The CRISC Exam
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Course
Difficulty
Intermediate
Video Transcription
00:00
>> Let's go ahead and jump in there and talk a little bit
00:00
about what to expect on the CRISC exam.
00:00
You're going to have 150 multiple choice questions.
00:00
There are no choose all of the above,
00:00
or choose multiple answers,
00:00
each question will have four possibilities,
00:00
one of those is the credited answer.
00:00
Now, this is designed
00:00
to test your knowledge and experience,
00:00
it's not a list of facts to memorize.
00:00
There're some tests that if you
00:00
memorize all the port numbers or this,
00:00
that or the other, you'll be fine.
00:00
This is one of those tests that expect
00:00
you to take the information that we
00:00
talk about here in class and
00:00
apply that to the real-world.
00:00
I'll give you lots of tips and tricks
00:00
on how to think about things,
00:00
but like I said,
00:00
it's not about memorization.
00:00
Now the scoring is from 200-800 points,
00:00
and 450 is the passing score.
00:00
Now you can exactly map that out to saying, okay,
00:00
I have to get 111 questions right or whatever,
00:00
because the questions are
00:00
weighted and they don't give us a ton of information
00:00
about how that weighting is
00:00
calculated or the premise there.
00:00
But I will tell you,
00:00
they put a lot of weight on Chapters
00:00
1 and 2 as they should.
00:00
Governance Domain 1 and
00:00
then Domain 2 is the risk assessment.
00:00
Study all the domains, of course,
00:00
but pay particular attention to 1 and 2.
00:00
Make sure you give every question an answer,
00:00
even if you don't know, go with your gut.
00:00
Your gut feeling is right more often than not,
00:00
then I don't recommend
00:00
going back and changing your answer,
00:00
going back and looking over.
00:00
I've had students tell me, well,
00:00
I go through and take the test,
00:00
and then if I have time,
00:00
I go back and start with Question 1,
00:00
go through all my answers.
00:00
Now, that works for some people,
00:00
that would never work for me because I
00:00
would go back and change every single answer.
00:00
If you're not a great test taker,
00:00
you may doubt yourself.
00:00
I would recommend giving
00:00
each question your best answer and moving forward.
00:00
Now if there's one that you'd think,
00:00
gosh, let me just think about
00:00
this a little more, that's one thing.
00:00
But I always feel like,
00:00
if I don't know the answer at 9:00 AM,
00:00
why am I even smarter at 9:30?
00:00
Give it your best answer, move forward.
00:00
If you're changing a bunch of answers,
00:00
you're probably talking yourself out of correct answers,
00:00
so move forward, not backwards on this test.
00:00
Now, once you pass,
00:00
and I'm confident you're going to
00:00
pass because I know you're going
00:00
to sit through this class,
00:00
you're going to take good notes,
00:00
you're going to take advantage of the work
00:00
you've done out in the field,
00:00
maybe you'll go through
00:00
some test preparation questions
00:00
to make sure you're ready,
00:00
but I know you're going to do what you need to
00:00
do to get certified to pass this test.
00:00
Once you pass the test,
00:00
then you need to submit.
00:00
This is five years of experience,
00:00
the last I checked it was actually
00:00
three years of experience,
00:00
so I tell you what,
00:00
the best thing to do is to go to ISACA.org,
00:00
and they are always up-to-date
00:00
and these requirements do change from time to time.
00:00
Just verify that, but I do believe that it's
00:00
three years experience in two of the four domains.
00:00
Again, with one of
00:00
those domains being either Domain 1 or 2.
00:00
Then you're going to submit
00:00
your application and provide two references.
00:00
You're going to agree to
00:00
the code of professional ethics,
00:00
you'll actually have to sign that
00:00
before you take the test,
00:00
so you'll continue to adhere to that.
00:00
You'll comply with their
00:00
continuing professional education units.
00:00
They require so many other certifications
00:00
that you stay current,
00:00
you stay knowledgeable in the field.
00:00
You'll attend courses or webinars or Cybrary training or
00:00
other training so that you can make sure that you
00:00
stay current and stay
00:00
up-to-date with all the new technology,
00:00
and you'll report your CPEs to ISACA.
00:00
Again, go to ISACA.org and make sure you have
00:00
the latest information on how many CPEs per year,
00:00
because it does change.
00:00
You always want to be current and
00:00
ISACA.org is the horse's mouth, so to speak.
00:00
Now we've already talked about this,
00:00
the different domains in our introduction,
00:00
but again, just to review,
00:00
there are four domains on the exam.
00:00
Even though I'm going to cover
00:00
an introduction domain really
00:00
for the exam you have Domain 1,
00:00
2, 3 and 4 and this is a nice break down.
00:00
What you're going to see, you're going to see governance
00:00
as being the first domain we're going to cover,
00:00
that's 26 percent of the exam.
00:00
Now IT risk assessment,
00:00
this is interesting to me because it's
00:00
only 20 percent of the exam,
00:00
but it's one of
00:00
the requirements in order to take the cert.
00:00
Remember you have to have
00:00
experience in either Domain 1 or 2.
00:00
It's a little bit less
00:00
weighted on the test than the others,
00:00
but it's so important.
00:00
The reason it's so important is that's going to
00:00
drive the heaviest rated chapter on the exam,
00:00
the risk response and reporting.
00:00
I get that that's the
00:00
heaviest weighted because that's what it's all about.
00:00
We take the information that we've learned and we figure
00:00
out how we're going to respond to
00:00
those risks appropriately,
00:00
but you can't do that without the risk assessment.
00:00
It's a really important domain,
00:00
even though you're not going to see as
00:00
many questions from risk assessment.
00:00
By far, risk response and reporting
00:00
is most frequently questioned on the exam.
00:00
But remember, the exam questions are weighted,
00:00
so just because you may see
00:00
more risk response questions
00:00
doesn't mean they're all weighted the same.
00:00
Then information technology and security,
00:00
that's the closest we
00:00
have in this domain to being technical.
00:00
But don't sweat it if you're not a technical person,
00:00
we'll make sure we go through
00:00
the technology and do our best to make it make sense.
Up Next
Risk Definitions
Principles of Information Security
Governance Overview
Understanding GRC (Governance, Risk, and Compliance)
Liability
Instructed By
Similar Content
