Free CISA/CISSP prep roundup

A bunch of free study links for Certified Information Systems Auditor and Certified Information Systems Security Professional just started circulating, and they land at a moment when both exams are already built around job tasks instead of trivia lists. ISACA says the Certified Information Systems Auditor exam has 150 questions across 5 domains, and ISC2 says the Certified Information Systems Security Professional exam uses computerized adaptive testing with 100 to 150 questions across 8 domains. (isaca.org) (isc2.org) Those two certifications test different jobs even when they live in the same security team. ISACA describes Certified Information Systems Auditor as the credential for people who audit, monitor and assess information technology and business systems, while ISC2 positions Certified Information Systems Security Professional around security leadership, implementation and management. (isaca.org) (isc2.org) That is why good prep for Certified Information Systems Auditor feels like learning how an inspector reads a building plan. ISACA’s outline centers on audit process, governance, systems acquisition and development, operations resilience, and protection of information assets, which is less “memorize a port number” and more “spot the control gap before it becomes a finding.” (isaca.org) Good prep for Certified Information Systems Security Professional looks different because the exam is aimed at people who design and steer security programs across a whole company. ISC2’s eight domains span security and risk management, asset security, architecture and engineering, network security, identity and access management, testing, operations, and software development security. (isc2.org) The free material getting shared works because it starts with the map before the flashcards. Both ISACA and ISC2 publish official exam outlines, and those outlines are the closest thing these exams have to a blueprint because they spell out the domains and subdomains the questions are written against. (isaca.org) (isc2.org) For Certified Information Systems Auditor, the easiest free on-ramp is ISACA’s own practice quiz. ISACA says the free quiz uses questions at the same difficulty level as its official test-prep solutions, which makes it useful for calibrating how the exam asks about evidence, controls and risk. (isaca.org) For Certified Information Systems Security Professional, the free material people keep recommending is usually visual and domain-based rather than giant question dumps. Destination Certification publishes free Certified Information Systems Security Professional mind maps by domain, and its public YouTube playlist breaks topics like cryptography, cloud and incident response into short review blocks. (destcert.com) (youtube.com) The paid tools in these study plans are there for a different reason: they simulate pressure. Boson says its ExSim-Max for Certified Information Systems Security Professional includes 6 full-length practice exams and 900 questions mapped to the 8 domains, so candidates use it less like a textbook and more like a flight simulator before test day. (boson.com) The official vendors also keep reminding people that the exam is only one gate. ISACA says you can sit the Certified Information Systems Auditor exam before meeting the work requirement, but certification still requires 5 years of information systems audit, control, assurance or security experience, while ISC2 says Certified Information Systems Security Professional requires 5 years of cumulative paid work in 2 or more domains, with only 1 year eligible for waiver. (isaca.org 1) (isaca.org 2) (isc2.org) That changes how serious candidates study. The best plans now start with the official outline, add one trusted guide, use free domain reviews to build mental models, and then use practice questions to learn judgment under time pressure instead of trying to brute-force 1,000 disconnected facts. (isc2.org) (isaca.org)