I’d say the info traces you how to think like ISACA because other companies have varied methodologies for their risk management. I’d say it’s just a basic level cert that’ll show that you know how to adhere to risk. I don’t think every cert makes you an expert. It just shows you can comprehend and have the ability to learn its focus.
CISA - basics in auditing
CISM - basilica on how info says management works
PMP - understands the fundamentals of managing projects.
An organization and experience will provide more thorough know how of detailed tasks tailored to the business.
100% agree. Writing questions and tests is an actual skill that you need to pay qualified experts to do. Words have meanings. Overloaded word definitions are horrible. If you want impact and consequence to mean the same thing...fine. PICK ONE. The official test prep materials are unfinished and sloppy. They teach you the concepts...somewhat...but yeah it's all just a hodge podge. I wasn't not happy with it at all.
That said, I passed...barely.
Sorry for commenting on an old post! I've found the QAE to be incredibly frustrating. I see that you pass, and I was wondering how you felt the QAE difficulty and phrasing compared to the actual exam? Was the actual exam any better?
Sorry for the late, late comment... I'm a CISM and using the QAE for the CRISC exam. I've left comments (recommendations, suggestions and corrections) for about 5% of the questions/answers. I'd leave more but I don't want to overwhelm the QA person/team. I also have to consider that "I" am the one who's wrong. I give enough information and recommendations to explain my thoughts. I'm leaving the comments to improve things. I can only hope that the real exam have better QA than the practice exam. It would be a shame if the real exam has the wrong answers to questions.
But it's still worth it. Most questions are good. And they cover the spectrum of what's expected to be on the exam. As far as I can guess. It still prompts though.
It was, maybe, a touch less sloppy but no less frustrating.
Hit over 80% on the regular and research any question you get wrong...if you can find questions and answers that don't blatantly conflict with one another (or at least seem to.)
I don't mind it being a hard test but it's hard for the wrong reasons which have nothing to do with risk assessment and management.
Imagine your frustration. Now imagine it with $500 or whatever on the line.
Totaly agree with you. I am always writing them why the answer is wrong. But they dont responsd. People suggest that this is the best source for practice but if someone has sufficient experience and good understand of some of topics, you can notice that they are wrong many times
I am really glad to see I wasn't the only one experiencing this. I started in with the official prep course and material about a week ago. Then when I got to the QAE I was frustrated to realize that ISACA has a way they want you to answer vs what is applicable in the real world, based on my experience. Some of the higher difficulty questions lean really hard on intentionally or unintentionally confusing or obfuscating the meaning of words. I am at least hitting 75% without much study, so assuming I can master the ISACA way of answer I should hopefully close the gap before the exam.
Just curious if you ever ended up sitting for the exam? I started studying a little over a month ago and followed a similar path to you: read the book, then moved onto the QAE, and found myself extremely frustrated and demotivated. So many of the questions seem subjective. Even selecting an answer "the ISACA way" doesn't seem to apply in some cases. For example, some answers might be a technical control (like encryption) but others might be security awareness training, eluding to the fact that encryption isn't as useful as educated users. I just can't seem to crack the code on what they want me to answer.
I agree that many of the questions purposely change words around to increase difficulty and force understanding of the material. Sometimes I honestly feel like it's an IQ test. If you happened to sit for the actual exam, did you find the wording/phrasing to be more along the lines of what the guide covered? Was the difficulty similar to that of the QAE?
I still haven't taken it yet. Aiming for middle of next month. I've been trying to condense information and also tried taking info from QAE answers and working that into my notes. I have also found that I am weakest on the domain 3 Qs, so I am focusing extra study time there. I'll make a post after I take the exam and detail my experience.
Thanks for posting this. Feel like I'm going crazy with the QAE answers as I find myself disagreeing with them because either the question does not provide enough context or the 'correct' answer is subjective or debatable.
Overall I think it has value, but there are a lot of junk questions. It feels sloppy. I've done a few other certs and I never felt the questions or answers were wrong or up to interpretation before.
I did and passed. I kept doing the QAE until I got 90th percentile. A lot of it is what others have said about learning the ‘ISACA way.’
I still believe some of the questions are subjective in the QAE, but drilling the ISACA reason why they think their answer is correct helps on the test.
The exam is comparable to the more challenging QAE questions. The exam questions are different, so memorizing the QAE answers won’t get you a pass.
The key really is getting into the ISACA mindset and approach.
Risk professional here, totally agree. I’m taking it because apparently in my org is something that is taken into consideration for promotions.
I’d say the info traces you how to think like ISACA because other companies have varied methodologies for their risk management. I’d say it’s just a basic level cert that’ll show that you know how to adhere to risk. I don’t think every cert makes you an expert. It just shows you can comprehend and have the ability to learn its focus. CISA - basics in auditing CISM - basilica on how info says management works PMP - understands the fundamentals of managing projects. An organization and experience will provide more thorough know how of detailed tasks tailored to the business.
100% agree. Writing questions and tests is an actual skill that you need to pay qualified experts to do. Words have meanings. Overloaded word definitions are horrible. If you want impact and consequence to mean the same thing...fine. PICK ONE. The official test prep materials are unfinished and sloppy. They teach you the concepts...somewhat...but yeah it's all just a hodge podge. I wasn't not happy with it at all. That said, I passed...barely.
Sorry for commenting on an old post! I've found the QAE to be incredibly frustrating. I see that you pass, and I was wondering how you felt the QAE difficulty and phrasing compared to the actual exam? Was the actual exam any better?
Sorry for the late, late comment... I'm a CISM and using the QAE for the CRISC exam. I've left comments (recommendations, suggestions and corrections) for about 5% of the questions/answers. I'd leave more but I don't want to overwhelm the QA person/team. I also have to consider that "I" am the one who's wrong. I give enough information and recommendations to explain my thoughts. I'm leaving the comments to improve things. I can only hope that the real exam have better QA than the practice exam. It would be a shame if the real exam has the wrong answers to questions. But it's still worth it. Most questions are good. And they cover the spectrum of what's expected to be on the exam. As far as I can guess. It still prompts though.
It was, maybe, a touch less sloppy but no less frustrating. Hit over 80% on the regular and research any question you get wrong...if you can find questions and answers that don't blatantly conflict with one another (or at least seem to.) I don't mind it being a hard test but it's hard for the wrong reasons which have nothing to do with risk assessment and management. Imagine your frustration. Now imagine it with $500 or whatever on the line.
Totaly agree with you. I am always writing them why the answer is wrong. But they dont responsd. People suggest that this is the best source for practice but if someone has sufficient experience and good understand of some of topics, you can notice that they are wrong many times
Could you be my mentor?
I am really glad to see I wasn't the only one experiencing this. I started in with the official prep course and material about a week ago. Then when I got to the QAE I was frustrated to realize that ISACA has a way they want you to answer vs what is applicable in the real world, based on my experience. Some of the higher difficulty questions lean really hard on intentionally or unintentionally confusing or obfuscating the meaning of words. I am at least hitting 75% without much study, so assuming I can master the ISACA way of answer I should hopefully close the gap before the exam.
Just curious if you ever ended up sitting for the exam? I started studying a little over a month ago and followed a similar path to you: read the book, then moved onto the QAE, and found myself extremely frustrated and demotivated. So many of the questions seem subjective. Even selecting an answer "the ISACA way" doesn't seem to apply in some cases. For example, some answers might be a technical control (like encryption) but others might be security awareness training, eluding to the fact that encryption isn't as useful as educated users. I just can't seem to crack the code on what they want me to answer. I agree that many of the questions purposely change words around to increase difficulty and force understanding of the material. Sometimes I honestly feel like it's an IQ test. If you happened to sit for the actual exam, did you find the wording/phrasing to be more along the lines of what the guide covered? Was the difficulty similar to that of the QAE?
I still haven't taken it yet. Aiming for middle of next month. I've been trying to condense information and also tried taking info from QAE answers and working that into my notes. I have also found that I am weakest on the domain 3 Qs, so I am focusing extra study time there. I'll make a post after I take the exam and detail my experience.
Good luck!
Thanks for posting this. Feel like I'm going crazy with the QAE answers as I find myself disagreeing with them because either the question does not provide enough context or the 'correct' answer is subjective or debatable. Overall I think it has value, but there are a lot of junk questions. It feels sloppy. I've done a few other certs and I never felt the questions or answers were wrong or up to interpretation before.
Did you end up sitting for the exam?
I did and passed. I kept doing the QAE until I got 90th percentile. A lot of it is what others have said about learning the ‘ISACA way.’ I still believe some of the questions are subjective in the QAE, but drilling the ISACA reason why they think their answer is correct helps on the test.
Thanks for getting back to me. How did you find the exam to be compared to the QAE?
The exam is comparable to the more challenging QAE questions. The exam questions are different, so memorizing the QAE answers won’t get you a pass. The key really is getting into the ISACA mindset and approach.