Community Manager at Infosec!
Who we are | What we do
Options
Passed Today - Here is my perspective (you should read)
Hi all,
Yes I passed the exam today but at what cost
A bit of my background
- 12 years in security
- CISSP, Comptia Security+, Microsoft Certifications, ITIL etc.
- Have been working in global organisations in Europe, US and Australia
Study Resources
Official Bootcamp - Expensive and not necessary
Official Book - took about 1 month to finish 90% and got bored (10 pages a day max)
Official Question Database - Frustrating and does not set you up for the exam, spent 2 months (a total of 42 hours of study, final score 90%). There are some questions which you would like to encounter again and again until you get the right answer (DB consist of over 1000+ questions) but the system keeps asking you the same 50-60 questions over and over again on 150 exam preparation.
Furthermore, most of the hard questions (which are in majority) are answered correctly only by 8-30% of the candidates; this by itself tells you that there is something fundamentally wrong with ISACA's mind-set because considering the experience requirements. (In my opinion having a 55% correct answer rate should be enough to sound the alarm bells in the industry).
Questions I had before exam and what do I think (or know) now
1. Will my experience help me pass the exam
No, ISACA lives on its own universe
2. Is there a standard approach to ISACA's logic
Definitely no
3.How would you compare CISSP vs CISM
There is no comparison, I DO understand now why CISSP is the most valued IS certification
4. Can I brian **** questions
Absolutely not because ISACA would use its own (unique) terminology in official study guide, will use a different terminology in official question database and yet you will be challenged with a completely new terminology in the exam
5. What will I achieve by getting this certification
Dont know yet, will let you know
About Official Book & Question DB
Official book: really good resource for work and real life scenarios BUT too wordy and keeps repeating same very generic practices which distracts you from focusing on exam specific
Is it a good resource to study? So so!
To give you an example. When you read about incident management you would find a paragraph which resembles below definition (I cant copy paste sorry);
"Incident management consist of preparation, detection, containment response etc..."
A question in official DB would be
Which of below incident management process is the most important one
a) Preparation
b) Detection
c) Containment etc.
In the exam
Which of below process is the most important one
a) Incident
b) Management
c) Process
Or another example would be
Official book would give you a definition of confidentiality, integrity and availability but the official question DB would ask
Which one of 3 CIA triad is the most important one
a) Confidentiality
b) Integrity
c) Availability
Lets suppose the answer is "A", the rationale for answer "B" and "C" would be, A is always the most important
In the exam
Which one of 3 CIA triad is the least important one
a) Confidentiality
b) Integrity
c) Availability
Obviously with no context (what type of industry you are working in finance, military, mining etc.) there is no right answer for both questions and the official question DB doesnt exactly tell you why "A" is the right answer and why "B" and "C" are not!
And lastly I need to mention there was even a question about the biggest disadvantage of digitally signing and encrypting an e-mail message (a message which is sent internally) - will let you guys use your imagination
Furthermore, I have discovered several inconsistencies within the official book and official study question DB but you may as well say that there might be some exceptions as my official book might be an older version than the official study DB... but no
I noticed multiple questions in official study DB which contradict each other. It's like there are different groups within ISACA with complete different understanding of what is ISACA way.
About the Exam
1. More ambiguous terminology, things you wouldn't find in the book nor in the study question database
2. Poor grammar, english is not my first language (especially when it comes to writing) but the level of grammatical mistakes takes me back to 6th grade (is / are, has /have and even they's / there's type of mistakes)
3. Words that dont exist in english language (according to google translate)
3. Rubbish service_1: When I registered for the exam I received an email stating that I need a single form of identification (e.g driving licence or a passport etc.) but while trying to login to exam session the (remote) agent requested 2 forms of identification (passport and driving licence). I tried explaining that, this wasnt what was communicated to me. After 10 mins of chat I had to go back and find the exam booking email print-out to prove my point.(Think about the stress I was in) I would be sc**ed if I had forgotten printed copy of my exam schedule as you are not allowed to bring mobile phones and any other device which works on batteries (not even your fitbit charge 2 which is pretty old and primitive)
4. Rubbish service_2: You are not allowed to bring water,coffee or any snacks - I had a glass of water (in a glass which I filled in the exam centre kitchen) and a packet cookie on my desk (just in case), the (remote) agent requested me to remove everything before he/she can allow me to start my exam.
5. Rubbish service_3: You are not allowed to go to toilet during the 4 hour exam! (No comment here)
6. No congratulations when you pass the exam, actually it took me couple of seconds (probably 20-30) to understand that I passed the exam. When you submit your questions, you will be presented with a screen which displays almost every non necessary information in font size 18 and your exam pass / fail status is written in font size 8 at the very bottom.
Overall I am not really satisfied with anything except official study guide. Good luck to you all
Yes I passed the exam today but at what cost
A bit of my background
- 12 years in security
- CISSP, Comptia Security+, Microsoft Certifications, ITIL etc.
- Have been working in global organisations in Europe, US and Australia
Study Resources
Official Bootcamp - Expensive and not necessary
Official Book - took about 1 month to finish 90% and got bored (10 pages a day max)
Official Question Database - Frustrating and does not set you up for the exam, spent 2 months (a total of 42 hours of study, final score 90%). There are some questions which you would like to encounter again and again until you get the right answer (DB consist of over 1000+ questions) but the system keeps asking you the same 50-60 questions over and over again on 150 exam preparation.
Furthermore, most of the hard questions (which are in majority) are answered correctly only by 8-30% of the candidates; this by itself tells you that there is something fundamentally wrong with ISACA's mind-set because considering the experience requirements. (In my opinion having a 55% correct answer rate should be enough to sound the alarm bells in the industry).
Questions I had before exam and what do I think (or know) now
1. Will my experience help me pass the exam
No, ISACA lives on its own universe
2. Is there a standard approach to ISACA's logic
Definitely no
3.How would you compare CISSP vs CISM
There is no comparison, I DO understand now why CISSP is the most valued IS certification
4. Can I brian **** questions
Absolutely not because ISACA would use its own (unique) terminology in official study guide, will use a different terminology in official question database and yet you will be challenged with a completely new terminology in the exam
5. What will I achieve by getting this certification
Dont know yet, will let you know
About Official Book & Question DB
Official book: really good resource for work and real life scenarios BUT too wordy and keeps repeating same very generic practices which distracts you from focusing on exam specific
Is it a good resource to study? So so!
To give you an example. When you read about incident management you would find a paragraph which resembles below definition (I cant copy paste sorry);
"Incident management consist of preparation, detection, containment response etc..."
A question in official DB would be
Which of below incident management process is the most important one
a) Preparation
b) Detection
c) Containment etc.
In the exam
Which of below process is the most important one
a) Incident
b) Management
c) Process
Or another example would be
Official book would give you a definition of confidentiality, integrity and availability but the official question DB would ask
Which one of 3 CIA triad is the most important one
a) Confidentiality
b) Integrity
c) Availability
Lets suppose the answer is "A", the rationale for answer "B" and "C" would be, A is always the most important
In the exam
Which one of 3 CIA triad is the least important one
a) Confidentiality
b) Integrity
c) Availability
Obviously with no context (what type of industry you are working in finance, military, mining etc.) there is no right answer for both questions and the official question DB doesnt exactly tell you why "A" is the right answer and why "B" and "C" are not!
And lastly I need to mention there was even a question about the biggest disadvantage of digitally signing and encrypting an e-mail message (a message which is sent internally) - will let you guys use your imagination
Furthermore, I have discovered several inconsistencies within the official book and official study question DB but you may as well say that there might be some exceptions as my official book might be an older version than the official study DB... but no
I noticed multiple questions in official study DB which contradict each other. It's like there are different groups within ISACA with complete different understanding of what is ISACA way.
About the Exam
1. More ambiguous terminology, things you wouldn't find in the book nor in the study question database
2. Poor grammar, english is not my first language (especially when it comes to writing) but the level of grammatical mistakes takes me back to 6th grade (is / are, has /have and even they's / there's type of mistakes)
3. Words that dont exist in english language (according to google translate)
3. Rubbish service_1: When I registered for the exam I received an email stating that I need a single form of identification (e.g driving licence or a passport etc.) but while trying to login to exam session the (remote) agent requested 2 forms of identification (passport and driving licence). I tried explaining that, this wasnt what was communicated to me. After 10 mins of chat I had to go back and find the exam booking email print-out to prove my point.(Think about the stress I was in) I would be sc**ed if I had forgotten printed copy of my exam schedule as you are not allowed to bring mobile phones and any other device which works on batteries (not even your fitbit charge 2 which is pretty old and primitive)
4. Rubbish service_2: You are not allowed to bring water,coffee or any snacks - I had a glass of water (in a glass which I filled in the exam centre kitchen) and a packet cookie on my desk (just in case), the (remote) agent requested me to remove everything before he/she can allow me to start my exam.
5. Rubbish service_3: You are not allowed to go to toilet during the 4 hour exam! (No comment here)
6. No congratulations when you pass the exam, actually it took me couple of seconds (probably 20-30) to understand that I passed the exam. When you submit your questions, you will be presented with a screen which displays almost every non necessary information in font size 18 and your exam pass / fail status is written in font size 8 at the very bottom.
Overall I am not really satisfied with anything except official study guide. Good luck to you all
Comments
-
Options
Metaldave
Member Posts: 102 ■■■□□□□□□□
Wow. That just sounds like a horrific experience! Not being allowed to use the toilet sounds mental! The cookies, I agree with to be honest.. the noise of the wrapper could be quite distracting to other test takers. -
Options
LonerVamp
Member Posts: 518 ■■■■■■■■□□
Not to be argumentative, but you were not allowed drink or food and you brought drink and food. Doesn't sound like the remote agent did anything wrong there.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Options
lucky0977
Member Posts: 218 ■■■■□□□□□□
I think it's a different experience for everyone. My test center allowed me to take as many breaks as I wanted but I had to empty all my pockets and all belongings were placed in a locker prior to taking the exam.
I've taken two exams by ISACA and felt they were a lot easier and far more inferior to the CISSP. I mean, I didn't even use the study guide for either exam. I just used the Q&A database for both and again, I felt they were way easier than ISC2 exams. The questions were one or two sentences in length and appeared to be fair questions without ambiguity.
Sorry to hear what you went through but at least you passed.Bachelor of Science: Computer Science | Hawaii Pacific University
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+ -
Optionsnisti2
Member Posts: 503 ■■■■□□□□□□
Amazing! Thanks for sharing!2020 Year goals:
Already passed: Oracle Cloud, AZ-900
Taking AZ-104 in December.
"Certs... is all about IT certs!" -
Options
FluffyBunny
Member Posts: 230 ■■■■■□□□□□
Thanks for sharing such an exhaustive review!1. Will my experience help me pass the examBig yikes
No, ISACA lives on its own universe
2. Is there a standard approach to ISACA's logic
Definitely no
-
Options
Infosec_Sam
Admin Posts: 527 Admin
Even if you didn't get a congratulations from the exam, you can be sure to get one from us! Nice job on the pass, and here's hoping you can keep it renewed with CPEs! -
Options
sfportaro
Member Posts: 34 ■■■□□□□□□□
I took the exam at the end of November. I disagree with most of your comments.
Yes, ISACA has their own logic and you need to get into their mindset. But, this is more or less true of every cert organization. This is why the QAE is so important.
No, I did not see grammatical mistakes. I found the question easier and clearer then those on the CSSLP and the CIPT. There was only one question that I thought was out of left field.
There were problems. The exam froze and it took 45 minutes to get back in.
Some of your problems where related to your test center. Mainly the ID issue and the bathroom break.
I have never heard of a testing center that would allow food and/or drink. That is just rude to the other test takers.
But, be proud of passing. -
OptionsMike564
Member Posts: 2 ■■□□□□□□□□
The interesting part - at this link (https resources.infosecinstitute.com/cia-triad/#gref) (apparently as a new user I am not allowed to post links yet so you have to re-create the link yourself) you can read the following:Hunter85 said:
Or another example would be
Official book would give you a definition of confidentiality, integrity and availability but the official question DB would ask
Which one of 3 CIA triad is the most important one
a) Confidentiality
b) Integrity
c) Availability
Lets suppose the answer is "A", the rationale for answer "B" and "C" would be, A is always the most important
In the exam
Which one of 3 CIA triad is the least important one
a) Confidentiality
b) Integrity
c) Availability****************************************
The importance of the whole CIA Triad is equally important, however, sometimes we need to give importance to one of them or a combination of them over the other as per the context. For example:
- Let’s assume we are examining proprietary information and finding priority among CIA Triad to assign to. In this case, since it is proprietary, the priority and importance should be Confidentiality i.e. limiting access to the underlying information itself.
- In another example consider the scenario of financial information in a bank which is supposed to be protected. In this case, importance will be to protect the integrity of the underlying information so that all the transactions hold their true value.
- Let’s now consider the case when some type of information is available for public consumption. Now in this case Availability will hold the priority because that is the main motive for this information to the public. Confidentiality will not be an issue in this since it is available to everyone whereas Integrity holds lower priority than Availability.
As OP said,the context is needed - and Infosec resource confirms that. Therefore without the context - what is considered the right answer??? -
Optionslucky0977
Member Posts: 218 ■■■■□□□□□□
Give you a hint....You're not going to see a vague question like that in the exam. Maybe in the study practice exams but not the actual exam. You know how many test takers would complain about how stupid the question is if you're not given any context. The questions on the exam were fair and unambiguous.Bachelor of Science: Computer Science | Hawaii Pacific University
CISSP | CISM | CISA | CASP | SSCP | Sec+ | Net+ | A+ -
OptionsMike564
Member Posts: 2 ■■□□□□□□□□
Thx for the suggestion! However OP said that this was the question on the actual exam? Also, as long as question is without the context, it does not help even during study practice exams, as I am preparing for the exam now....Is there any resource that provides actual exam questions with answers?lucky0977 said:Give you a hint....You're not going to see a vague question like that in the exam. Maybe in the study practice exams but not the actual exam. You know how many test takers would complain about how stupid the question is if you're not given any context. The questions on the exam were fair and unambiguous. -
Optionssfportaro
Member Posts: 34 ■■■□□□□□□□
Well, if he posted the question verbatim, he is in violation of the NDA. Again, I took the exam 2 months ago and it was fine.Mike564 said:
Thx for the suggestion! However OP said that this was the question on the actual exam? Also, as long as question is without the context, it does not help even during study practice exams, as I am preparing for the exam now....Is there any resource that provides actual exam questions with answers?lucky0977 said:Give you a hint....You're not going to see a vague question like that in the exam. Maybe in the study practice exams but not the actual exam. You know how many test takers would complain about how stupid the question is if you're not given any context. The questions on the exam were fair and unambiguous.
And, why would you want the actual questions beforehand (brain ****)? Why not give any cert to who ever wants them? Talk about cheapening the value of a cert. There is a value in actually knowing the subject matter. -
Options
LordQarlyn
Member Posts: 693 ■■■■■■□□□□
I would say C is the most important. If a network or system isn't available, then no one gets to use it, regardless how well confidentiality and integrity controls are implemented. At my current job, if some systems are down, work literally has to stop. Yes of course A & B are very important, but in the final analysis if the system is not available then it's of no use to the customers. internal or external.Mike564 said:
The interesting part - at this link (https resources.infosecinstitute.com/cia-triad/#gref) (apparently as a new user I am not allowed to post links yet so you have to re-create the link yourself) you can read the following:Hunter85 said:
Or another example would be
Official book would give you a definition of confidentiality, integrity and availability but the official question DB would ask
Which one of 3 CIA triad is the most important one
a) Confidentiality
b) Integrity
c) Availability
Lets suppose the answer is "A", the rationale for answer "B" and "C" would be, A is always the most important
In the exam
Which one of 3 CIA triad is the least important one
a) Confidentiality
b) Integrity
c) Availability****************************************
The importance of the whole CIA Triad is equally important, however, sometimes we need to give importance to one of them or a combination of them over the other as per the context. For example:
- Let’s assume we are examining proprietary information and finding priority among CIA Triad to assign to. In this case, since it is proprietary, the priority and importance should be Confidentiality i.e. limiting access to the underlying information itself.
- In another example consider the scenario of financial information in a bank which is supposed to be protected. In this case, importance will be to protect the integrity of the underlying information so that all the transactions hold their true value.
- Let’s now consider the case when some type of information is available for public consumption. Now in this case Availability will hold the priority because that is the main motive for this information to the public. Confidentiality will not be an issue in this since it is available to everyone whereas Integrity holds lower priority than Availability.
As OP said,the context is needed - and Infosec resource confirms that. Therefore without the context - what is considered the right answer???
-
OptionsHunter85
Member Posts: 60 ■■■□□□□□□□
I did not receive any official letter or email from ISACA or the test centre asking me not to bring any liquids or food to the exam centreLonerVamp said:Not to be argumentative, but you were not allowed drink or food and you brought drink and food. Doesn't sound like the remote agent did anything wrong there.
It was requested by the offshore exam instructor while I was logging into the system
(You are being monitored by a webcam throughout the exam by ISACA or ISACA contracted instructors)
The exam room was designated for 1 person only
1 computer, 1 desk, 1 chair
Local guys were alright
So I dont get the point of destructing other people while drinking water or eating a cookie -
OptionsHunter85
Member Posts: 60 ■■■□□□□□□□
I guess I will need to clarify myselfMike564 said:
Thx for the suggestion! However OP said that this was the question on the actual exam? Also, as long as question is without the context, it does not help even during study practice exams, as I am preparing for the exam now....Is there any resource that provides actual exam questions with answers?lucky0977 said:Give you a hint....You're not going to see a vague question like that in the exam. Maybe in the study practice exams but not the actual exam. You know how many test takers would complain about how stupid the question is if you're not given any context. The questions on the exam were fair and unambiguous.sfportaro said:
Well, if he posted the question verbatim, he is in violation of the NDA. Again, I took the exam 2 months ago and it was fine.Mike564 said:
Thx for the suggestion! However OP said that this was the question on the actual exam? Also, as long as question is without the context, it does not help even during study practice exams, as I am preparing for the exam now....Is there any resource that provides actual exam questions with answers?lucky0977 said:Give you a hint....You're not going to see a vague question like that in the exam. Maybe in the study practice exams but not the actual exam. You know how many test takers would complain about how stupid the question is if you're not given any context. The questions on the exam were fair and unambiguous.
And, why would you want the actual questions beforehand (brain ****)? Why not give any cert to who ever wants them? Talk about cheapening the value of a cert. There is a value in actually knowing the subject matter.
Both questions were just examples
There were no questions looking exactly like my post but there were questions in the exam and the QDB which looked really, really .... really similar...
What I was trying to say was that
The Official Study Guide: gives you the definition of Confidentiality, Integrity and Availability
The Official QBD: asks you (not the original question but very similar)
Which of the following CIA triad is the most important one
a) Confidentiality
b) Integrity
c) Availability
Lets suppose the answer is "A"
My point was that with no context you cant tell why A is the right answer
and the QDB rationale was that A is the most important one
In the exam however, you may find a very very, .... very similar question that may / can be resemble
Which of the following CIA triad is the least important one
a) Confidentiality
b) Integrity
c) Availability
My point is before going to the exam:
You will know the definitions of all 3 terms
You will know the most important one but yet
No resource (official study book or QDB) will tell you about the order or importance (without any context)
While above 2 questions are not from the exam or QDB, they are a pretty accurate representation of what I have seen
I hope this answers your question -
OptionsLonerVamp
Member Posts: 518 ■■■■■■■■□□
Hunter85 said:
I did not receive any official letter or email from ISACA or the test centre asking me not to bring any liquids or food to the exam centreLonerVamp said:Not to be argumentative, but you were not allowed drink or food and you brought drink and food. Doesn't sound like the remote agent did anything wrong there.
It was requested by the offshore exam instructor while I was logging into the system
(You are being monitored by a webcam throughout the exam by ISACA or ISACA contracted instructors)
The exam room was designated for 1 person only
1 computer, 1 desk, 1 chair
Local guys were alright
So I dont get the point of destructing other people while drinking water or eating a cookieI would honestly suspect you were told not to bring anything else with you into the exam room.I mean, you weren't probably not told you couldn't bring a squeaky rubber ducky in with you either, but you'd probably not be allowed it.
Security Engineer/Analyst/Geek, Red & Blue Teams
OSCP, GCFA, GWAPT, CISSP, OSWP, AWS SA-A, AWS Security, Sec+, Linux+, CCNA Cyber Ops, CCSK
2021 goals: maybe AWAE or SLAE, bunch o' courses and red team labs? -
Optionsbigdogz
Member Posts: 881 ■■■■■■■■□□
Congratulations on the pass!I was confused on the thread as I saw what topic it was under. Just remember next time you post have the name of the credential in topic of the thread.
I am sorry to hear that your experience was bad. I have not heard others who had any bad experiences as you. I am glad you passed even after the problems you had before and during your exam.I think some test centers are not run as well as others. When I took my GCIH, I had to inform the proctors that I has an open book exam.I have been in others where I have been padded down like I was going through the airport.The proctors may have problems with the process and that is the biggest point of frustration that occurs when we may be a little on edge when we take an exam. It just exacerbates the poor experience before the exam.