Not sure what my score is yet but I will say this. Along with my experience (GRC, IT audit, TPRM) plus my two previous certs (sec+ and CISA) this one only took about 3 weeks of solid study. I only really used the QAE but I would suggest professor messer security plus study and the CISA get certified get ahead book (both helped with my sec+ and cisa) and those cover two domains in the crisc. The other stuff really just came from work experience.
I’m preparing for an online proctored exam and wanted to understand how strict the monitoring usually is.
I stay in a commercial area, so there’s often background noise around me. Because of that, I’m considering going to my office to take the exam. However, there would be multiple monitors/screens around me apart from my own laptop.
Would that generally be permissible in a proctored exam setup, or would it be safer to book a private meeting room and take the exam only on my laptop?
I am going to do the 2nd attempt of CRISC in 5 days. My background is 5 months working in updating incidents on the risk register in infosec department only and 1 year studying CRISC.
The average score on qae is 80%. Can someone tell me which questions i see most in the exam to focus more on them these last 5 days?, I know I already took it once but I forgot what the questions were.
Right now I am studying the topics where I have the least score
This forum has been a great resource throughout my journey, so I wanted to pay it forward.
I took the CRISC exam this morning and provisionally passed. Surprisingly, I finished in about 1 hour and 45 minutes, then spent another 15 minutes reviewing my flagged questions (around 15–20 total).
Overall, I studied for about 2 months. I originally registered back in June 2025, but it was difficult finding time for dedicated studying. I finally started consistently studying at the beginning of March.
For me, “dedicated studying” meant:
- ~1 hour per weekday
- 4–5 hours on weekends
Background:
I have 10+ years of experience primarily in Risk Management and Governance across traditional banking and fintech environments.
Resources I used:
- QAE + Official Manual
The QAE is absolutely a must-have. I used the official manual as my primary source, and when concepts didn’t click, I supplemented with Mehta’s guide. For additional examples or simplified explanations, I used Claude. I intentionally saved the QAE for the final 2 weeks before the exam. I trended “Advanced” in every domain except T&S, where I was “Proficient.”
- CRISC Exam Guide by Mehta
Hands down one of the best supplemental resources. I read it daily during the first couple of weeks to ramp up quickly. My background is more business/risk focused, so I needed deeper exposure to some of the technical IS concepts.
- PocketPrep
Great tool if you commute or want quick repetition throughout the day. I tried to do at least 30 minutes daily. The questions help reinforce concepts, although the wording/style isn’t always aligned with the ISACA mindset.
- Doshi Udemy Course + Cyber Certifications Training Centre Practice Exams
I purchased both. I didn’t finish the Doshi course because I personally found it difficult to follow, but his printed study guide/materials were actually very valuable. I combined my notes with his guide and used Claude to identify knowledge gaps to focus on.
The six practice exams from Cyber Certifications Training Centre were not helpful for me. I started one exam, but the question style felt very different from ISACA’s approach, so I decided not to continue with the rest.
Test center experience:
I considered taking the exam remotely, but with kids at home it would have been difficult. My PSI test center experience was actually very smooth and welcoming despite some of the negative feedback I’ve seen here. I think it really depends on the specific location.
I plan to take the AAIR next and will be done after that. My advice to those who are just starting - if you are new to the industry or want to break in, start with the Mehta primer, listen to podcasts, immerse yourself in the Security world. For those more “seasoned” or been around the block, it’s just nailing down the ISACA mindset.
Need to pass CRISC in 4 weeks for my senior to manager promotion at work and haven’t started studying yet.
Looking for advice on how to effectively study for this exam as I am on a tight timeline. Is this even feasible? My company covers the first exam fee/materials so I need to make sure I pass the first go around.
Anyone with experience taking this exam with limited preparation please share your feedback.
- 4 years of experience in SOX IT - Internal audit
- purchased isaca QAE
Some of my colleagues said that it was a pretty easy exam which is why I decided to pursue this over the CISA in such a short time frame but after reading some of the threads in here I’m a little nervous for the exam. I haven’t taken an exam since college outside of general CPE tests. I work upwards of 50 hours a week and my brain isn’t in study mode at all.
I don't think I can give any material tips on the exam. I had no idea how it was going definitely became a lot closer to God.
17yrs operations/security- Cisco/PA/Fortinet/MS-WAF
2024 CISSP - First Cyber Role , Around 1 year of Risk Management trying to build our GRC program. So not a whole lot of practical experience but a lot more Risk Guided decisions in other aspects.
Prep materials -
QAE 6th Edition - prob most useful only for question style. Zero repeats
Official Review Manual 8th edition
Udemy Prabh course - not worth it , questions are from the QAE. I think it more detrimental as it promoted rote memorization of questions.
I honestly thought this was harder than the CISSP which is noted for being a mile wide and an inch deep. Mind you that inch, is not a drop in the bucket either. The language there was more applicable to me.
Lots of KRI/KPI & control questions. Not a single straightforward mention of business objectives but it was implied. This is one where working experience definitely counts for much.
I am taking my exam end of May and had relied primarily on 6th edition QAE, with Supplementary mock exams from Udemy (from cyber cert training centre). Would there be a major gap between tested and what I prepared?
Finally ready to post my journey.
Started in January 2026.
CISA earned on 23 January 2026
CRISC earned on 10 April 2026
CISM earned on 8 May 2026
Never say you can't and always be ready to learn and grow. I have over 20 years in Cybersecurity and over 15 years in GRC. Still growing and learning every day
I have started preparing for crisc certification. I have bought hemnag doshi udemy course and have isaca manual 6th edition and q and e 7th edition. I dont have latest ones. Wanted to know if these will be sufficient to pass exam.
I recently cleared cissp and CC last month. Also have cleared cisa and cism last year
