Re: Cism Practice Question Database V13 16
Vida Hubbert
To be successful in security management, it's critical to understand not only what risk management is, but also how to create and implement a plan that will help your organization counter risks and prepare to expect the unexpected.
"The certification is really a demonstration that you have the knowledge and experience already and that you're serious about career growth in the field and want to go further with it," said Peter Gregory, author of CISM: Certified Information Security Manager Practice Exams, published by McGraw-Hill.
Ready to go for your CISM to become a security or risk manager? Gregory readily admits it's a difficult exam -- even for a security pro. But, with some hard work and a lot of studying, test-takers can master the topics and prove their skills.
The following excerpt from Gregory's book offers CISM practice exam questions from Chapter 3, "Information Risk Management." This area constitutes 30% of the CISM exam, with questions on developing a risk management strategy, integrating risk management into an organization's practices and culture, and monitoring and reporting risk.
Peter H. Gregory, CISM, CISA, CRISC, CISSP, CIPM, CCISO, CCSK, PCI-QSA, is a 30-year career technologist and an executive director at Optiv Security. He has been developing and managing information security management programs since 2002 and has been leading the development and testing of secure IT environments since 1990. In addition, he spent many years as a software engineer and architect, systems engineer, network engineer and security engineer. Throughout his career, he has written many articles, white papers, user manuals, processes and procedures and has conducted numerous lectures, training classes, seminars and university courses.
Gregory is the author of more than 40 books about information security and technology. He is an advisory board member at the University of Washington's certificate program in information security and risk management and the lead instructor (emeritus) and advisory board member for the University of Washington certificate program in cybersecurity. He is an advisory board member and instructor at the University of South Florida's Cybersecurity for Executives program, a former board member of the Washington State chapter of InfraGard and a founding member of the Pacific CISO Forum. He is a 2008 graduate of the FBI Citizens' Academy and a member of the FBI Citizens' Academy Alumni Association.
Yes, this practice test is designed to give you a 360-degree view of what you will deal with during the actual exam. While we do not guarantee complete success, yet it will prove to be advantageous in understanding the strategies that work for your better performance.
The CISM practice test is a mock version of the CISM Certification Exam conducted by ISACA. A total of 200 questions form the practice test and resemble the ones in the actual certification exam. The main purpose of the exam is to enhance your ability to design, supervise, and assess the enterprise information security.
This practice test helps you to determine if you have an in-depth knowledge of designing security architecture for your IT operation, IT compliance and the integrity of enterprise systems to establish a more secure enterprise IT framework, and more. Moreover, this practice test makes sure whether you have the relevant skills to pass the CISM certification exam.
Mr.Pompilio has been an IT Professional since 1989. He has worn many hats along the way and holds over 20 IT certifications which include EC-Council CEI, CEH, CHFI, CISSP, CISA, CISM. His passion is to help IT professionals achieve their training goals and career growth.
Basically i am taking CISM and ISSMP at the same time last year, one day apart with the each other, ISSMP first and followed by CISM the next day. There are a lot of overlapping areas/domains between these 2 exams.
I took last couple of days before the exams and performing very intensive exercise over the Official CISM QAE from isaca, going through 800-900 QAE (i did not complete all of them, all is about 1,000+) and also study Official (ISC) Guide to the ISSMP CBK, Second Edition, focusing on Domain 4 and Domain 5 which is not fully covered in CISM domain or unique to ISSMP.
The key point is not to remember the question and answer, but as a mental exercise to think if you were in that situation, why you should take this approach but not the other choice and understanding what's wrong (or not the best) with the other choices.
The ISSMP overlaps the CISSP, but simply goes into more depth and expects that you've read the references at the end of each CBK. Strangely, I found it more of a practitioners exam, as you'll find you've read at lot of those references during your generally IT and InfoSec work over the years.
Yes, I do agree there are overlaps with CISSP, as the title describes, it's a concentration within CISSP and expected more in depth focusing on the security management perspective. (where ISSAP focus more on infrastructure, application, design, SDLC and cloud related)
Rather than going to chapter by chapter and reference by reference, i went through official sample test (eg. CISM) and got around 70% correct without reading any study guide or reference, therefore my approach for ISSMP is focusing on the areas which I am not certain and refresh (or clear out) those.
I'm interested in hearing about your "intensive exercise" with the CISM QAE. I've been treating the book like a huge exam, and marking my failures / progress along the way. The book doesn't really lend itself to study, but I'm doing the best I can with it.
Thanks!
edit: P.S. to say congratulations on ISSMP!
I think it depends how do you use the material/book. Let me share a bit how I am using QAE in general. (Basically is how I am using practice question in all exam preparation in similar way, not just applicable to the QAE, but QAE give a more detail explanation instead of just right or wrong)
Honestly getting the right answer is not important in this process (I got roughly 80% correct, but % does not really matter, because you don't expect the same question appear on the exam even though it may, then it's a bonus provided that you have done it and remember).
I spend 1-2 minutes in answering each question (in each domain), and regardless of right or wrong, I spend another 1-2 (or maybe even 4-5) minutes in understanding the choices (by looking at the explanation given) and also will ask myself
By doing this process, it will cover a much wider range of topic and knowledge which will be helpful for exam prepare perspective (or at least building your own self confidence / or destroying your own self confidence, either way).
if I have really miss some topic and term (you know when you are answering the question), I go back to study the specific section of related domain to dig in more or google a bit to gain more knowledge.
I took the test twice haven't passed I didnt think the test was hard at all. It was very practical questions. I need to get more professional experience I would assume. If anyone has any resources that you used it would be beneficial.
You should have been given your proficiency level for each domain when you previously took the exam, so I recommend obtaining some references from that list that will help you plug any knowledge gaps.
I sat for the CCSP exam this morning and failed miserably. I was below proficient in 4 domains and near in 2. This is really frustrating as I did not feel I was a reflection of my understanding of the material. Plus, there is not a lot of detail on the results. I have my CISSP and CISM certifications and am somewhat familiar with the ISC testing process. Knowing what I know about the ISC exams, and the cost, I did not take this exam lightly. I studied for over 2 months using the following materials:
I did all the test questions in both books as well as the Wiley database that comes when you register the book. The InfoSec course had a lot of questions and exams. Udemy practice exams with over 300 questions, and Pocket Prep. I was doing fairly well with those scoring in the 80% area.
Sitting for the exam I felt pretty comfortable with the questions. A few zingers here and there, but all in all I didn't feel horrible. I felt when I finished I had passed. I received only one page from the proctor and thought that's good..if I had failed there might be multiple pages with domains to improve in. Nope!
I think practice tests helped me a lot. By the time I took this exam, I had topped 14 IT and security certifications in under 2 years. I have done a lot of practice questions from different groups including ISC2, ITIL, CompTia, EC-Council, CIW, and others. So the various test formats helped me a lot.
While subject matter is important, I often think that is the most easiest to study for and understand; especially if you are working with it daily. However, there are parts that are outside of what we do for sure. Unless you are teaching this stuff, there will be areas we need to study for.
Regarding practice questions, it is not the answers that you are using to study, it is the questions themselves. ..and when you answer, you have to know what chair you are sitting in (engineer, manager, architect, etc).
I took a week long training course on the CCSP, but didn't do the exam. The observation I'd make is that if you've got an infrastructure, operations and hosting provider background then much of it will seem very familiar, but if you haven't you'll find it hard to relate to.
Hello
The quality of your preparation reveals to me the complexity of this exam.
Do not be discouraged now. Everything is possible for those who believe and work wisely.
I have just started my preparation for CISSP
I took the 3 month retake waiting period for this exam seriously, reviewing in detail the CBK, AIO and ISC materials and Adam Gordan's discord. Felt I was much better prepared, even did the Cybrary videos, etc. Sat for the exam 11/21 and failed again. Really, really frustrating.
b1e95dc632