FREE CISA Exam Practice Questions

cisa study guide, tipsIf you’re looking for FREE practice questions for the CISA exam, I found a good resource.

The site provides over 900 questions for you to test yourself.

However, you can only access 20 questions at a time from the 5 chapters of the ISACA CISA Review Manual, which are:

  • The Process of Auditing Information Systems
  • Governance and Management of IT
  • Information Systems Acquisition, Development and Implementation
  • Information Systems Operations, Maintenance and Support
  • Protection of Information Assets

The good news: after you finish the first 20 questions, you can request another set of 20 questions. Each set of questions are selected at random and provided to you in an interactive fashion.

Since each chapter is covered by a test bank of 100+ questions, you tend to get different questions each time (until you do the chapter 4 or 5 times).

Other good news: You can also choose to take a 20-question quiz that picks questions from a full exam test bank (all 900 questions). If you take that section over and over, you’ll get something close to a full exam in 20-question increments.

How to take a Free CISA Quiz

  1. Go to
  2. Click the Take a Random 20 Question Quiz link next to the chapter you’re interested in (Chapters 1-5 or the complete exam section).
  3. Enter your name and email address, and click OK (you have to do this at the start of each 20-question quiz).
  4. Read the question and select your answer, and click Answer (clicking the other button ends the quiz).
  5. Read the feedback on your answer, which indicates whether your choice was correct. Click OK to go to the next question.
  6. Continue answering the questions in the same manner, noting how much time you have remaining in the upper right corner.
  7. When you’ve answered all the questions, the quiz will be graded. You will see whether you ‘passed’.
  8. Click Review Quiz to review all the questions and your answers, one at a time. Both your answer and the correct answer will be identified for each question.
  9. If desired, click the Feedback button on each question to see why your answer was correct or wrong. Click Next to move to the next question.
  10. When you’re done reviewing your answers, note that no ‘Finish’ or ‘I’m done’ button exists.

To start a new quiz, look to the top of the page and locate this text:  Home » Free Resources » CISA Practice Tests » CISA Practice Test – Chapter #x . Click the CISA Practice Tests portion of the link (shown in red above). That allows you to select another to another 20-question quiz.


P.S. The only other free CISA practice questions I’m aware of are at ISACA; see my post, FREE CISA Prep: Self-Assessment Exam.

IF you know of other sites that offer FREE CISA practice questions, post the links in the comments, and PLEASE indicate

1) how many questions are available, and

2) whether registration is required.

Please don’t post any sites with less than 10 questions. Thanks!

See all my posts about CISA here: Master List of CISA Articles




Filed under Audit

35 responses to “FREE CISA Exam Practice Questions

  1. TT

    Thank you for sharing.
    I passed the CISA exam! Top 10%. I just knew it a few minutes ago. You are the first person I tell.
    Thank you again for all the help you give us in this blog, which is priceless for the people like me who want to start an IT auditing career.


  2. TT


    I tried to manage my exam preparation as a project. Time frame was 6 months.

    CISA has five knowledge domains. four of them overlapped with CISSP’s. I was very confident of my knowledge on information security domain, which carried most weight (30%) among the five domains. After scan-reading the information security domain from the CISA Manual to make sure that it was not deeper than CISSP one I decided to put in most my time on studying other four domains. The exam result proved that this decision was correct. Although the infosec domain costed me much less time to prepare comparing other domains, it got highest marks.

    I divided this project into six tasks. The first five tasks were planned to read five domains . They were prioritized according to how well I knew the domains. The sixth was to do practice questions from CISA databases.

    The books I used were CISA ALL In One and CISA Exam Manual. I tried to read the Manual from cover to cover but failed after two chapters. Its content was solid and valuable but very very very…..dry. I seriously believe that It was written with a purpose to discourage people to take the exam. Not only did it torture me mentally, but also physically. The font size of prints was so small that I had to use magnifier to read the book. It was titled as CISA Manual for a reason. Do you read every system Man Page if you are a system admin/engineer? I don’t.

    I did read ALL in One from cover to cover and finished all the questions from CISA questions database. I checked with the Manual when I needed official clarification for any concept or procedure.

    My CISA testing experience was painful, for the exam was stressful and I started having a serious sore throat in that morning. It took me four hours finishing the exam. An interesting thing I observed was that some people did not bring any pencil as required. They got the pencils from the proctors. I wondered why they risked failing the exam by not simply following the basic requirements.



    • TT,
      Wow, thanks for your comments and experience. I like the way you tackled this. A few comments of my own:
      Saying the official manual was dry is an understatement. It’s horrible.
      I often skip reading a lot of material on a regular basis.
      Some people don’t bring pencils and do such things, I think, because they are careless and expect others to pick up the slack.
      During my CISA exam, a Deloitte auditor opened his exam right after the proctor told us to leave them closed. He wasn’t caught, but he’ll get his due eventually.
      When I drive the speed limit (so to speak), I don’t have to worry about getting a speeding ticket. I don’t let those who cut corners get me down. I just keep being me, sleep well at night, and am ready to meet my maker.

      Liked by 1 person

      • Yo

        TT, Congrats as well! To add to Mack’s comment, when I took the CISA years ago, i never bothered opening the official review book because I read the first 10 pages and was bored. I ended up using Sybex’s review book.

        One thing I did notice was that questions from the test bank was very similar from the CPA exam so I ended up using the test bank for the CPA Auditing part then also found some correlation to Network+ and Security+.

        Congrats again!


        • Yo,
          I appreciate all your comments, on this post and others.
          I found way back that the official book had material the others didn’t, but it does not seem to be true anymore. Thanks.


        • TT

          Thank you!
          A naive question, is the difficulty of CPA’s auditing part equal to CISA’s?


        • TT,
          That’s not a naive question. While I am no CPA, I’d say it’s different. Some people understand technology and others finance.
          Both have to be working to have control over financial reporting.
          How about someone who’s a CPA and an IT auditor answer that question?


      • TT

        “When I drive the speed limit (so to speak), I don’t have to worry about getting a speeding ticket. I don’t let those who cut corners get me down. I just keep being me, sleep well at night, and am ready to meet my maker.”

        Yes, if a person can live principles and “Search his/her own heart with all diligence for out of it flow the issues of life” his/her life will be easier, simpler and more beautiful.

        Liked by 1 person

  3. Yo

    Hi TT,
    So I was actually doing on the track of becoming a CPA and later decided to not pursue it as a career. I halted my progress after passing the Auditing part and had 3 parts to do…just had to stop since I just wasn’t into it anymore that’s when i jumped into my CISA.

    I would say that the Auditing part of the CPA exam was much more difficult. I definitely learned a lot in taking the CPA exam…techniques on how to take it and really understand what the exam question is asking….I was able to carry that over to CISA. What also helped now that I think about it was there’s another section in the CPA exam called Business (which was how they were calling it when I was studying for it). It had Business + Technology. I noticed some similarity on how they were asking questions to the CISA so I hit those questions as well.

    Come CISA exam, it was such a breeze for me anytime it was asking audit question just because of my experience with taking the CPA exam (and also had Financial Audit experience).Surprisingly, I finished 2.5 hrs ahead schedule. When I was done taking the exam, I didnt want to go through and change answers so I stood up, and when I turned around since I was sitting in the front, I freaked out because 90% of the room was still filled and the lady next to me gave me this wide eyes like saying what you’re done!? lol. I actually thought I flunked (trust me that’s just the general feeling you get after taking CPA exam lol) but thank goodness I passed. Not to say I didnt put in the time and studied since it took me abt 3-4 months of solid studying…so yah CPA is a beast.


    • TT,
      There’s your answer…

      Thanks for sharing your experience.

      When I finish exams early, I go over my answers. I changed a bunch of them in CISA and CISSP and passed both the first time.
      I read a lot of the questions wrong the first time.


      • Yo

        That’s a great test taking technique I’ll use for the CISSP (assuming I can open that darn book and get going with studying!). I think when I was taking the CISA back then, I still had the mind set of taking CPA. With the CPA exam, they had 3 testlets 30 questions for each testlet and there’s a no point of return after submitting each testlet. I had to change my approach in taking the exam; I marked the questions I didnt understand, moved on to the questions I can answer and went back to the ones I marked needed attention. It was nerve racking because the exam was adaptive so after submitting testlet 1 – it knows your weakness and it will exploit it on testlet 2 and 3. You’ll know your weakness too because it will ask questions with the same genre. Womp womp womp. After 3 testlets, you’re then tasked to do what they call “simulations” 2 parts. It’s a mix of multiple choice question but also writing up reports, drag and drop, etc. Lots of ground to cover for a 4 hr window.

        One thing I will do, when I pass the CISSP I’m gonna keep going to try to get more certs I want/need. It’s hard to get back into studying mode since it’s been 2.5 years since CISA.


    • TT

      Many thanks for the clarification.
      I have heard that doing financial system auditing is where the big money are. I guess that CPA helps taking that route.

      Yes, you are that kind of people I will “hate” to see during exam. When I still had 80-90 questions not finished after three hours struggling, you already went home and sat in couch watching TV. :)


      • TT,
        Thanks for the CISSP link.
        Unless you doing forensic auditing, I’ve found the auditing money is in IT auditing since technical people are usually paid more. Good money in data analytics too.

        When I’ve seen salaries, IT auditors almost always make more than operations and financial auditors….


        • Yo

          I agree. IT Audit has more $. With financial audit, I hit a ceiling so fast especially even making a switch from external audit then to what they call corporate accounting. Even if you make it as a Controller and CFO, they hit a ceiling quick. With the amount of hours you put in and stress, I think it’s a diminishing return. I’ve done my fair share of financial systems audit as an external financial auditor and at some point it gets boring and redundant all financial systems will record and report at some point just packed differently. I like the IT audit space more…at least that’s my take on it.

          I do have to say I’m glad I’m well versed in both worlds. Now that I’m on the IT side, I can get the external financial auditors straight when they start veering off their scope and objectives. Especially when it comes to SOX horrayy!


        • Yo,
          Seeing both sides is very valuable. And I agree that the financial side has long hours and more stress.


  4. Hi,

    I have 2015 CRM will it allow me to pass 2016 Exam ?


    • cyberdxo,
      I answered this question somewhere else on the blog, but couldn’t find it. Here’s the short answer: maybe. It depends on how much IT audit experience you have and how well you know audit procedures and IT processes. If you are new to IT or audit or both, probably not. If you have been auditing for a while and know your stuff, you could probably pass.


  5. DS

    who compiled these questions and where were they taken from? just wondering how close they are to the actual test


  6. yo


    For those who have recently taken the test; are the questions found here comparable? or are the questions found on ISACA’s self-assessment exam more comparable?

    I wouldn’t put it past ISACA to make their self-assessment test very difficult in order to scare candidates in to buy their study materials…


    • yo,
      It’s been a long time since I passed the exam, but I’d the best use of questions is to show you where you are weak and what areas you need to study more in. So the better the questions, the harder you have to study. I don’t see a downside, as you’ll be a better auditor.

      These certs have to strike a happy medium. On one hand, the exams can’t be too easy, but on the other, they can’t be too hard, or they won’t make any money. Sad, but true.


  7. Mayor

    Please I need someone to help me with CISA full study text in soft copy. My email address is (DELETED BY EDITOR).com . I want to write the exam but not really buoyant financially.

    EDITOR’s NOTE: Sorry about your finances, Mayor, but this isn’t a trading/sharing site, and this kind of sharing leans toward unethical.-Mack


  8. Pingback: CISA Exam Resources – Audit Monk

  9. Arun

    I am not able access the next set of question in the above mentioned link at
    Every time the same set of 20 question is re-appearing. Can you please help.


    • Arun,
      Not sure what you are seeing. It worked fine for me, and I received diff questions. Did you enter your name and email address both times?

      Keep in mind this is NOT a website that I control.

      You might want to click ‘About Us’ link and then send them a message (see bottom of that page).


  10. sharon

    i have a problem in accessing the practice test link. any suggestion for the workaround?


  11. Shirley

    I’ve tried by different browsers, but still cannot access the practice test link.
    Anyone know if the link is closed?

    I have the CISA Review Manual on hand, but it’s really very very dry. Could any of you give me some suggestions on below:
    1. each domain contains the task statement & knowledge statements, could I treated these as “summary” ? Or, I need to remember them?
    2. The Review Manual has sometimes quoted the ISACA IS Audit and Assurance Standards / Guidelines, COBIT 5, and ITAF, do I need to study through them all? I mean need to remember the contents or just know what’s it about roughly?
    3. To prepare the exam, is the first priority study material the CISA Review Manual?
    4. Please advise if there are more practice questions.

    Million Thanks to all.


    • Kyle

      1) Those are the overview of what you should know, the key items are the content within the chapter
      2) Knowing what those are for should be sufficient, they explicitly mentioned that you do not need to memorize those, instead a high level understanding should be enough
      3) CISA Review Manual has everything they will cover, but IMO the book on Questions and Explanations is more important. The questions will not be identical to that of the exam, but the thinking process is the same. Getting enough practice on that is more important than memorizing the book.
      4) If you buy the CISA All in one guide by peter, they do provide a CD with another set of questions, and if you want even more you can buy a 12 month access to the question database on ISACA.

      p.s. I just wrote about my CISA experience in my blog though, so… if you’re interested you can take a look at it. I actually thought the review manual was interesting, so I’m not sure how much of that would be useful to you.


      • Shirley

        Hi Kyle,
        Thanks for the sharing. I’m neither an IT security expert nor accountant, but just know some on information systems.
        I plan to take the exam on the coming early dec, but I just read ch.1 of the review manual so far and it makes me a bit frustrated. I cannot say it’s boring, but it seems many things to know and I cannot find out the focus of the domain.
        I just visit your blog, it’s cool. Congratulations for your successful and may I get your advice in case I encounter difficulty lateron?


        • Kyle

          Hi Shirley,

          If we’re talking about taking the exam, you mostly are expected to understand the topics at a high level, and not much technical knowledge will be tested (except some things that covers how digital certificate, PKI, etc works.) Instead focus on what can go wrong, and what action you can take to prevent/correct those.

          The core concept of audit is to anticipate risks and assess if controls/mitigation are in place, and if these controls/mitigation are carried out as defined.

          I’m not that experienced, but I can try my best to help, no problem :)

          Liked by 1 person

  12. Joshua

    wonderful testimonies


Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.