Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:
- If Shon Harris has a book for your certification (CISA or CISSP), get it. Her books are not only excellent, but quite humorous.
- Use the “official” (but usually really boring) book issued by the organization that issues the certification. Official books have the most focused content; they are just poorly written.
- Study at least one other book other than the official book to get a different viewpoint and help you understand the more difficult content.
- Take notes as you read the books to create your own cheatsheet on the topics you struggle with. It’s much slower, but it helps you digest and learn the material. Review your cheatsheet periodically. (A link to my CISA cheatsheet is at the bottom; I didn’t publish my CISSP cheatsheet as it’s too out-of-date, as that was looooong ago.)
- Use practice questions (in addition to those that come with the books). The more the better–you should use at least 1000 practice questions between the books and additional question kits. The “official” practice questions are your best bet. Note which questions you miss, review that material again, and test yourself again with just those questions.
- Make sure you take advantage of the free quizzes from cccure.org at http://www.freepracticetests.org/quiz/home.php. About 90 questions are available.
- To start your quiz, use the small link at the very bottom of the page, called this link (free registration required).
- When choosing the quiz options, make sure to choose only questions that are “closely related,” otherwise you will also get questions for other certifications.
- When reading a question, look for the limiting word(s) in the question like “preventive control” or “symmetric encryption” that help you weed out the incorrect answers.
- Watch out for words like NOT, BEST, and UNLIKELY that might alter the question’s direction.
- Note whether the question is focused on the process or who’s doing the action. That helps eliminate answers. For example, if a question asks what would an auditor do next, you can eliminate any answers involving tasks auditors don’t do, like applying patches, implementing controls, or moving code into production.
- After you read the question and pick an answer, read the question again, and all the answers again, and make sure the answer fits the question. Make sure you read the question AND the answer correctly.
- Pick the best answer, even if it’s not totally correct. Sometimes you’ll get 4 answers that are all wrong, but one is more right than the others–pick that one.
- Remember that management is ultimately responsible for everything. When in doubt, pick the answer that involves the highest level of management, including the board of directors.
- During the exam, answer each question as you go along. Don’t leave any answers blank in case you run out of time.
- Mark all questions that you’re not sure about. When you finish all the questions, go back and review those questions. Don’t be afraid to change answers on questions you’re not sure about.
- Study. Hard. Learn the material. If you study only to the pass the exam, it will catch up with you eventually.
Do you have any tips? Please leave a comment…
Download my FREE CISA Study Guide!
Studying for the CISSP or have some advice for those studying for this exam? Check out the Least Privileged blog for this person’s experience with the exam (he failed the first time) and lots of CISSP resources. He tells it straight. Nice job, Durk!
Here’s another great resource, The Thrifty CISSP.
Related posts on this blog: