Passed with a 476 on my first attempt - Do NOT do what I
did. ([Link])
submitted 9 months ago * by IAmRudyTomjanovicAMA
Well, let me correct myself:
Sure, you can do what I did and maybe pass, but after reading all the
stories here and based off of my own experience, I probably should
have studied for a longer time and with more resources. I was getting
very nervous and worried while taking the exam itself, which is the last
thing people want to feel while taking such an important exam. If the
exam did not say pass/fail at the end of it and we had to wait 10 days
for the pass/fail (along with the score), then I honestly would have
spent that 10 day waiting period thinking that I failed.
Method of Study: 2.5 month period of studying using the ISACA QAE
and Hemang Doshi's videos.
First month and a half - I mostly studied just on weekends and not
weekdays. On weekends, maybe like a total of 4-6 hours. During this
month and a half period, I only did the QAE and went through it once
and wrote notes for questions that I got wrong, because I wanted to try
and actually understand concepts versus just memorizing answers. I
even wrote notes on the ones I got right since some of those were
guesses/difficult. This is obviously a good approach, but if you really
want to learn fundamentals, I recommend following what other people
did here and buy a book or something. Honestly, I probably should
have studied more during this first 1.5 months, like a little bit after
work on weekdays, but I didn't want to burn myself out.
Second Month - I started studying every day after work for at least 2
hours. Sundays became dedicated as a study day for me and I'd study
for about 5-7 hours on just Sunday. Saturdays I'd study anywhere from
2-4 hours. So we're looking at weekly study sessions of like 15-20 hrs
for that second month. I re-did the QAE one more time. On the first
weekend of this month, I took my first practice exam and got a 68%.
Then I continued the study pattern as I just described and on the third
weekend of this month, I took my second practice exam and got an
83%. After taking that second practice exam, I kept going through QAE
questions, especially the ones I got wrong and tried to really
understand the logic and "piece together" the fundamentals of IT audit
myself. I think the best method to do this is to actually buy a book, like
�I just mentioned previously. Also, In the final 2 weeks prior to my
exam, I watched ALL of Hemang Doshi's videos on youtube (like 83
videos), which really helped me understand some fundamentals,
especially PKI and digitals sigs/certificates, different firewalls and their
implementations. I even did a lot of the practice questions on his site
([Link]). So like I said, all this studying in the second
month accounted for anywhere between 15-20 hours per week. The
few weeks leading up to the exam, it was getting so stressful and
anxiety inducing that I just wanted to get it over with.
Exam Day The exam testing center and the check in process and the
testing room's conditions were honestly all fine. I have no complaints
at all on these things. When I started the exam, I literally think I
skipped the first 5 questions. My adrenaline was really going wild and
while reading several questions, I realized that this was going to be
fucking tough. Basically my first time through, I skipped a bunch of
questions that I had absolutely no clue on, answered some that were
really easy (which wasn't that many, at least for me), and flagged a
bunch that I was able to narrow down to 2 answers but still wasn't sure
about it. After going through the 150 the first time through, I looked
through my question index and I had like 20-30 questions unanswered
and an additional 30 that were flagged. I started to panic and realize
that there is a solid chance here that I won't pass. I went ahead and
tackled the ones that I had unanswered and tried my best to pick the
best one, but like I said there were a few that I had no clue on, and the
concept hadn't popped up in the QAE. Then I went back to the flagged
questions, and tried to pick the best of the 2 answers that I thought
was right. Finally after doing all this, there was maybe 45-ish minutes
left and I thought, what the hell, let me see if I can speedrun all the
questions and see if my answers make sense, especially to the ones I
had trouble one. On the really difficult ones, I kept second-guessing
myself and during this 45-minute crunch time period, I think I changed
2-3 answers. Who knows, maybe those 2-3 answers are what got me
over 450, but I have no clue. With 5 minutes left, I just decided that I
would wait til the entire timer runs out because I was feeling kinda
shitty at that point. Like I said, I felt like it was a real tossup, but I kind
of told myself that I should not be surprised if I did not pass. I started
getting really annoyed because I had just spent the last 2.5 months
� (especially the last month) busting my ass for this thing and I might
have to take it again. Finally, the timer runs out, the stupid post-exam
surveys pop up, and then the screen loads for like 30 seconds (felt like
forever). After that...in nice, green font the word PASS appears. I could
not believe it and felt so fucking relieved. I barely even remember
walking out of there and sitting in my car to be honest.
Criticisms of the Exam I have a few minor criticisms, but one major
criticism. I'll knock out the minor ones first:
Putting the post exam survey right after the exam but BEFORE it says
pass/fail is absolutely cruel. Either do it after the pass/fail message or
send an email a few days later. When finishing the exam, the first thing
on the test-takers mind is "did i pass or not", we do not want to fill out
this stupid survey.
I really wish the practice exams in the QAE were scored the same way
as the actual exam. I'm sure everyone here feels that way. I get that
ISACA wants to be ambiguous and mysterious, but overall what's the
point of this? When I got a 68 and 83 on the practice exams, what did
that even mean exactly? I just wished it was scored on the 200-800
scale, that way people can accurately gauge if they think they are
ready for the exam or not. It's because of my results on the QAE that I
thought I was at least pretty prepared for the exam, but I ended up
nearly with a not pass.
The exam felt way wordier than I expected. The QAE and the practice
questions that Hemang publishes have a few wordy questions that you
have to take time to read, but overall one or two sentences is usually
the max. I 100% feel that the exam had tons of wordy questions that
required a lot of reading time, which totally messes with you when you
have 4 hours to take the exam.
My major criticism: I do NOT feel like the QAE is good for studying
the exam. The exam was a lot different from the QAE and I feel like
ISACA purposely made it not that representative. For those of you
studying for the exam and about to take it, I'm not trying to scare you,
but do not solely rely on the QAE. I think at best, the QAE just
demonstrates that there are questions where you will have to pick
between the two best options. That's it. That's the extent to which the
QAE helped for me, I feel. There were even some concepts/questions
� on the exam where the material itself was something I had not seen in
the QAE. This is why, if you plan to take this exam, you need to buy an
actual book on IS auditing. I feel like that will cover every concept you
need to know for the exam, and the QAE will be there just for question
structure. Also, I in no way expected any recycled questions, I did not
want recycled questions, I wasn't asking for recycled questions, all I'm
saying is that I do not think the QAE questions were representative of
what is on the exam and vice versa. Also, You can find a lot, if not all,
of the QAE questions all over question banks on the internet, so those
questions have been recycled for many years now. I've taken many
standardized tests over my school career and actual career, and I feel
like this study material (which was actually published by ISACA, the
test-maker) was the least representative of what was actually on the
test compared to anything I've taken.
Final Takeaways/Advice
Do the QAE at least twice and actually understand why you get certain
answers wrong. It sounds cliché, but the whole "narrowing it down to 2
answers and picking from the best" is 100% evident in both the QAE
and exam.
Watch Hemang Doshi's videos and also check out his website. He
really helps with fundamentals in some tough topics.
Get some sort of book that will actually teach you the fundamentals. I
know ISACA has some guide or whatever that goes along with the QAE,
but I'm not sure. I know Hemang has a book. I know there's also
another book that's mentioned here often that's pretty popular. The
point is, don't expect to for sure pass if you just use the QAE.
Absolutely get a book that teaches you IS auditing. In fact, you should
dedicate a whole month to just learning the concepts and
understanding everything from risk assessments, digital signatures,
PKI, DRP, BCP, etc. before even looking at the QAE. Maybe try studying
over a 4-5 month period. Because you should really grasp the concepts
initially prior to doing the QAE, in an ideal world. I think this test is best
taken by someone who has studied and understood the concepts and
has lots of real life experience. I reiterate, do not just go through the
QAE. Ask someone on this subreddit what the best book is to study
(unless someone wants to comment it), because I clearly do not know
since I didn't use one.
� I know that there are people on this subreddit who say things like "i
passed the exam with 7 or 8 days of hard studying blah blah blah". I'm
not saying that they are bullshit, but I honestly do not believe it. I'll
give them the benefit of the doubt, and sure let's say it's the truth,
these people probably have tons of auditing experience and have
taken exams very similar to this one. That's why, if this is your first
audit exam or you're new to IS auditing, you should not pay any
attention to these folks because it should not at all be representative
to how you should approach studying and taking the exam.
Finally, this was my scoring breakdown (keep in mind, my
scores on the QAE were way better than what's below):
Information Systems Auditing Process - 520
Governance and Management of IT - 406
Information Systems Acquisition, Development, and Implementation -
359 (lmao)
Information Systems Operations and Business Resilience - 450
Protection of Information Assets - 669
Good luck to all of you.
