Free Practice Questions for ISC2 Certified in Cybersecurity (CC) Certification
Study with 340 exam-style practice questions designed to help you prepare for the ISC2 Certified in Cybersecurity (CC).
Start Practicing
All Domains
Practice with randomly mixed questions from all topics
Domain Mode
Practice questions from a specific topic area
Quiz History
Exam Details
Key information about ISC2 Certified in Cybersecurity (CC)
- Multiple choice
- Matching
English, Chinese, Japanese, German, Spanish
Multiple choice and advanced item types, Computerized Adaptive Testing (CAT)
700 out of 1000 points
Basic IT knowledge recommended; no formal prerequisites or work experience.
Pearson VUE Testing Center
Individuals seeking entry- or junior-level cybersecurity roles.
120
100 - 125
Exam Topics & Skills Assessed
Skills measured (from the official study guide)
Security Principles(26%)
Understand the security concepts of information assurance
- Confidentiality
- Integrity
- Availability
- Authentication
- Multi-factor authentication (MFA)
- Non-repudiation
- Privacy
Understand the risk management process
- Risk management
- Risk priorities
- Risk tolerance
- Risk identification
- Risk assessment
- Risk treatment
Understand security controls
- Technical controls
- Administrative controls
- Physical controls
Understand ISC2 Code of Ethics
- Professional code of conduct
Understand governance processes
- Policies
- Procedures
- Standards
- Regulations
- Laws
Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts(10%)
Understand business continuity (BC)
- Purpose of BC
- Importance of BC
- Components of BC
Understand disaster recovery (DR)
- Purpose of DR
- Importance of DR
- Components of DR
Understand incident response
- Purpose of Incident Response
- Importance of Incident Response
- Components of Incident Response
Access Controls Concepts(22%)
Understand physical access controls
- Physical security controls
- Badge systems
- Gate entry
- Environmental design
- Monitoring
- Security guards
- Closed-circuit television (CCTV)
- Alarm systems
- Logs
- Authorized versus unauthorized personnel
Understand logical access controls
- Principle of least privilege
- Segregation of duties
- Discretionary access control (DAC)
- Mandatory access control (MAC)
- Role-based access control (RBAC)
Network Security(24%)
Understand computer networking
- Networks
- Open Systems Interconnection (OSI) model
- Transmission Control Protocol/Internet Protocol (TCP/IP) model
- Internet Protocol version 4 (IPv4)
- Internet Protocol version 6 (IPv6)
- WiFi
- Ports
- Applications
Understand network threats and attacks
- Types of threats
- Distributed denial-of-service (DDoS)
- Virus
- Worm
- Trojan
- Man-in-the-middle (MITM)
- Side-channel attacks
- Identification
- Intrusion detection system (IDS)
- Host-based intrusion detection system (HIDS)
- Network intrusion detection system (NIDS)
- Prevention
- Antivirus
- Scans
- Firewalls
- Intrusion prevention system (IPS)
Understand network security infrastructure
- On-premises infrastructure
- Power
- Data center/closets
- Heating, Ventilation, and Air Conditioning (HVAC)
- Environmental controls
- Fire suppression
- Redundancy
- Memorandum of understanding (MOU)
- Memorandum of agreement (MOA)
- Network design
- Network segmentation
- Demilitarized zone (DMZ)
- Virtual local area network (VLAN)
- Virtual private network (VPN)
- Micro-segmentation
- Defense in depth
- Network Access Control (NAC)
- Segmentation for embedded systems
- Internet of Things (IoT)
- Cloud security
- Service-level agreement (SLA)
- Managed service provider (MSP)
- Software as a Service (SaaS)
- Infrastructure as a Service (IaaS)
- Platform as a Service (PaaS)
- Hybrid cloud
Security Operations(18%)
Understand data security
- Encryption
- Symmetric encryption
- Asymmetric encryption
- Hashing
- Data handling
- Data destruction
- Data retention
- Data classification
- Data labeling
- Logging and monitoring security events
Understand system hardening
- Configuration management
- Baselines
- Updates
- Patches
Understand best practice security policies
- Data handling policy
- Password policy
- Acceptable Use Policy (AUP)
- Bring your own device (BYOD) policy
- Change management policy
- Documentation
- Approval
- Rollback
- Privacy policy
Understand security awareness training
- Purpose/concepts of security awareness training
- Social engineering
- Password protection
- Importance of security awareness training
Techniques & products