Exam Prep

CISA Examination Question Analysis - Encryption

In preparing for the CISA exam, one important area of review, which many auditors and exam takers find challenging is encryption.  While no one knows exactly the concentration nor the number of questions in any exam, which may be dedicated to this subject, one can be very certain that questions on encryption, given the topic’s role in security and internal control, will be on the exam in some form.


CISA / CISM Exam Preparation Tip #4 -- Exam Day Tips

Jennifer Boyce of Deloitte & Touche (Hi Jen!) used to do a great job serving as the Toronto ISACA Chapter’s “Director, Certifications” (a role now very admirably and ably filled by Laureen Ellis).  One of Jennifer’s traditions was to attend the final session of our preparation courses and give her Exam Day Tips.

When she left Toronto, she was kind enough to leave me a copy of the tips (Thanks Jen!).  Here are some important items to keep in mind when you find yourself sitting in that exam room on the big day, along with some of my comments:

CISA / CISM Exam Preparation Tip #3 -- Arguing with the Answers

Many of you writing the CISA or CISM exam may have a great deal of real-world expertise in particular subject areas...securing systems, writing policies, managing projects, responding to incidents.  If that’s the case, you will no doubt find instances where you strongly disagree with an answer to one of the practice questions, based on your own direct experience.

Frustration and the odd profanity typically ensue.  How should you deal with this?

CISA / CISM Exam Preparation Tip #2 -- Read the Question Carefully


As noted in Tip #1, the wording of exam questions can be challenging in themselves.  Here’s a paraphrase of one of my favourite examples:

Which of the following should be a concern to an IS auditor reviewing a wireless network?

A. Wi-Fi Protected Access (WPA) encryption is enabled.

B. SSID (Service Set IDentifier) broadcasting is enabled.

C. Anti-malware software is running on all wireless clients.

D. MAC (Media Access Control) access control filtering is used on all wireless access points.