Free Practice Questions for ISC2 Certified in Cybersecurity (CC) Certification

    🔄 Last checked for updates July 3rd, 2026

    Study with 340 exam-style practice questions designed to help you prepare for the ISC2 Certified in Cybersecurity (CC).

    Start Practicing

    All Domains

    Practice with randomly mixed questions from all topics

    Question MixAll Topics
    FormatRandom Order

    Domain Mode

    Practice questions from a specific topic area

    Quiz History

    Exam Details

    Key information about ISC2 Certified in Cybersecurity (CC)

    Official study guide

    View

    Question formats CertSafari offers
    • Multiple choice
    • Matching
    language:

    English, Chinese, Japanese, German, Spanish

    exam format:

    Multiple choice and advanced item types, Computerized Adaptive Testing (CAT)

    passing score:

    700 out of 1000 points

    prerequisites:

    Basic IT knowledge recommended; no formal prerequisites or work experience.

    delivery method:

    Pearson VUE Testing Center

    target audience:

    Individuals seeking entry- or junior-level cybersecurity roles.

    time limit minutes:

    120

    number of questions:

    100 - 125

    Exam Topics & Skills Assessed

    Skills measured (from the official study guide)

    Security Principles(26%)

    Understand the security concepts of information assurance

    • Confidentiality
    • Integrity
    • Availability
    • Authentication
    • Multi-factor authentication (MFA)
    • Non-repudiation
    • Privacy

    Understand the risk management process

    • Risk management
    • Risk priorities
    • Risk tolerance
    • Risk identification
    • Risk assessment
    • Risk treatment

    Understand security controls

    • Technical controls
    • Administrative controls
    • Physical controls

    Understand ISC2 Code of Ethics

    • Professional code of conduct

    Understand governance processes

    • Policies
    • Procedures
    • Standards
    • Regulations
    • Laws

    Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts(10%)

    Understand business continuity (BC)

    • Purpose of BC
    • Importance of BC
    • Components of BC

    Understand disaster recovery (DR)

    • Purpose of DR
    • Importance of DR
    • Components of DR

    Understand incident response

    • Purpose of Incident Response
    • Importance of Incident Response
    • Components of Incident Response

    Access Controls Concepts(22%)

    Understand physical access controls

    • Physical security controls
    • Badge systems
    • Gate entry
    • Environmental design
    • Monitoring
    • Security guards
    • Closed-circuit television (CCTV)
    • Alarm systems
    • Logs
    • Authorized versus unauthorized personnel

    Understand logical access controls

    • Principle of least privilege
    • Segregation of duties
    • Discretionary access control (DAC)
    • Mandatory access control (MAC)
    • Role-based access control (RBAC)

    Network Security(24%)

    Understand computer networking

    • Networks
    • Open Systems Interconnection (OSI) model
    • Transmission Control Protocol/Internet Protocol (TCP/IP) model
    • Internet Protocol version 4 (IPv4)
    • Internet Protocol version 6 (IPv6)
    • WiFi
    • Ports
    • Applications

    Understand network threats and attacks

    • Types of threats
    • Distributed denial-of-service (DDoS)
    • Virus
    • Worm
    • Trojan
    • Man-in-the-middle (MITM)
    • Side-channel attacks
    • Identification
    • Intrusion detection system (IDS)
    • Host-based intrusion detection system (HIDS)
    • Network intrusion detection system (NIDS)
    • Prevention
    • Antivirus
    • Scans
    • Firewalls
    • Intrusion prevention system (IPS)

    Understand network security infrastructure

    • On-premises infrastructure
    • Power
    • Data center/closets
    • Heating, Ventilation, and Air Conditioning (HVAC)
    • Environmental controls
    • Fire suppression
    • Redundancy
    • Memorandum of understanding (MOU)
    • Memorandum of agreement (MOA)
    • Network design
    • Network segmentation
    • Demilitarized zone (DMZ)
    • Virtual local area network (VLAN)
    • Virtual private network (VPN)
    • Micro-segmentation
    • Defense in depth
    • Network Access Control (NAC)
    • Segmentation for embedded systems
    • Internet of Things (IoT)
    • Cloud security
    • Service-level agreement (SLA)
    • Managed service provider (MSP)
    • Software as a Service (SaaS)
    • Infrastructure as a Service (IaaS)
    • Platform as a Service (PaaS)
    • Hybrid cloud

    Security Operations(18%)

    Understand data security

    • Encryption
    • Symmetric encryption
    • Asymmetric encryption
    • Hashing
    • Data handling
    • Data destruction
    • Data retention
    • Data classification
    • Data labeling
    • Logging and monitoring security events

    Understand system hardening

    • Configuration management
    • Baselines
    • Updates
    • Patches

    Understand best practice security policies

    • Data handling policy
    • Password policy
    • Acceptable Use Policy (AUP)
    • Bring your own device (BYOD) policy
    • Change management policy
    • Documentation
    • Approval
    • Rollback
    • Privacy policy

    Understand security awareness training

    • Purpose/concepts of security awareness training
    • Social engineering
    • Password protection
    • Importance of security awareness training

    Techniques & products

    Confidentiality
    Integrity
    Availability
    Authentication
    Multi-factor authentication (MFA)
    Non-repudiation
    Privacy
    Risk management
    Risk identification
    Risk assessment
    Risk treatment
    Technical controls
    Administrative controls
    Physical controls
    ISC2 Code of Ethics
    Professional code of conduct
    Policies
    Procedures
    Standards
    Regulations
    Laws
    Business Continuity (BC)
    Disaster Recovery (DR)
    Incident Response
    Physical security controls
    Badge systems
    Gate entry
    Environmental design
    Security guards
    Closed-circuit television (CCTV)
    Alarm systems
    Logs
    Principle of least privilege
    Segregation of duties
    Discretionary access control (DAC)
    Mandatory access control (MAC)
    Role-based access control (RBAC)
    Computer networking
    OSI model
    TCP/IP model
    IPv4
    IPv6
    WiFi
    Ports
    Applications
    Network threats
    Distributed denial-of-service (DDoS)
    Virus
    Worm
    Trojan
    Man-in-the-middle (MITM)
    Side-channel attacks
    Intrusion detection system (IDS)
    Host-based intrusion detection system (HIDS)
    Network intrusion detection system (NIDS)
    Antivirus
    Scans
    Firewalls
    Intrusion prevention system (IPS)
    Network security infrastructure
    On-premises infrastructure
    Power
    Data center
    Closets
    HVAC
    Environmental controls
    Fire suppression
    Redundancy
    Memorandum of understanding (MOU)
    Memorandum of agreement (MOA)
    Network design
    Network segmentation
    Demilitarized zone (DMZ)
    Virtual local area network (VLAN)
    Virtual private network (VPN)
    Micro-segmentation
    Defense in depth
    Network Access Control (NAC)
    Embedded systems
    Internet of Things (IoT)
    Cloud security
    Service-level agreement (SLA)
    Managed service provider (MSP)
    Software as a Service (SaaS)
    Infrastructure as a Service (IaaS)
    Platform as a Service (PaaS)
    Hybrid cloud
    Data security
    Encryption
    Symmetric encryption
    Asymmetric encryption
    Hashing
    Data handling
    Data destruction
    Data retention
    Data classification
    Data labeling
    Logging
    Monitoring security events
    System hardening
    Configuration management
    Baselines
    Updates
    Patches
    Security policies
    Data handling policy
    Password policy
    Acceptable Use Policy (AUP)
    Bring your own device (BYOD) policy
    Change management policy
    Privacy policy
    Security awareness training
    Social engineering
    Password protection

    CertSafari is not affiliated with, endorsed by, or officially connected to Isc2. Full disclaimer