CRISC Exam Prep Course
ABOUT THE
CRISC EXAM
PREPARATION
Welcome!
 ISACA Certified in Risk and Information
Systems Control (CRISC) is globally accepted
and recognized.
 This program is designed to prepare you for
success on the CRISC exam, one step in the
process of becoming certified.
 The program will include:
– Information about the CRISC exam and certification
– Detailed coverage of the body of knowledge required
by CRISC
– Activities, exam practice questions and group
discussions
– Real-world examples of CRISC subject matter
3 ©Copyright 2016 ISACA. All rights reserved.
© 2016 ISACA. All Rights Reserved
CRISC EXAM
©Copyright 2016 ISACA. All rights reserved.
CRISC Certification
 The CRISC professional demonstrates
skills in both of the following:
– Enterprise risk management (ERM)
– Information system (IS) control
 CRISC addresses the need for
professionals who understand both
technology and how to implement and
align effective risk management and
control frameworks with enterprise goals.
4 ©Copyright 2016 ISACA. All rights reserved.
1
CRISC Exam Prep Course

CRISC Components CRISC Accreditation

 The American National Standards Instituted (ANSI) has
ERM IS Control accredited CRISC under ISO/IEC 17024:2012, General
Requirements for Bodies Operating Certification Systems of
• The discipline by • The combination of Persons.
which an enterprise in strategic, managerial  Accreditation by ANSI achieves the following:
any industry and operational – Promotes the unique qualifications and expertise ISACA’s
assesses, controls, activities involved in certifications provide
exploits, finances and gathering, processing, – Protects the integrity of the certifications and provides legal
monitors risk from all storing, distributing defensibility
sources for the and using information – Enhances consumer and public confidence in the certifications
purpose of increasing and its related and the people who hold them
the enterprise's short- technologies. – Facilitates mobility across borders or industries
and long-term value to  More than 18,000 professionals have earned the CRISC
its stakeholders. certification since it was introduced in 2010.

5 ©Copyright 2016 ISACA. All rights reserved. 6 ©Copyright 2016 ISACA. All rights reserved.

The CRISC Exam About the CRISC Exam

 The CRISC exam is offered twice annually,  The CRISC Certification Working Group
in the months of June and December. oversees the development of the CRISC
 Exam registration dates: exam, ensuring that the job practice is
– Registration opens approximately 8 months prior to properly tested.
exam date.  The exam consists of 150 multiple-choice
– Early registration ends approximately 5 months prior
to exam date.
questions covering the CRISC job practice
– Registration closes approximately 8 weeks prior to domains, as shown here.
exam date.
 Register at www.isaca.org.

7 ©Copyright 2016 ISACA. All rights reserved. 8 ©Copyright 2016 ISACA. All rights reserved.

© 2016 ISACA. All Rights Reserved 2

CRISC Exam Prep Course
Job Practice
9 ©Copyright 2016 ISACA. All rights reserved.
Exam Questions
 CRISC exam questions are developed with the
intent of measuring and testing both of the
following:
– Practical knowledge
– The application of general concepts and standards
 All questions are multiple-choice and are designed
for one best answer from the four options given.
 Scenario-based questions have the following
features:
– Normally include a description of a situation
– Require you to answer two or more questions based
on the information provided
11 ©Copyright 2016 ISACA. All rights reserved.
© 2016 ISACA. All Rights Reserved
Basis of the CRISC Exam
 The CRISC exam is based on job practices.
 These are described in a series of task and
knowledge statements.
– Task statements describe the specific tasks the
CRISC candidate should be able to perform.
– Knowledge statements are the knowledge
areas required in order for the candidate to
perform the tasks.
 Test questions are specifically designed to
validate that the candidate possesses the
knowledge to perform a given task.
10 ©Copyright 2016 ISACA. All rights reserved.
Exam Questions (cont’d)
 Read each question carefully.
 Eliminate known incorrect answers.
 Make the best choice possible.
 Identify key words or phrases in the question (e.g., MOST,
BEST, or FIRST) before selecting and recording an answer.
 Read the provided instructions carefully before attempting to
answer questions.
– Skipping over these directions or reading them too quickly could
result in missing important information and possibly losing credit
points.
 Answer all questions. There is no penalty for wrong answers.
 Grading is based solely on the number of questions answered
correctly.
12 ©Copyright 2016 ISACA. All rights reserved.
3
CRISC Exam Prep Course
Exam Tips
 The following are time-management tips for the
exam:
– Become familiar with the exact location of, and the
best travel route to, the exam site prior to the date of
the exam.
– Arrive at the exam testing site at the time indicated on
the admission ticket, giving you time to sit down and
get acclimated.
– The exam is administered over a four-hour period,
allowing for a little over 1.5 minutes per question.
– Pace yourself to complete the entire exam by
attempting an average of 37.5 questions per hour.
13 ©Copyright 2016 ISACA. All rights reserved.
Day of the Exam
 Arrive at the testing site at the time indicated on
your admission ticket.
 Once the chief examiner begins reading the oral
instructions, no candidate will be admitted to the
test center.
 Candidates who do not attend the scheduled
exam date or who arrive after the oral instructions
have begun will not be allowed to sit for the exam.
– Registered exam-takers who do not sit for their exam
will forfeit their registration fee.
 Candidates can use their admission tickets only at
the designated test center on the admission ticket.
15 ©Copyright 2016 ISACA. All rights reserved.
© 2016 ISACA. All Rights Reserved
Exam Tips (cont’d)
– The exam will be scored based on the answer
sheet recording only.
– You are urged to record your answers directly
on the answer sheet, not in the question
booklet.
– No additional time will be given after the exam
time has elapsed to transfer answers if you
record them in the question booklet.
14 ©Copyright 2016 ISACA. All rights reserved.
Day of the Exam (cont’d)
 To be admitted into the test site, candidates must bring
the following:
– The email printout or a printout of the downloaded
admission ticket
– An acceptable form of photo identification, such as a
driver’s license, passport or government ID
• It must be a current and original government-issued
identification.
• It must not be handwritten.
• It must contain both the candidate’s name as it appears on the
admission ticket and the candidate’s photograph.
 Candidates who do not provide an acceptable form of
identification will not be allowed to sit for the exam and
will forfeit their registration fee.
16 ©Copyright 2016 ISACA. All rights reserved.
4
CRISC Exam Prep Course
Exam Rules
 Bring several no. 2 pencils. These will not be provided
at the exam site.
 Do not bring the following into the exam site:
– Study materials (including notes, paper, books or study
guides), scratch paper or notepads
– Any type of communication, surveillance or recording
device (including, but not limited to, cell phones, tablets,
smart watches or eye-wear and mobile devices)
 Candidates may want to dress to their own comfort
level.
– As exam venues vary, every attempt will be made to make
the climate control comfortable at each exam venue, but
this cannot be guaranteed.
17 ©Copyright 2016 ISACA. All rights reserved.
Exam Scoring
 Candidate scores are reported as a scaled
score.
– A scaled score is a conversion of a candidate’s
raw score on the exam to a common scale.
– ISACA uses and reports scores on a common
scale from 200 to 800.
 To pass, a candidate must receive a score of
450 or higher, which represents a minimum
consistent standard of knowledge as
established by ISACA’s CRISC Certification
Working Group.
19 ©Copyright 2016 ISACA. All rights reserved.
© 2016 ISACA. All Rights Reserved
Exam Rules (cont’d)
 If you must leave the testing area, seek
authorization or accompaniment by a test proctor.
Candidates who fail to do so will not be allowed to
return to the testing room and will be subject to
disqualification.
 The chief examiner or designate at each test
center will read aloud the instructions for entering
information on the answer sheet.
– You must include your exam identification number as
it appears on your admission ticket and any other
requested information on their exam answer sheet.
– Failure to do so may result in a delay or errors.
18 ©Copyright 2016 ISACA. All rights reserved.
The Score Report
 Approximately eight weeks after the test date, the
official exam results will be mailed to candidates.
 An email containing the candidates pass/fail status
and score will be sent to paid candidates, if they
have given permission for this.
 Each candidate who completes the CRISC exam
will receive a score report.
– This score report contains a sub-score for each job
practice domain.
– These can be useful in identifying those areas in
which further study may be needed, should retaking
the exam be necessary.
20 ©Copyright 2016 ISACA. All rights reserved.
5
CRISC Exam Prep Course

Certification Steps Pre-Course Question 1

 To earn the CRISC designation, the CRISC  Which of the following provides the BEST
candidate must meet the following requirements: view of risk management?
1. Pass the CRISC exam.
2. Submit an application (within 5 years of the exam
A. An interdisciplinary team
passing date) with verified evidence of a minimum of at B. A third-party risk assessment service
least 3 years of cumulative work experience performing provider
the tasks of a CRISC professional across at least 2
CRISC domains. C. The enterprise’s IT department
• Of the two required domains, one must be risk-related, either D. The enterprise’s internal compliance
Domain 1 (IT Risk Identification) or 2 (IT Risk Assessment).
• There will be no substitutions or experience waivers.
department
3. Adhere to the ISACA Code of Professional Ethics.
4. Agree to comply with the CRISC continuing education
policy.
21 ©Copyright 2016 ISACA. All rights reserved. 22 ©Copyright 2016 ISACA. All rights reserved.

Pre-Course Question 2 Pre-Course Question 3

 The BEST method for detecting and  Which of the following would PRIMARILY
monitoring a hacker’s activities without help an enterprise select and prioritize risk
exposing information assets to responses?
unnecessary risk is to utilize: A. A cost-benefit analysis of available risk
A. Firewalls mitigation options
B. Bastion hosts B. The level of acceptable risk per risk appetite
C. Honeypots C. The potential to transfer or eliminate the risk
D. Screened subnets D. The number of controls necessary to reduce
the risk

23 ©Copyright 2016 ISACA. All rights reserved. 24 ©Copyright 2016 ISACA. All rights reserved.

© 2016 ISACA. All Rights Reserved 6

CRISC Exam Prep Course

Pre-Course Question 4
 Which of the following should be of MOST
concern to a risk practitioner?
A. Failure to notify the public of an intrusion
B. Failure to notify the police of an attempted
intrusion THANK YOU!
C. Failure to internally report a successful
attack
D. Failure to examine access rights periodically

25 ©Copyright 2016 ISACA. All rights reserved.

© 2016 ISACA. All Rights Reserved 7