1. Remember all the bullet'd stuff in CRM (CISA Review Manual) and their order as many questions come in "which one of these is/is NOT primary means", etc.
2. It would help if you remember that business is the primary driver, and in case of controversial stuff, one that is closer to business is usually the winner.
3. CRM is where all the questions come from, so no matter what reference material you study to understand stuff, make sure that you read the relevant CRM material too.
4. It would help if you have their question bank (with answers
, as it would help you see their point of view)
While i am all game for technical security stuff (is the reason y i study it, and i like it), compliance gives you 20K feet view of information security, something which is required, no matter the current stage of your career.
And all the best for the exams!