Related Posts
Additional Posts in Risk Assurance
New to Fishbowl?
Download the Fishbowl app to
unlock all discussions on Fishbowl.
unlock all discussions on Fishbowl.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Download the Fishbowl app to unlock all discussions on Fishbowl.
Copy and paste embed code on your site

Scan your QR code to download
Fishbowl app on your mobile

Database ISACA’s 1000 questions are all you need.
Thank you!
Videos by Hemang Doshi: These were very helpful to have key concepts summarized in a short video.
http://cisaexamstudy.com/
One of the most important things to understand when studying is how ISACA asks questions. That's why I think the QAE database is so useful. Focus on things like, WHO is this question asking about? Are they asking about the duties of an IT Auditor, a project manager, a software engineer, etc. WHAT are they asking about? Are they asking about a preventative control, or detective control? e.g. reviewing activity logs won't work to prevent some unwanted activity from happening. Often times, there are two answers that feel they could be correct, and the big hurdle is understanding why one is more correct than the other.
This! Whatever else you use to prepare, this post is half of what you need to know to pass.
(for what it's worth, I wrote questions for ISACA - not CISA - thus why I think that post is so valuable)
About 1-2 hours during weekdays and 2-3 on weekends bumping up to 8 hours on weekends the last two weekends before the exam. I was working full time while studying. I bought and used the ISACA QAE and the Hemang Doshi CISA book and his Udemy videos and highly recommend them all.
1-2 hour weekdays, 2-3 hour weekends for me. Minimal stress and about 2-3 months of studying did it for me
ISACA QAE Database (online on ISACA). This was the key piece of exam prep I used. I would estimate 65% of my studying was using the QAE database. Each practice set takes about 30 minutes. This also comes with 2 practice exams.
Do the data base questions daily. 50 questions daily until you hit 1000. Make sure you understand why each answer is wrong and why the correct answer is correct. Then read the 2 chapters that you constantly where you don’t do well. Then revisit the database. Watch hemang doshi videos on YouTube.
I used the All-In-One book and the online QAE. That should be enough if you have a cybersecurity background and other certs.
I used just the official ISACA materials (CISA Review Manual 27th Edition, and the CISA Review QAE database). Spent about an hour a day for a couple of months going through the material and getting up to ~95% proficiency with the practice exams. I passed with a 650+
Hey I'm getting to about 95% accuracy too. Do all the concepts show up the same as QAE?
Feel free to DM me. I could give some insights. Cleared in just 30 days of prep.
Following.
ISACA CISA Review Manual: I got the hard copy, however there is also an online version of the book on ISACA
Essential CISA Exam Guide Audio Book: I got this for free when I downloaded the Amazon Audible
All in One CISA Exam Guide: I purchased for $45 on Amazon.
I relied heavily on the official CISA Review manual (CRM) and the ISACA QAE online database. I referred back to the CRM when I came across a topic I wasn't confident in during my QAE reviews.
I did read Doshi's book the night before the exam, and I thought it was helpful for making concrete some of the key concepts. Don't rely on it exclusively (IMO) because it doesn't address all of the topics you'll see on the exam. good luck with everything!
I used just the official ISACA materials (CISA Review Manual 27th Edition, and the CISA Review QAE database). An hour a day familiarizing myself was enough. The exam did not repeat any practice questions verbatim, but it did a good job of staying within the realm of the concepts and material contained in the study materials. It's definitely possible to pass the exam without consulting un-official sources.
You can find some decent resources on Youtube for CISA but I do think the database is the most comprehensive source personally
There is no single "best way" to study for the CISA exam, as everyone has their own preferred method of learning. Some people may find it helpful to solely use the ISACA database, while others might prefer to combine that with reading textbooks or taking classes.
Good luck with whatever you decide!
Thank you everyone! I truly appreciate it! Just bought the database and the textbook. If anyone has any suggestions on how to go about with the studying or how to utilize both of them I will be grateful for them.
Hey, anyone have any insight on what QAE scores I should be aiming for. I’m at about 81% through first 3 domains.
This is my 2nd time going through it. Been going over weak areas.
Have the 2YOE and MS in IS.
Focus on domain 4 and 5 - that is over 50% of the exam - look at the weights each domain is on the exam online