The CRISC Exam

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Let's go ahead and jump in there and talk a little bit
00:00
about what to expect on the CRISC exam.
00:00
You're going to have 150 multiple choice questions.
00:00
There are no choose all of the above,
00:00
or choose multiple answers,
00:00
each question will have four possibilities,
00:00
one of those is the credited answer.
00:00
Now, this is designed
00:00
to test your knowledge and experience,
00:00
it's not a list of facts to memorize.
00:00
There're some tests that if you
00:00
memorize all the port numbers or this,
00:00
that or the other, you'll be fine.
00:00
This is one of those tests that expect
00:00
you to take the information that we
00:00
talk about here in class and
00:00
apply that to the real-world.
00:00
I'll give you lots of tips and tricks
00:00
on how to think about things,
00:00
but like I said,
00:00
it's not about memorization.
00:00
Now the scoring is from 200-800 points,
00:00
and 450 is the passing score.
00:00
Now you can exactly map that out to saying, okay,
00:00
I have to get 111 questions right or whatever,
00:00
because the questions are
00:00
weighted and they don't give us a ton of information
00:00
about how that weighting is
00:00
calculated or the premise there.
00:00
But I will tell you,
00:00
they put a lot of weight on Chapters
00:00
1 and 2 as they should.
00:00
Governance Domain 1 and
00:00
then Domain 2 is the risk assessment.
00:00
Study all the domains, of course,
00:00
but pay particular attention to 1 and 2.
00:00
Make sure you give every question an answer,
00:00
even if you don't know, go with your gut.
00:00
Your gut feeling is right more often than not,
00:00
then I don't recommend
00:00
going back and changing your answer,
00:00
going back and looking over.
00:00
I've had students tell me, well,
00:00
I go through and take the test,
00:00
and then if I have time,
00:00
I go back and start with Question 1,
00:00
go through all my answers.
00:00
Now, that works for some people,
00:00
that would never work for me because I
00:00
would go back and change every single answer.
00:00
If you're not a great test taker,
00:00
you may doubt yourself.
00:00
I would recommend giving
00:00
each question your best answer and moving forward.
00:00
Now if there's one that you'd think,
00:00
gosh, let me just think about
00:00
this a little more, that's one thing.
00:00
But I always feel like,
00:00
if I don't know the answer at 9:00 AM,
00:00
why am I even smarter at 9:30?
00:00
Give it your best answer, move forward.
00:00
If you're changing a bunch of answers,
00:00
you're probably talking yourself out of correct answers,
00:00
so move forward, not backwards on this test.
00:00
Now, once you pass,
00:00
and I'm confident you're going to
00:00
pass because I know you're going
00:00
to sit through this class,
00:00
you're going to take good notes,
00:00
you're going to take advantage of the work
00:00
you've done out in the field,
00:00
maybe you'll go through
00:00
some test preparation questions
00:00
to make sure you're ready,
00:00
but I know you're going to do what you need to
00:00
do to get certified to pass this test.
00:00
Once you pass the test,
00:00
then you need to submit.
00:00
This is five years of experience,
00:00
the last I checked it was actually
00:00
three years of experience,
00:00
so I tell you what,
00:00
the best thing to do is to go to ISACA.org,
00:00
and they are always up-to-date
00:00
and these requirements do change from time to time.
00:00
Just verify that, but I do believe that it's
00:00
three years experience in two of the four domains.
00:00
Again, with one of
00:00
those domains being either Domain 1 or 2.
00:00
Then you're going to submit
00:00
your application and provide two references.
00:00
You're going to agree to
00:00
the code of professional ethics,
00:00
you'll actually have to sign that
00:00
before you take the test,
00:00
so you'll continue to adhere to that.
00:00
You'll comply with their
00:00
continuing professional education units.
00:00
They require so many other certifications
00:00
that you stay current,
00:00
you stay knowledgeable in the field.
00:00
You'll attend courses or webinars or Cybrary training or
00:00
other training so that you can make sure that you
00:00
stay current and stay
00:00
up-to-date with all the new technology,
00:00
and you'll report your CPEs to ISACA.
00:00
Again, go to ISACA.org and make sure you have
00:00
the latest information on how many CPEs per year,
00:00
because it does change.
00:00
You always want to be current and
00:00
ISACA.org is the horse's mouth, so to speak.
00:00
Now we've already talked about this,
00:00
the different domains in our introduction,
00:00
but again, just to review,
00:00
there are four domains on the exam.
00:00
Even though I'm going to cover
00:00
an introduction domain really
00:00
for the exam you have Domain 1,
00:00
2, 3 and 4 and this is a nice break down.
00:00
What you're going to see, you're going to see governance
00:00
as being the first domain we're going to cover,
00:00
that's 26 percent of the exam.
00:00
Now IT risk assessment,
00:00
this is interesting to me because it's
00:00
only 20 percent of the exam,
00:00
but it's one of
00:00
the requirements in order to take the cert.
00:00
Remember you have to have
00:00
experience in either Domain 1 or 2.
00:00
It's a little bit less
00:00
weighted on the test than the others,
00:00
but it's so important.
00:00
The reason it's so important is that's going to
00:00
drive the heaviest rated chapter on the exam,
00:00
the risk response and reporting.
00:00
I get that that's the
00:00
heaviest weighted because that's what it's all about.
00:00
We take the information that we've learned and we figure
00:00
out how we're going to respond to
00:00
those risks appropriately,
00:00
but you can't do that without the risk assessment.
00:00
It's a really important domain,
00:00
even though you're not going to see as
00:00
many questions from risk assessment.
00:00
By far, risk response and reporting
00:00
is most frequently questioned on the exam.
00:00
But remember, the exam questions are weighted,
00:00
so just because you may see
00:00
more risk response questions
00:00
doesn't mean they're all weighted the same.
00:00
Then information technology and security,
00:00
that's the closest we
00:00
have in this domain to being technical.
00:00
But don't sweat it if you're not a technical person,
00:00
we'll make sure we go through
00:00
the technology and do our best to make it make sense.
Up Next