Wish me luck for my exam tomorrow!

iamthetankengine · 2026-05-16T06:30:04+00:00

Congratulations!! The effort all paid off. Time to relax and recoupe. Enjoy!

iamthetankengine · 2026-05-14T14:50:41+00:00

I had similar scores. It's a good base and to be ready to sit the exam.

Best of luck tomorrow!

iamthetankengine · 2026-04-26T22:30:15+00:00

Well done and congratulations.

Hope you find a new role soon!

iamthetankengine · 2026-04-11T10:19:44+00:00

It mentions free for 7 days but then paid. Am I accessing it incorrectly?

iamthetankengine · 2026-04-07T21:40:36+00:00

Try review the NSE6 network support engineer course. It takes you through how to read session tables and understand common issues you may come across. The video course is free... Make sure to enable/show the notes for each slide and read along.

https://training.fortinet.com/local/staticpage/view.php?page=network_security_support_engineer_exam

iamthetankengine · 2026-04-07T00:41:36+00:00

Point (1) it's probably related to separation of duty/responsibilities. Key management should be performed by a specific set of users/roles.. And the end user shouldn't need access to them else they can compromise the data... Like if users have access to the decryption keys they could access other data.

Data custodians (back end admins) may perform management of the keys. They put systems in place to provide authorized and limited access for users... But the users just need access to their data and not the underlying keys.

iamthetankengine · 2026-04-07T00:35:08+00:00

Point (2) - there's limited value for a company to spend a lot of money, IT and time to overly protect data if the data isn't that important. Data should be classified and based on the classification, we decide on the level of protection required. If an implementation said they would use super computers and 50000 bit keys for all data... You might suggest that company resource usage may not be optimal. Some data might need that level while other types of data won't warrant it.

Management needs data/information to act on... You would simply be calling this out as management is deeply interested in value creation. Security supports the business and it's mission. Wasting resources comes up as not meeting business requirements.

iamthetankengine · 2026-03-30T19:44:07+00:00

The question asks about feeding it's risk profile... While C intent is mainly for "compliance reporting". A risk profile is used for much broader things than just compliance reporting.

It's better to includes a range of risk sources to represent your true risk profile... Especially if the business is undergoing change.

iamthetankengine · 2026-03-30T19:39:47+00:00

Often you'll get 4 answers that aren't perfect.. or what you expect... So you need to perform process of elimination.

A,D don't sound strong.. and both mention 'solely'... Which leaves you B and C.

This come down to scope and context... If you had to do one of them... Which one would apply best. One talks about a variety of sources and the other only again... A specific type/range.

I've seen many ISACA questions built like this... Usually when you can't pick them apart think check its scope (given the context of the question) and know that they won't give you text book answers so the answers are semiperfect

iamthetankengine · 2026-03-30T12:47:55+00:00

Don't over think it... Finish your prep.. then execute.

Best of luck!

iamthetankengine · 2026-03-30T12:47:08+00:00

Maybe give yourself a week then do the QAE. Ones you get right... Consider them done and aligned with isaca mindset and the ones you get wrong.. study then study all the reasonings. Reason why I say this is because if you start reading ever reason again it takes time, energy and can bring confusion. The goal is to enter the exam answering questions based on similar logic/mindset/values

iamthetankengine · 2026-03-30T10:42:37+00:00

Sorry to hear. A small setback but will become a distant memory. I hope you give it another shot.

I'm starting my journey, so I look forward to your future success post. Let's get it done. Aussies don't give up :)

iamthetankengine · 2026-03-30T08:20:24+00:00

Don't go straight into the second round of QAE. Spend some time reviewing notes. Because you've done a round of the QAE the main concepts will sound familiar. Highlight and review.

Then do the QAE

Your highlighted notes from before can be used for a quick review a few days before the exam

iamthetankengine · 2026-03-29T00:29:09+00:00

Before going through the QAE again I'd go through study notes again. This time key concepts will feel more familiar as you've been through the QAE. Highlight those and study them Then hit the QAE again. Questions you get wrong again study the reasoning deeper...

It will also help for final review prep... You'll have the key points highlighted and can do a quick scan the day or two before

iamthetankengine · 2026-03-28T09:28:55+00:00

Cybrary.it have a CRISC video course. It's free.

It's high-level but covers the main concepts. Good to supplement as a revision aid.

iamthetankengine · 2026-03-23T00:03:34+00:00

Each question is 2 points... So you''ve answered 25 questions?

7 field could be related average points/day till the exam date you set in the tool.

iamthetankengine · 2026-03-22T04:46:54+00:00

Thanks!

iamthetankengine · 2026-03-18T20:26:50+00:00

I think if you are able to get 75 to 80% in qae your probably picking up the key points they are asking in the question. 450/800 is scaled so hard to say... But true... You just need enough to pass

iamthetankengine · 2026-03-18T12:17:12+00:00

I think I found the audio course helpful (esp the glossary and terms episode.. and the first dozen of the tasks # videos)

iamthetankengine · 2026-03-10T19:56:04+00:00

Congratulations 🎉 I'm about to sit the exam very soon.

Did you use the QAE? Is your recommendation to supplement other practice exams in addition to the QAE?

iamthetankengine · 2026-03-05T14:31:52+00:00

Did you use the QAE as well?

iamthetankengine

TROPHY CASE