How To Pass CRISC Exam Easily

  1. You’ll have to pace yourself in the exam. During the exam, make sure you keep an eye on the clock, it will be shown at the top of the monitor throughout the exam. You have 4 hours which is plenty of time to answer the questions. I finished it in less than 2 hours and most of questions are not long. However, try not to waste your time on questions you can’t answer easily. Leave them and come back later.
  2. You don’t have to pay for CRISC certification preparation
  3. Make the most of ISACA glossary on ISACA website. Spend two to three hours on this page and make a note when you see a new term. These are some terms that you have to be aware of: Inherent risk, Current risk, Residual risk, Relevance risk, Control Risk, Risk Scenarios, Control Self-Assessment, Opportunity Cost, Delphi Technique, Risk Register, Risk Profile, Risk Heat Map, Annualized Loss Expectancy, Annual Rate of Occurrence, Single Loss Expectancy, BCP, DRP, Business Impact Analysis, Maximum Tolerable Downtime, Recovery Time Objective, Work Recovery Time, Mean Time Between Failure, Mean Time To Repair, Min Operating Requirements, Cold Site, Warm Site, Hot Site, Key Risk Indicator, Key Performance Indicator, Capability Models, Maturity Models, Risk Response, Role-based Access, Acceptable Use Policy, RACI, Threat Analysis, Vulnerability, Attack Vector, Pharming Attack, Compliance Testing, Countermeasure, Countermeasure Analysis, Peer Review, Risk Aggregation, Risk Action Plan, Bow Tie Analysis and lot more
  4. Your personal experience isn’t always the correct answer if you are an experienced risk practitioner or IT professional. It can be tempting to refer to your personal experience when taking the exam, but you’re going to need to take the word of ISACA as law. If you have a wealth of personal knowledge and experience, it would be good for you but the exam is designed to test your knowledge of ISACA’s logic.
  5. Practice the exam. Learn the ISACA language by practicing the latest version of CRISC Review Questions, Answers & Explanations, and do not use any other source. Most of them are not useful as they are not familiar with ISACA way of thinking.
  6. I wasted my time reading CRISC Review Manual, 6th Edition. Do not do that! Review “CRISC Review Questions, Answers & Explanations” twice, read the explanations carefully and make sure that you got the logic behind the ISACA justification for each and every answer.
  7. Self-study is almost the best option for me but it is not the only option. Different methods work for different people. I found this video training very useful but bear in mind that she does not cover all aspects of CRISC exam. Use it as a starter.




Information Security Expert, Cyber Security Engineer, Blogger, Mentor, PCI SME, CISM, CISA, CRISC, RHCSA, MCSE, CCNA, MBA, PMP, CLSSGB

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Enterprise Application Security Posture

LAME HTB — Walkthrough & cve-2007–2447 explained

Boost Internet Speed — A How To Guide

{UPDATE} Naranja - juego de fisica hambre Hack Free Resources Generator

Digital Privacy

{UPDATE} Colorez Rápidoz El Juego Hack Free Resources Generator

[HackTheBox] Blue

{UPDATE} Xanje Hack Free Resources Generator

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Ben Pournader

Ben Pournader

Information Security Expert, Cyber Security Engineer, Blogger, Mentor, PCI SME, CISM, CISA, CRISC, RHCSA, MCSE, CCNA, MBA, PMP, CLSSGB

More from Medium

OBS Studio Installation and Configuration for Ubuntu 20.04 step-by-step

Cyber Risk Management for the Grown and Sexy

CIS Risk Assessment Method (RAM) v2.1 for Implementation Group 2 (IG2) Workshop

Geospatial | GeoHash — [Notes]