ISC2 Certified in Cybersecurity (CC) Practice Exams

About the ISC2 CC exam

Exam at a glance

ISC2's entry-level credential at the foundational tier — no work experience required.

Domain weighting

• Security Principles: 26%
• Business Continuity, Disaster Recovery & Incident Response Concepts: 10%
• Access Controls Concepts: 22%
• Network Security: 24%
• Security Operations: 18%

Core topics tested

• CIA triad and security governance — confidentiality / integrity / availability, ethics, security policies and standards.
• Risk management fundamentals — identification, assessment, treatment, risk-management terminology.
• Access controls — physical and logical, discretionary / mandatory / role-based, authentication factors.
• Network basics — TCP/IP, OSI model, common ports, secure protocols, network threats and defenses.
• Common attacks and defenses — malware, social engineering, phishing, firewalls, IDS/IPS, antivirus.
• Business continuity and incident response — BCP/DRP concepts, incident response lifecycle, backup strategies.
• Security operations — data handling, change management, asset management, basic cryptography concepts.

Prerequisites

None. CC is specifically designed for candidates with no professional cybersecurity experience. Strong candidates include career changers, students, IT support staff moving into security, and recent graduates.

Why take this certification

• Lowest barrier to entry. $50 fee, no work experience, taken from home via online proctoring. CC opens the door to the ISC2 ecosystem and credentials your fundamentals.
• Resume signal for early-career roles. CC validates that you understand the cybersecurity vocabulary employers expect for SOC analyst, junior security analyst, IT support, and helpdesk-with-security positions.
• Concrete entry-level salary lift. Entry-level cybersecurity roles average $65,000–$85,000 USD in the United States. A CC-credentialled candidate is signalling commitment to the field — competitive vs uncertified peers.
• Stepping stone toward CISSP. CC covers many CISSP concepts at lower depth. Earning CC first gives you a structured introduction to the ISC2 study style and CBK terminology, smoothing the eventual CISSP path.

What you'll learn for the CC exam

CC focuses on concepts and vocabulary, not deep technical implementation. The exam expects you to know what each term means, what each control does, and when each defense applies — rather than how to configure a specific firewall product or write secure code.

Knowledge areas you'll be tested on

• Security principles: CIA triad, IAAA (identification, authentication, authorization, accounting), privacy concepts, governance, professional ethics.
• Risk and compliance: risk identification and treatment, common frameworks (NIST CSF concepts at a foundational level), compliance terminology.
• Access controls: physical access controls, logical access controls, DAC / MAC / RBAC / ABAC, multi-factor authentication factors.
• Network security: OSI vs TCP/IP, common ports and protocols, threats (DoS, sniffing, MITM), network defense devices (firewalls, IDS/IPS, proxies), wireless security at a concept level (WPA versions).
• Incident response basics: incident response lifecycle, BCP/DRP concepts, backup strategies, RTO/RPO terminology.
• Security operations: data classification and handling, asset inventory, change management, configuration management, basic logging and monitoring concepts.
• Cryptography concepts: symmetric vs asymmetric at a concept level, hashing, digital signatures, certificates and PKI fundamentals.

What CC does NOT test

• Hands-on configuration of specific tools (firewalls, SIEMs, vulnerability scanners).
• Deep cryptographic mathematics or algorithm internals.
• Scripting, coding, or secure software development practices.
• Advanced penetration testing techniques.
• Industry-specific compliance details (PCI DSS specifics, HIPAA technical safeguards, etc.).

How the practice exams help

Each free question and every premium exam mirrors the concept-recognition style ISC2 uses on the live test. Detailed explanations cover the right answer and clarify why distractors miss the mark — vital for the close-call vocabulary questions CC favors. Every attempt randomizes question and answer order so you learn the reasoning, not the position.

How to prepare for the CC exam

CC requires less prep than higher-tier ISC2 exams. A typical candidate can be ready in 4–8 weeks with structured study and consistent practice questions. Recommended approach:

1. Take the official ISC2 self-paced training (free, 2–3 weeks). ISC2 offers a free Certified in Cybersecurity training course as part of its One Million Certified in Cybersecurity initiative. The course maps directly to the exam outline and is the most efficient single resource.
2. Read the official ISC2 CC study guide (2 weeks). The official guide reinforces vocabulary you need to recognize on multiple-choice questions. Take notes on each domain summary.
3. Practice questions (1–2 weeks). Take timed practice tests across all five domains. Track which domain pulls your score down and revisit those study chapters. Aim for consistent 80%+ before scheduling.
4. Final review (3–5 days). Skim domain summaries, focus on access-control models (DAC vs MAC vs RBAC), the CIA triad, common ports and protocols, and incident response lifecycle phases. These are heavy-yield refreshers.

Recommended timeline

4–8 weeks of focused study (5–10 hours per week) is typical for candidates with some IT background. Pure career-changers should plan 8–12 weeks.

Official resources

Visit the official ISC2 CC page for the latest exam outline, study resources, and any active free-voucher programs. ISC2's self-paced training (free) is the strongest single resource for new candidates.

Frequently asked questions