CRISC: ISACA Certified in Risk and Information Systems Control
Browse certifications
Exam Resources
Official learning paths, exam details, skills measured, and community resources to supplement your study.
About the CRISC Exam
Master IT risk identification, assessment, response, and control monitoring
200 original practice questions for the ISACA CRISC exam. Every question includes detailed explanations, scenario-based context, and exam tips. Covers all 4 domains: Governance, IT Risk Assessment, Risk Response & Reporting, and Technology & Security.
Who Should Take This Exam?
The CRISC is designed for experienced professionals seeking advanced validation. 2+ years of hands-on experience recommended.
Typical study time: 8-12 weeks of intensive study
Exam Quick Facts
| Detail | Value |
|---|---|
| Exam Code | CRISC |
| Title | ISACA Certified in Risk and Information Systems Control |
| Duration | 240 minutes |
| Questions | 150 |
| Pass Score | 450 / 800 |
| Cost | $575 USD (member) / $760 USD |
| Provider | PSI |
| Validity | 3 years (CPE required) |
| Question Types | Multiple choice |
| Official Page | View on ISACA → |
Exam Domains & Weights
The CRISC exam covers 4 domains. Focus your study time based on the weights below — higher-weighted domains have more exam questions.
| Domain | Weight | Practice Qs |
|---|---|---|
| Governance | 26% | 52 |
| IT Risk Assessment | 22% | 44 |
| Risk Response and Reporting | 32% | 64 |
| Technology and Security | 20% | 40 |
| Total | 100% | 200 |
💡 Study tip: Risk Response and Reporting carries the most weight (32%) — start there. Technology and Security has the least (20%), but don’t skip it — exam questions can come from any domain.
Practice Exam — 200 Questions
Prepare for the CRISC with our 200-question practice exam covering all 4 exam domains. Every question includes detailed explanations and maps to official exam objectives.
What you get:
- ✅ Exam simulation mode with timer
- ✅ Spaced repetition for weak areas
- ✅ Detailed explanations for every question
- ✅ Progress tracking across domains
- ✅ 20 free questions — no account needed
ISACA Certification Path
ISACA certs are role-based, not hierarchical. CISA for auditors, CISM for security managers, CRISC for risk professionals, CGEIT for IT governance, CDPSE for privacy.
Related ISACA Certifications
If you’re studying for the CRISC, you might also be interested in these ISACA certifications:
- CDPSE: ISACA Certified Data Privacy Solutions Engineer — 200 practice questions
- CGEIT: ISACA Certified in the Governance of Enterprise IT — 200 practice questions
- CISA: ISACA Certified Information Systems Auditor — 200 practice questions
- CISM: ISACA Certified Information Security Manager — 200 practice questions
Study Tips
- Start with the heaviest domain — focus your time where the exam focuses its questions
- Use our practice exam — try the 20 free questions first to gauge your readiness
- Review explanations — don’t just check if you got it right; read why each answer is correct
- Simulate exam conditions — use the timed exam mode to practice under pressure
- Check the official page — official exam details always have the latest objectives