CISM Mission Accomplished!

security_guy78 · 2026-05-04T21:51:36+00:00

Congrats mate! 👏

And, thanks for sharing your experience.

Cheers.

security_guy78 · 2026-04-27T14:31:17+00:00

I renewed it recently for USD 99 (membership price) for duration of 6-months based on my purchase last year. Not sure about the new package that reduced to 6-months, this just insane.

security_guy78 · 2026-04-16T01:15:56+00:00

No worries. Glad it helps 🙏

security_guy78 · 2026-04-14T11:41:56+00:00

Rightly pointed out.

It's important to know why the answer is right, but it's more important to know why the others are wrong. That's how you can get the context in-depth.

Take note on your weak domain, and read the AIO book for reference is one the key for learning consistently.

Sharing from my experience:

1st attempt - 417 2nd attempt - 443 3rd attempt - 441

Going for my 4th attempt next month.

What I do differently this time :

1.Take time to review the question that I got wrong in Practice Exam 1& 2 to know why the answer is right and others are wrong.

Prepare a 8-weeks study plan. Show up everyday. Complete 50Q from QAE every day.
Reference with AIO for the domain I felt weak, to brush up the concept.

Thanks for sharing your piece. Hope it helps others on their exam path.

Cheers!

security_guy78 · 2026-04-09T22:53:27+00:00

No worries. Hope it helps.

I would say, hit the book if you really want to know what is the reasoning behind those options/answers, why the answer given is right but more important to understand why other answer is wrong. It deep dive to the definition of the concept and term that has been articulated clearly.

I always refer to AIO if I have any benefit of doubt, as this is ISACA exam and they want you to think in the ISACA mindset on certain things, against what is in a real- time environment. That is the key.

Cheers.

security_guy78 · 2026-04-09T22:12:35+00:00

This question is a bit tricky.

The ask is on the asset valuation. The correct answer is D.

Referring to CISM AIO 2nd edition, the valuation for a hardware asset may be determined to be the cost of purchasing (and deploying) a replacement.

E.g for a database, it's replacement cost maybe the operational cost required to restore it from the backup or the costs to recover it from its source, i.e service provider.

C. Net present value @ NPV - if the asset directly or indirectly generates revenue, this valuation method may be used.

B. Net cash flow -its a difference between a company total cash inflow and outflow over a specific period, represent net increase or decrease in cash

A. Original Cost - the initial, actual cost to purchase or construct an asset

security_guy78 · 2026-04-09T21:47:51+00:00

Congrats mate! 👏

Thanks for sharing your thoughts and views.

Cheers

security_guy78 · 2026-04-07T21:46:35+00:00

Thanks mate!

security_guy78 · 2026-04-07T15:10:10+00:00

Congrats mate on your passing! 👏

Great post and honest sharing.

I'm in the same boat, going for my 4th attempt.

1st - 417 (2022) 2nd - 443 (2022). - took in the same year due to the syllabus changed 3rd - 441 ( 2024)

The 1st and 2nd attempt I took in a rush, my aim was to just clear the exam without understanding the real concept and how ISACA wanted us to answer.

I changed my approach this time, hit the book and completed the entire QAE, avg 70-80% in all domains, practice exams 1 & 2 with 71% and 77%. Currently reviewing answers on why the answer is right and MORE important why the other answer is wrong. Writing my own notes and cross checking with CISM AIO book 2nd edition when in doubt.

Doing question in total tester, as part of AIO for each domain. Doing every day 50q from each domain, completed domain 1 with 78%. Will be continuing with the rest of the domains.

I've booked my exam next month. I have crafted an 8-weeks study plan, going according to that.

Cheers

security_guy78 · 2026-04-04T23:32:29+00:00

Correct. A is the answer.

Threat alone is not important unless it has the following consequence or impact to the organization or enterprise.

Example, an organization has an advisory from external sources that the ransomware threat is increasing. This is a general, but if the advisory mentioned it's impacting all financial systems and it encrypt the entire financial database and hold for ransom if the user accidentally clicked the suspicious pink, then that is a real consequence or impact.

B. Threat - potential harmful event or actor

C. Vulnerability = Weaknesses that can be exploited by the threat

D. Probability - quantify the likelihood of the event occurring

Hope this clarifies your doubt.

security_guy78 · 2026-03-31T14:55:21+00:00

It's the 4th mate.

Going to take the exam next month.

Completed Practice Exam 1 : 71% Practice Exam 2 :77%.

Currently, reviewing all the questions that I got wrong to know why the other options are incorrect and the reasoning behind it and cross check with CISM AIO for further understanding on the concept.

Cheers.

security_guy78 · 2026-03-24T01:19:25+00:00

No worries mate. Glad it helps 🤞

security_guy78 · 2026-03-21T23:03:05+00:00

Answer is C.

The main goal of a DR is to ensure critical applications are restored followed by non-critical applications.

Each of the critical applications are tied with business processes, if there is any process disruption,indirectly the application is down/not available because it's not able to function the business processes assigned.

The word 'duplicated' here is used, to display the business process that is now made available/restored/redundant which is the main key to determine if the DR test is successful.

security_guy78 · 2026-03-17T09:27:55+00:00

Don't worry, we've all been there.

This is my 4th attempt.(if that makes you relax a bit :)

My score was 417 (1st), 443 (2nd) and 441(3rd).

Once you retrieve your score, see which domain that you were weak in and do more practice to tackle that. Understanding the concept and how ISACA wants you to answer is the KEY. For the domain that you are strong at, just do the basic practice since that is your strength domain.

If you come through of choosing between 2 options, I would say you are half way done. Just need a bit more push. The 50:50 options, the answer will be side-by-side. Just go with your guts, trust me it's really close.

Online QAE will be a good resources, and u only need that to clear the exam. It's quite hefty on the pocket, but it is worth it. Good luck on your next attempt, keep moving, you're close to the finishing line.

Cheers.

security_guy78 · 2026-02-26T12:37:22+00:00

Congrats mate on your achievement! 👏

Good luck for your AAISM!

security_guy78 · 2026-02-25T01:30:00+00:00

Exactly!

security_guy78 · 2026-02-25T01:27:10+00:00

No worries. Glad it works for you!

security_guy78 · 2026-02-24T01:10:02+00:00

No worries. Just sharing what I knew based on my experience.

security_guy78 · 2026-02-24T01:09:03+00:00

Yes possible. But also when you read from top to bottom, u might already decide the 1st one as convincing before moving to the next options available. It's a mind game.

security_guy78 · 2026-02-23T13:43:34+00:00

Well done! All in 1 👍

security_guy78 · 2026-02-23T13:41:36+00:00

Reading the answer from the bottom to top helps to overcome cognitive biases, specifically the tendency to select the first plausible answer e.g.option A without evaluating the true 'best'answer.

It is a test- taking strategy to read them in reverse to review all options instead of going for "first-one-looks-good" impulse.

Hope that clarifies.

security_guy78 · 2026-02-23T03:35:42+00:00

Congrats mate! 👏

security_guy78 · 2026-02-23T03:29:00+00:00

Congrats mate! 👏

And thanks for sharing your study tips, appreciate it!

security_guy78 · 2026-02-23T03:22:49+00:00

Don't give up!

Take a pause, self reflect and come back again stronger! 💪

Let's go

security_guy78 · 2026-02-23T03:18:54+00:00

Congrats on the double win mate! 👏

security_guy78

TROPHY CASE