ISC2 Certified in Cybersecurity (CC) Exam Prep & Study Guide

PROFESSIONAL TRAINING SERIES

Certified in

Cybersecurity

CC

ISC2 — (ISC)² Foundation Certification

5 Domains

Entry-Level Certification

Professional Training • March 2026

ISC2 CC

ISC2 CC — Course Agenda

What We'll Cover

5 Domains

125 Questions

2 Hours Exam

01

About ISC2 & the CC Certification

02

Domain 1: Security Principles

03

Domain 2: Business Continuity & Disaster Recovery

04

Domain 3: Access Controls

05

Domain 4: Network Security

06

Domain 5: Security Operations

About ISC2

The World's Leading Cybersecurity Professional Organization

Est. 1988

Over 35 Years of Excellence

600,000+

Certified Members Worldwide

160+ Countries

Global Reach

Mission

To support and grow a safe and secure cyber world

What is ISC2?

ISC2 (International Information System Security Certification Consortium) is a nonprofit organization focused on cybersecurity education and certification.

Key Certifications

CISSP

CCSP

CSSLP

CAP

CC (Certified in Cybersecurity)

ISC2 offers FREE access to the CC certification for qualifying candidates

Certified in

Cybersecurity

(CC)

Your Gateway into the Cybersecurity Profession

Entry-Level Credential

Designed for those new to cybersecurity — no prior experience required.

Globally Recognized

Accepted worldwide as proof of foundational cybersecurity knowledge.

Exam Details

100 questions | 2-hour time limit | Multiple choice | Passing score: 700/1000.

Career Pathway

First step toward CISSP and other advanced ISC2 certifications.

FREE for qualifying candidates through ISC2's 1 Million Certified in Cybersecurity initiative

DOMAIN 1 OF 5

Security Principles

Understanding the Foundation of Information Security

26% of the CC Exam

CIA Triad

Confidentiality, Integrity, Availability

Security Concepts

Authentication, Authorization, Accounting

Risk Management

Identify, Assess, Mitigate

Key topics covered in this domain

Domain 1

Core Security Principles

CIA Triad & Foundational Concepts

Confidentiality

Ensuring information is accessible only to authorized individuals

Integrity

Maintaining accuracy and completeness of data

Availability

Ensuring systems and data are accessible when needed

Authentication

Verifying identity (Who are you?)

Authorization

Granting access (What can you do?)

Accountability

Tracking actions (What did you do?)

Non-repudiation

Proof of actions (Can't deny it)

Privacy

Protecting personal data

Zero Trust

Never trust, always verify

CIA Triad is the most tested concept in Domain 1

DOMAIN 2 OF 5

Business Continuity, DR & Incident Response

Preparing for and Responding to Disruptions

10% of the CC Exam

Business Continuity (BC)

Maintaining operations during disruptions

Disaster Recovery (DR)

Restoring systems after an incident

Incident Response (IR)

Detecting and responding to security incidents

RTO

RPO

BCP

DRP

COOP

MTD

BIA

DOMAIN 3 OF 5

Access Controls Concepts

Controlling Who Gets Access to What

22% of the CC Exam

Physical Controls

Locks, badges, guards, fences

Logical Controls

Passwords, MFA, ACLs, firewalls

Administrative Controls

Policies, procedures, training

DAC

MAC

RBAC

ABAC

Rule-Based

Key topics covered in this domain

DOMAIN 4 OF 5

Network Security

Protecting Data in Transit and Network Infrastructure

24% of the CC Exam

Network Threats

Network Controls

Secure Protocols

<ul style="color: #E2E8F0; font-size: 24px; font-weight: 400; line-height: 1.8; margin: 0; padding-left: 24px;"><li style="margin-bottom: 10px;">DoS & DDoS</li><li style="margin-bottom: 10px;">Man-in-the-Middle (MITM)</li><li style="margin-bottom: 10px;">Spoofing</li><li style="margin-bottom: 10px;">Sniffing</li></ul>

<ul style="color: #E2E8F0; font-size: 24px; font-weight: 400; line-height: 1.8; margin: 0; padding-left: 24px;"><li style="margin-bottom: 10px;">Firewalls</li><li style="margin-bottom: 10px;">IDS / IPS</li><li style="margin-bottom: 10px;">VPN</li><li style="margin-bottom: 10px;">DMZ</li></ul>

<ul style="color: #E2E8F0; font-size: 24px; font-weight: 400; line-height: 1.8; margin: 0; padding-left: 24px;"><li style="margin-bottom: 10px;">HTTPS & TLS</li><li style="margin-bottom: 10px;">SSH</li><li style="margin-bottom: 10px;">SFTP</li><li style="margin-bottom: 10px;">DNSSEC</li></ul>

⚡ Exam Tip: Know the OSI model layers and their associated security controls

DOMAIN 5 OF 5

Security Operations

Day-to-Day Security Activities and Best Practices

18% of the CC Exam

Data Security

Classification, Handling, Encryption, DLP

System Hardening

Patching, Config management, Least privilege

Security Awareness

Training, Phishing simulation, Policy compliance

Encryption

DLP

Patch Management

SIEM

Hardening

Exam Preparation

How to Prepare for the ISC2 CC Exam

Study Resources

ISC2 Official Study Guide

ISC2 Free Self-Paced Training

Official Practice Exams

Cybrary & Coursera courses

YouTube study channels

Exam Format

100 Multiple Choice Questions

2-Hour Time Limit

Passing Score: 700/1000

Computer-Based Testing (CBT)

Available at Pearson VUE centers

Online proctored option available

Study Timeline

Domain 1 & 2

Domain 3 & 4

Domain 5

Full review & Practice exams

Final prep & schedule exam

100 Questions

700/1000 Pass

2 Hours

Exam Domain Weights

Understanding the CC Exam Structure

Security Principles

26%

BC/DR/IR

10%

Access Controls

22%

Network Security

24%

Security Operations

18%

Total: 100 questions | 2 hours | Passing: 700/1000

Essential Terminology

Key Terms Every CC Candidate Must Know

Confidentiality

Keeping data private and accessible only to authorized users

Integrity

Ensuring data accuracy and preventing unauthorized modification

Availability

Ensuring systems are accessible when needed

Authentication

Verifying the identity of a user or system

Authorization

Granting appropriate access rights to verified users

Non-repudiation

Proof that an action or transaction occurred

Risk

The probability and impact of a threat exploiting a vulnerability

Vulnerability

A weakness that can be exploited by a threat

Threat

A potential cause of an unwanted incident

Firewall

A network device that filters traffic based on rules

Encryption

Converting data into unreadable format to protect it

MFA

Multi-Factor Authentication using multiple verification methods

Patch

Software update that fixes security vulnerabilities

VPN

Virtual Private Network for secure remote connections

SIEM

Security Information and Event Management system

Career Opportunities

Where the CC Certification Can Take You

CC — Entry Level

CCSP

CISSP

CISSP Concentrations

SOC Analyst

Monitor and analyze security events

IT Security Analyst

Assess and improve security posture

Cybersecurity Specialist

Implement security controls

Information Security Officer

Manage security programs

Network Security Administrator

Secure network infrastructure

Compliance Analyst

Ensure regulatory compliance

Average entry-level cybersecurity salary: $65,000–$85,000/year (US Market)

How to Get Certified

Step-by-Step Certification Journey

Create ISC2 Account

Register at isc2.org

Access Free Training

Complete the free self-paced course

Schedule Exam

Book through Pearson VUE

Take the Exam

100 questions, 2 hours

Receive Results

Pass with 700/1000

Maintain Certification

45 CPE credits every 3 years

Exam Fee

$199 USD (or FREE through ISC2 initiative)

Maintenance

Annual maintenance fee after certification

CPE Requirements

45 credits in 3-year cycle

Online Exam

Available via online proctoring

Retake Policy

Wait 30 days after failing

Visit isc2.org to register and access free study materials

Practice Questions

Test Your Knowledge — Sample CC Exam Questions

Which element of the CIA Triad ensures that information is accessible to authorized users when needed?

Availability

Confidentiality

Integrity

Authentication

What is the primary purpose of Multi-Factor Authentication (MFA)?

To verify identity using two or more verification methods

To encrypt data

To monitor network traffic

To block malware

Which type of access control model uses labels like "Top Secret" and "Classified"?

Mandatory Access Control (MAC)

DAC

RBAC

ABAC

What does RTO stand for in Business Continuity Planning?

Recovery Time Objective

Risk Tolerance Order

Restored Technology Option

Real-Time Output

You're Ready!

Begin Your Cybersecurity Journey

Every expert was once a beginner. Your ISC2 CC journey starts now.

Study

Access free ISC2 training at isc2.org

Practice

Take practice exams and review all 5 domains

Certify

Schedule your exam at Pearson VUE

ISC2 Certified in Cybersecurity (CC) | Professional Training | March 2026