts: 250Member ■■■■□□□□□□
    What was your score on the QA&E DB? If you can consistently score 85% or above you should be able to pass CISM without any issues. 
    Work smarter NOT harder! Semper Gumby!
  • JoJoCal19JoJoCal19 California Kid Posts: 2,736Mod Mod
    You bought the QADB and your score got worse. This tells me that you cannot rely heavily on your experience in passing this exam nor can you rely just on the QADB. You will need to dedicate a serious amount of studying, especially with a score of 422. I recommend purchasing the Review Guide as well. Read that through once quickly. Then do another read through more slowly. Then start doing the QADB questions and see where your score is. In your situation just doing the QADB over and over and memorizing the questions and answers isn't going to help. So read the Review Manual a couple of times and then take a practice exam with like 20-25 questions from each domain and see how you do. If you hit at least 80% on that, then I'd say you can move over to just working on QADB questions.
    Currently Working On: eJPT, Learning: Linux/CLI, Git, Python, Pentesting
    Next Up:​ eJPT, eCPPTv2, OSCP
    Studying:​ Code Academy (CLI, Git, Python), eLearnSecurity PTSv3
  • promethuschowpromethuschow Member Northern VA, NYCPosts: 144Member ■■■■□□□□□□
    I'm just going to add on top of Jojo's advice, read the read the manual at least 3-4 times, and highlights the stuffs that you think need further reading. You could also buy CISM all in one book from e-bay or Amazon . Read that AIO book at least twice.  As fo AQDB, can't argue with JoJo's advice. Good luck with the next try. Also, look into the exam score break down, and see where did you do bad, and concentrate on those area little more. 
  • rasli79rasli79 Posts: 23Member ■■□□□□□□□□
    Thanks guys, absolutely i need to start with the Manual before jump back into QADB. 
  • SecGuy22SecGuy22 Posts: 7Member ■■□□□□□□□□
    for my CISM, I used many sources....
    -ISACA Q&A Database (30 hours of study over a month and a Half),
    -All in one CISM book, with practice questions and test engine that came with it. video training - full CISM course (Cybrary is free!),
    -as well as the CISM course, Cybrary has CISSP and CISA which will help with your CISM (if you have time)
    -a short YouTube video by Sean Hanna on ISACA exam webcram (also free).
    -CISM Course on (I get this free through my public library membership - many places do - but you could take the free 30 day trial if you don't get access via your public library).

    So, my suggestion would be to use many sources...
    Next: CISA exam the wait.
  • PJ_SneakersPJ_Sneakers The ceiling is glass. USAPosts: 877Member ■■■■■■□□□□
    edited November 2018
    I use experience, prior study for CISSP (I haven't taken the exam yet), and the online Q&A DB.

    You might find Sean Hannah's CISM/CISA video useful too:

  • andyveazeyandyveazey Posts: 2Registered Users ■■□□□□□□□□
    I watched as many Cybrary videos as I could, taking notes, and used the database until I was scoring close to 100% on the full test simulation. 
    I think my actual hands on experience played the biggest role in my passing. If you don't have the experience I would agree with others to read and watch versus using the database test simulator as much. 
  • Info_Sec_WannabeInfo_Sec_Wannabe Senior Member Posts: 355Member ■■■□□□□□□□
    While experience is helpful, do take note that not everything that happens in real-life is consistent with the ISACA mindset. Depending on the question and the available choices, go with what is theoretically more or most correct, not the most practical. The Q&A DB should be sufficient for your purpose.
    Three year plan: (2018) CISSP [X] and eJPT [ ]; (2019) eCPPT [ ]; (2020) OSCP [ ]
Sign In or Register to comment.