Isaca Cisa Question Database
Frederic Laureano
With the test passed and the experience still very fresh on my mind, I felt I should take the opportunity share my experience and any advice to aid my fellow aspiring Certified Information Systems Auditors (CISA) out there!
What was most surprising to me upon actually taking the CISA was that none of the questions in the official ISACA test database showed up on the exam. (Christian, the co-author of this blog, said that when he took the exam the test database was very similar to the exam.) Simply running through the test database and memorizing answers will not help you (at least in my experience). It is much more important you take the test questions and read the explanations ISACA gives you then follow up in their review manual for more details.
We were asked to empty our pockets and put any personal items at the front of the room when entering. Cell phones were not allowed in the exam space and had to be checked at the front desk before entering.
During the test, only one person was allowed to go to the restroom at a time and a proctor stood outside the door of the restroom while you went. The only thing allowed on the desk during the test were a few #2 pencils and an eraser. I saw some people have their erasers inspected (because they were covered in a paper wrapping). If the leads broke on all your pencils during the test, you were out of luck and warned of that ahead of time.
The test was all Scantron (fill in the bubble), multiple choice and consisted of 200 questions. I finished the exam in about an hour and a half of the four hours allotted. I was among the first to complete the exam. We were warned repeatedly that there was a zero tolerance policy for breaking any rules and the proctors appeared to take the rules very seriously.
LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.
NB: there are 3 categories of membership (Professional, Recent Graduate and Student Member) Also note that you can pursue your CISA Certification without being a Member. Membership and Certification are two different things.
NB: The CISA Review Manual is updated to keep pace with rapid changes in the information systems (IS) audit, control, and security professions. As with previous manuals, the 27th edition is the result of contributions from many qualified authorities who have generously volunteered their time and expertise. An international job practice analysis is conducted periodically to maintain the validity of the CISA certification program. A new job practice forms the basis of the CISA. The complete CISA job practice is available at www.isaca.org/cisajobpractice
NB: The CISA Review Questions, Answers & Explanations Manual 12th Edition consists of 1,000 multiple-choice study questions, answers, and explanations arranged in the domains of the current CISA job practice. With this study aid, CISA candidates can quickly identify their strengths and weaknesses by taking random sample exams of varying lengths and breaking the results down by domain. Sample exams also can be chosen by Domain, allowing for concentrated study, one domain at a time, and other sorting features such as the omission of previously correctly answered questions are available.
TIP: When selecting your answers to the question presented, respond solely based on the information provided in the particular step and assume the mindset of an average auditor in that situation. Try not to reflect on your previous experiences with similar situations
CISA (certified information systems auditor) is a professional certificate for IT auditors. To become CISA you have to complete the exam and become ISACA member. To help you understand what CISA is about, we made a small test with exam level questions.
CISA was introduced in 1978. Around this time, IT auditing was mostly an extension of financial auditing. Auditing was mostly done at large companies that were required to have financial controls to prevent financial fraud. These companies had many policies, mainframe computers, their own data centers and many formal roles such as project steering committees. Like ISO 27001, CISA is based on risk and controls: it emphasises effective risk management by identifying business objectives, risks and selecting the right controls. Unlike ISO 27001, there is more focus on financial controls: segregation of duties, securing transactions, checksums and reconciliation.
Since the 1978, companies have evolved and are now much more aware of the value of information, the dependence of business services on IT and security and privacy risks. As a result, CISA is now an interesting mix of financial auditing best practices and information security knowledge. This makes it a challenging exam: to pass the exam you need both auditing experience and an IT background.
CISA is managed by ISACA, a professional organisation that manages many certifications. According to ISACA, you can only use the letter C, I, S and A if you become an ISACA member. To stay a member, you must keep sending them money. ISACA also has a code of professional ethics that emphasises that audits must be conducted professionally and independently.
CISA certification is not legally required for any role, but is a good way to prove that you have the required knowledge to conduct audits. Many companies have internal audit roles where CISA or a similar qualification is needed. CISA is also useful for security officers and perhaps data protection officers. It should be noted however that CISA does not tech you any specific standard. To audit ISO 27001, you should probably also do ISO 27001 lead auditor training. To become a privacy officer or data protection officer, you should study GDPR and perhaps do CIPP/E.
CISA is a good way to extend your knowledge as a professional, but is not a good way to start in any specific role. The exam is designed for people with 2-3 years of professional experience. If you are a recent graduate without relevant working experience, it is a difficult exam. The success rate for first time exam takers is said to be about 50%.
The CISA exam consist of 150 multiple choice questions, that must be completed in 3 hours. It is a closed book exam: you must learn many ISACA specific terms, either from the official book or from a course. Learning the book will bring you only half way: the questions often refer to practical terms not in the book that you should know from your practical experience. The questions also ask you to apply judgement and choose which of four good options is the best or most important. It is highly recommended to practice the specific question style of CISA. Our practice exam is a good first exercise to see how you would do in the CISA exam. ISACA offers an even larger database of test questions.
ISACA, the company that awards the Certified Information Systems Auditor (CISA) certification and creates the CISA exam, publishes an official CISA study guide. However, 2 popular alternatives are also available, and each of these 3 options has its pros and cons. These options include:
The CISA Review Manual is the most official of the CISA books available. ISACA publishes this definitive guide to the CISA exam and updates it whenever they update the exam. Therefore, you can buy the printed or digital version of the CRM from ISACA, but you can also find it on Amazon.
The consensus is that the CISA Study Guide is easier to read and understand than the CRM. At the same time, the CISA Study Guide provides a solid and detailed theoretical foundation of the main exam concepts.
The CISA Study Guide retails at about $70, and you can typically find it now on Amazon for just $40. Therefore, with these prices, the CISA Study Guide can cost you less than half the price of the CRM.
ISACA not only publishes the CRM but also offers a database of CISA exam questions and answers as well. However, you have to pay another $129-159 for this additional resource. Yet, when you purchase the CISA Study Guide, you also receive access to electronic flashcards, practice exams, a training video, and the Sybex test bank. The CISA Study Guide includes these extra materials at no extra charge, so you are once again saving money.
Unfortunately, the CRM assumes that you know the CISA exam material and therefore does not elaborate on the concepts. Consequently, some of my readers have said that using the CRM alone left them struggling to understand the principles of information systems auditing. In contrast, the CISA Study Guide shows you how to see the big picture and understand the auditing mindset. And having these abilities is critical for passing the exam.
As mentioned, a version of the CISA Study Guide that aligns with the 2019 CISA exam has yet to appear. The delay is understandable because the 2019 CISA exam only arrived in June, but ISACA was ready with the 27th edition of the CRM. Therefore, exam candidates seeking a newer CISA Study Guide have to wait longer for this alternative CISA book. And as a result, they also have to wait longer for the CISA certification.
The CISA All-in-One Exam Guide is another notable CISA book for exam candidates. Peter Gregory penned this guide, and McGraw-Hill publishes it. This guide also gives you the option of purchasing the ebook or the hard copy.
Amazon reports that the fourth edition of the CISA All-in-One, which aligns with the 2019 CISA exam, is on its way, and you can pre-order it now. So, you should be able to get the newest CISA All-in-One soon. But before you do, you should prepare for it to encompass the following merits and flaws.
Like the CISA Study Guide, the CISA All-in-One also supplies candidates with more than one study resource for the price. Specifically, the All-in-One comes with 400 practice exam questions in the Total Tester exam engine. Therefore, with this test bank, you can take full-length practice exams or customizable quizzes by exam topic.
c80f0f1006