ISACA · Official Blueprint
CRISC Exam Domains & Blueprint
The official ISACA CRISC exam covers 4 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
CRISC Domain Weight Summary
Detailed Domain Breakdown
Domain 1: Governance
Azure Policy, RBAC, Microsoft Defender for Cloud, compliance frameworks (GDPR, ISO), the Azure Pricing Calculator, TCO Calculator, and the Trust Center.
Domain 2: IT Risk Assessment
Covers the core concepts, terminology, and skills tested under the IT Risk Assessment section of the official exam blueprint.
Domain 3: Risk Response and Reporting
Covers the core concepts, terminology, and skills tested under the Risk Response and Reporting section of the official exam blueprint.
Domain 4: Information Technology and Security
Covers the core concepts, terminology, and skills tested under the Information Technology and Security section of the official exam blueprint.
How to Use Domain Weights in Your Study Plan
The heaviest domain on the CRISC is "Governance" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use JT Exams domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Practice every CRISC domain
JT Exams tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.
No credit card · Cancel anytime