Study and Exam Prep Tips
CISA
It’s a rush of adrenaline during the final day before an exam. Because the CISA exam is given only twice a year—once in June and once in December—there’s the underlying knowledge that there is no easy retake. For many people, thoughts in the back of their mind tell them to read just a bit more, study a little more, or practice another skill so that they can successfully get this exam out of the way.
For most of you, this will probably be the first ISACA exam you have taken.
This element of the book provides you with some general guidelines for preparing for any certification exam, including the CISA. It is organized into four sections:
The first section addresses learning styles and how they affect preparation for the exam.
The second section covers exam-preparation activities and general study tips.
The third section takes an extended look at the ISACA certification exams, two of which are the CISA and CISM.
The final section includes a number of specific tips that apply to ISACA’s testing policies and how they might affect you.
Learning Styles
To best understand the nature of preparation for the test, it is important to understand learning as a process. You are probably aware of how you best learn new material. You might find that outlining works best for you, or, as a visual learner, you might need to “see” things. Or, as a person who studies kinesthetically, the hands-on approach serves you best. Whatever your learning style, solid test preparation works best when it takes place over time. Obviously, you shouldn’t start studying for a certification exam the night before you take it; learning is a developmental process. Understanding learning as a process helps you focus on what you know and what you have yet to learn.
Thinking about how you learn should help you recognize that learning takes place when you are able to match new information to old. You have some previous experience with auditing or security. Now you are preparing for this certification exam. Using this book, software, and supplementary materials will not just add incrementally to what you know; as you study, the organization of your knowledge actually restructures as you integrate new information into your existing knowledge base. This leads you to a more comprehensive understanding of the tasks and concepts outlined in the objectives and of IT audit practices in general. Again, this happens as a result of a repetitive process rather than a singular event. If you keep this model of learning in mind as you prepare for the exam, you will make better decisions concerning what to study and how much more studying you need to do.
Study Tips
You can approach studying in many ways, just as you have many different types of material to study. However, the tips that follow should work well for the type of material covered on the CISA exam.
Study Strategies
Although individuals vary in the ways they learn information, some basic principles of learning apply to everyone. You should adopt some study strategies that take advantage of these principles. One of these principles is that learning can be broken into various depths. Recognition (of terms, for example) exemplifies a rather surface level of learning in which you rely on a prompt of some sort to elicit recall. Comprehension or understanding (of the concepts behind the terms, for example) represents a deeper level of learning than recognition. The ability to analyze a concept and apply your understanding of it in a new way represents further depth of learning.
Your learning strategy should enable you to know the material at a level or two deeper than mere recognition. This will help you perform well on the exam. You will know the material so thoroughly that you can go beyond the recognition-level types of questions commonly used in fact-based multiple-choice testing: You will be able to apply your knowledge to solve new problems.
Macro and Micro Study Strategies
One strategy that can lead to deep learning includes preparing an outline that covers all the objectives and subobjectives for the particular exam you are working on. Delve a bit further into the material and include a level or two of detail beyond the stated objectives and subobjectives for the exam. Then expand the outline by coming up with a statement of definition or a summary for each point in the outline.
An outline provides two approaches to studying. First, you can study the outline by focusing on the organization of the material. Work your way through the points and subpoints of your outline, with the goal of learning how they relate to one another. For example, you should understand how each of the six main job practice areas for the CISA exam is similar to and different from another. Then do the same thing with the tasks and knowledge statements; know which tasks and knowledge statements pertain to each job practice area and how they relate to one another.
Next, work through the outline, focusing on learning the details. Memorize and understand terms and their definitions, facts, rules and tactics, advantages and disadvantages, and so on. In this pass through the outline, you should attempt to learn detail rather than the big picture (the organizational information that you worked on in the first pass through the outline).
Research has shown that attempting to assimilate both types of information at the same time interferes with the overall learning process. If you separate your studying into these two approaches, you will perform better on the exam.
Active Study Strategies
The process of writing down and defining objectives, subobjectives, terms, facts, and definitions promotes a more active learning strategy than merely reading the material does. In human information-processing terms, writing forces you to engage in more active encoding of the information. Simply reading over the information leads to more passive processing. Using this study strategy, focus on writing down the items highlighted in the book—bulleted or numbered lists, exam tips, notes, warnings, and review sections, for example.
Determine whether you can apply the information you have learned by attempting to create examples and scenarios on your own. Think about how or where you could apply the concepts you are learning. Again, write down this information to process the facts and concepts in an active fashion.
The hands-on nature of the exercises at the end of each chapter provides further active learning opportunities that will reinforce concepts.
Common-Sense Strategies
Follow common-sense practices when studying: Study when you are alert, reduce or eliminate distractions, and take breaks when you become fatigued.
Pretesting Yourself
Pretesting enables you to assess how well you are learning. One of the most important aspects of learning has been called meta-learning. Meta-learning has to do with realizing when you know something well and when you need to study some more. In other words, you recognize how well or how poorly you have learned the material you are studying.
For most people, this can be difficult to assess. Review questions, practice questions, and practice tests are useful because they reveal objectively what you have learned and what you have not learned. Use this information to guide review and further studying. Developmental learning takes place as you cycle through studying, assessing how well you have learned, reviewing, and assessing again until you feel you are ready to take the exam.
You might have noticed the practice exam included in this book; use it as part of the learning process. The MeasureUp test-simulation software included on this book’s CD-ROM also provides you with an excellent opportunity to assess your knowledge.
Set a goal for your pretesting: A reasonable goal would be to score consistently in the 90% range.
Exam Prep Tips
After you have mastered the subject matter, the final preparatory step is to understand how the exam will be presented. Make no mistake: The CISA exam challenges both your knowledge and your test-taking skills. The following sections describe the basics of exam design and the exam format, as well as provide some hints.
Preparing for the CISA exam might be somewhat different for you if this is the first paper-based noncomputerized exam you have taken in a while. This exam is unlike Microsoft, CompTIA, or Cisco exams you might have taken. Consider doing the following:
Combine your skill sets into solutions—This exam assumes that you have a minimum of five years of professional information systems auditing, control, or security work experience. As such, this means that you have many skills to bring to the table. Applying your knowledge of information systems auditing, control, or security work can help you work through the various questions.
Delve into excruciating details—The exam questions incorporate a great deal of information in the scenarios. Some of the information is ancillary—it will help you rule out possible issues but not necessarily resolve the answer. Many of the questions use words such as most, least, best, and worst. Some of the information simply provides you with a greater picture, as you would have in real life. Some information is key to your solution. Other times you might find that some information is shown but is not even needed to find the correct answer.
Read the questions carefully—Consider making multiple passes. On the first pass, circle the important points of the question. Also underline nouns. If you know the answer, mark it; if not, continue with the next question and return to the marked question later. On the second pass, ensure the implied direction of the question and its subject. A common CISA question technique is to imply terminology associations that should not exist. Candidates miss these questions by misreading them. If a third pass is required, try to get down to two potential answers. Not answering a question counts against you, so take a guess, if you must.
Practice with a time limit—Almost every certification exam has a time limit, and this one is no different. You have only four hours to complete 200 questions. Plan on using all of the allotted time. Just as a runner would not start his career in the New York City Marathon, you shouldn’t start taking 200-question tests on the day of the exam. Before the exam, get used to answering 50 questions an hour. That’s only a little less than one a minute. To get used to the time limits, testing yourself with a timer is a good way to accomplish this. Know how long it takes you to read scenarios and select answers.
Exam Format
The format for the CISA exam is a traditional fixed-form exam. As its name implies, the fixed-form exam presents a fixed set of questions during the exam session. Although everyone taking the test with you will be tested on the same set of questions, others might receive the questions in a different order than you do. These various tests are identical in terms of content coverage, number of questions, and allotted time, but the questions for each are in a different order.
Fixed-form exams also have fixed time limits in which you must complete them. A test candidate is given four hours to complete 200 multiple-choice questions. The exam tests the candidate’s knowledge of IS audit principles and practices, as well as technical content areas. The exam covers one process and five content domains.
The score you achieve on a fixed-form exam, which is always calculated on a scale of 0 to 1,000, is based on the number of questions you answer correctly. A scaled score of 75% or above represents a passing score for the entire exam.
The exam is formatted as follows:
The exam contains 200 questions.
You are allowed four hours to complete the exam.
You will be provided with an exam book and an answer sheet. After you complete the test, you must return both. Question review, including the opportunity to mark and change questions, is allowed.
Question Types
A variety of question types can appear on the CISA exam. We have attempted to cover all the types that are available at the time of this writing.
The CISA exam question is based on the idea of measuring skills or the ability to complete tasks. Therefore, most of the questions present you with a situation that includes a role, situation, or type of security function being performed. The answers indicate actions you might take to solve the problem or create proper audit techniques that would function correctly from the start. Keep this in mind as you read the questions on the exam. You will also encounter some questions that just call for you to regurgitate facts, so be prepared for a variety of types.
Despite the variety of question types that now appear in various exams, the CISA exam uses the multiple-choice question, which is the basic type of most exams. The multiple-choice question comes in two varieties:
Regular multiple-choice question—Also referred to as an alphabetic question, a regular multiple-choice question asks you to choose one correct answer.
Enhanced multiple-choice question—This is simply a regular or multiple-answer question that includes a graphic or table to which you must refer to answer the question correctly.
Examples of multiple-choice questions appear at the end of each chapter in this book.
More Exam Preparation Tips
Generic exam-preparation advice is always useful. Tips include the following:
Become familiar with the IT audit functions. Experience is one of the keys to success on the CISA exam. Review the exercises and the Step by Steps in the book.
Review the current exam requirement FAQ on the ISACA website. The documentation ISACA makes available on the web will help identify the skills needed to pass the exam.
Take any of the available practice tests. We recommend the one included in this book and the ones you can create by using the MeasureUp software on this book’s CD-ROM.
Tips for During the Exam Session
The following generic exam-taking advice that you’ve heard for years applies when you’re taking any certification exam:
Remember that you are not allowed to bring books, cell phones, electronic devices, or other materials into the test center.
Take a deep breath and try to relax when you first sit down for your exam session. It is very important to control the pressure you might (naturally) feel when taking exams.
You will be provided with scratch paper, if needed. Take a moment to write down any factual information and technical detail that you have committed to short-term memory.
Carefully listen to the proctor when you arrive at the test area and are seated. You are not allowed to open the test booklet or begin any activities until the test proctors tell you to do so. Read all the information they provide you.
Accept the nondisclosure agreement as part of the examination process. Complete it accurately and quickly move on.
Read the exam questions carefully. Reread each question to identify all relevant details.
In fixed-form exams such as this, tackle the questions in the order in which they are presented. If you find yourself spending too much time on any one question, mark it and move on.
Don’t rush, but also don’t linger on difficult questions. The questions vary in degree of difficulty. Don’t let yourself be flustered by a particularly difficult or wordy question.
Remember that even if you have a proctor escort you to the bathroom, the clock will continue to run. Use your time wisely.
Tips for Fixed-Form Exams
Because a fixed exam is composed of a fixed, finite set of questions, you should add these tips to your strategy for taking a fixed-form exam:
Note the time allotted and the number of questions on the exam you are taking. Make a rough calculation of how many minutes you can spend on each question, and use this figure to pace yourself through the exam. For the CISA, you must answer about one question every minute.
Take advantage of the fact that you can return to and review skipped or previously answered questions. Mark the questions you can’t answer confidently, noting the relative difficulty of each question. When you reach the end of the exam, return to the more difficult questions.
If you have session time remaining after you complete all the questions (and if you aren’t too fatigued!), review your answers. Pay particular attention to questions that seem to have a lot of detail or that require graphics.
As for changing your answers, the general rule of thumb here is don’t! If you read the question carefully and completely, and felt like you knew the right answer, you probably did. Don’t second-guess yourself. As you check your answers, if one clearly stands out as incorrect, of course you should change it. But if you are at all unsure, go with your first impression.
Final Considerations
Finally, be aware of the ISACA exam policy, how long the certification is good for, and any other program limitations:
Candidates may attempt the exam once every six months.
ISACA recommends that CISA candidates attend a review seminar or seek additional classroom training to have a greater chance of passing the examination, although doing so is not required.
Hopefully this chapter has answered many of the questions you might have had about the exam and has helped get you primed for your studies ahead. Just remember that the purpose of this book is to help prepare you for the CISA exam and give you a base knowledge of what is needed to perform IT audits and security assessments.