ISACA · CRISC

CRISC

CRISC is designed for IT professionals who identify and manage enterprise IT risk through information systems controls. The exam is not a memorization test — it rewards understanding of principles, cause-and-effect reasoning, and the ability to identify the BEST option in ambiguous situations. This course follows Priya, a newly appointed Risk Manager at MidCity Bank, through cloud migration, a $4.2M fraud incident, and a ransomware attack — letting concepts emerge naturally from her decisions.

150 questions, 4 hours, computer-based Pass: 450 / 800 4 domains

Domains

4 domains

Domain 1 — Governance
180 min

26%
Domain 2 — IT Risk Assessment
150 min

20%
Domain 3 — Risk Response and Reporting
220 min

32%
Domain 4 — Information Technology and Security
180 min

22%

Practice exams

Practice

CRISC — Mixed Domain Practice Exam (Free)

10 representative questions across all four CRISC domains in the ISACA exam style. Read each scenario carefully; the BEST answer is rarely the most technical.

Mock

CRISC Full Practice Bank (60)

Original CRISC questions across the four domains, in ISACA BEST/FIRST/WHO style.