How to Pass Certification Exams

Getting ready to take the CISA, CISM, CISSP, CIA, PMP, MCSE, or other certification exams? Here’s what you need to do to pass those tests:

  1. If Shon Harris has a book for your certification (CISA or CISSP), get it. Her books are not only excellent, but quite humorous.
  2. Use the “official” (but usually really boring) book issued by the organization that issues the certification. Official books have the most focused content; they are just poorly written.
  3. Study at least one other book other than the official book to get a different viewpoint and help you understand the more difficult content.
  4. Take notes as you read the books to create your own cheatsheet on the topics you struggle with. It’s much slower, but it helps you digest and learn the material. Review your cheatsheet periodically. (A link to my CISA cheatsheet is at the bottom; I didn’t publish my CISSP cheatsheet as it’s too out-of-date, as that was looooong ago.)
  5. Use practice questions (in addition to those that come with the books). The more the better–you should use at least 1000 practice questions between the books and additional question kits. The “official” practice questions are your best bet. Note which questions you miss, review that material again, and test yourself again with just those questions.
  6. Make sure you take advantage of the free quizzes from at About 90 questions are available.
    – To start your quiz, use the small link at the very bottom of the page, called this link (free registration required).
    – When choosing the quiz options, make sure to choose only questions that are “closely related,” otherwise you will also get questions for other certifications.
  7. When reading a question, look for the limiting word(s) in the question like “preventive control” or “symmetric encryption” that help you weed out the incorrect answers.
    • Watch out for words like NOT, BEST, and UNLIKELY that might alter the question’s direction.
    • Note whether the question is focused on the process or who’s doing the action. That helps eliminate answers. For example, if a question asks what would an auditor do next, you can eliminate any answers involving tasks auditors don’t do, like applying patches, implementing controls, or moving code into production.
  8. After you read the question and pick an answer, read the question again, and all the answers again, and make sure the answer fits the question. Make sure you read the question AND the answer correctly.
  9. Pick the best answer, even if it’s not totally correct. Sometimes you’ll get 4 answers that are all wrong, but one is more right than the others–pick that one.
  10. Remember that management is ultimately responsible for everything. When in doubt, pick the answer that involves the highest level of management, including the board of directors.
  11. During the exam, answer each question as you go along. Don’t leave any answers blank in case you run out of time.
  12. Mark all questions that you’re not sure about. When you finish all the questions, go back and review those questions. Don’t be afraid to change answers on questions you’re not sure about.
  13. Study. Hard. Learn the material. If you study only to the pass the exam, it will catch up with you eventually.

Do you have any tips? Please leave a comment…



If your exam is the CISA, check out ISACA’s  own CISA Self-Assessment exam (get it here), but make sure you read my post entitled, Where is the IS in CISA?

Download my FREE CISA Study Guide!


Studying for the CISSP or have some advice for those studying for this exam? Check out the Least Privileged blog for this person’s experience with the exam (he failed the first time) and lots of CISSP resources. He tells it straight. Nice job, Durk!

Here’s another great resource, The Thrifty CISSP.


Related posts on this blog:

Top 10 Pay-Boosting Tech Certifications

CISA vs. CIA Certification

FREE CISA Study Guide

Where is the IS in CISA?

More on the CisA Exam

Fun CPEs for CISSPs

About these ads


Filed under Audit, Certification, How to..., Security, Technology

3 responses to “How to Pass Certification Exams

  1. Pingback: Top 7 Reasons for Security Certification | ITauditSecurity

  2. A.A.M

    Just wanted to know whether CISA Certification is of any good, if you are a software programmer. I have no experience or degree in IT auditing, especially auditing.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s