ISC2 · CC
The ISC2 Certified in Cybersecurity (CC) validates foundational knowledge and skills required for entry- or junior-level cybersecurity roles. It covers security principles, access controls, network security, and incident response concepts.
Questions
838
Duration
120 minutes
Passing Score
700/1000
Difficulty
FoundationalLast Updated
Mar 2026
Use this CC practice exam to prepare for Certified in Cybersecurity (CC) with realistic questions, detailed explanations, and focused study modes. The practice bank includes 838 questions for ISC2 CC, so you can review the exam steadily instead of relying on one long cram session.
As you practice, pay extra attention to recurring topics such as Security Principles, Business Continuity, Disaster Recovery & Incident Response, Access Controls Concepts, Network Security, and Security Operations. Start with short sessions to identify weak areas, then move into timed quizzes once your accuracy is consistent.
The explanations are especially useful when you want to connect exam wording to the responsibilities and scenarios described in the official certification guidance. Use the free preview first, then unlock the full question bank when you are ready to build a complete study routine.
The ISC2 Certified in Cybersecurity (CC) is an entry-level certification developed by ISC2 — the world's largest association of certified cybersecurity professionals — to validate foundational knowledge and skills required for junior cybersecurity roles. The credential covers five core domains: Security Principles (including the CIA triad, risk management, and governance), Business Continuity and Disaster Recovery, Access Controls, Network Security, and Security Operations. It is accredited by ANAB to ISO/IEC Standard 17024, signifying its adherence to internationally recognized standards for personnel certification.
The CC was created specifically to address the global cybersecurity workforce shortage, which ISC2 estimated at nearly 4.8 million unfilled positions in 2024. It serves as both a standalone entry-level credential and a structured pathway to advanced ISC2 certifications such as the CISSP. Uniquely among professional certifications, ISC2 has offered free training and exam vouchers to qualifying candidates as part of its One Million Certified in Cybersecurity initiative, significantly lowering the barrier to entry for career changers and new graduates.
The CC is designed for individuals at the beginning of their cybersecurity careers, including career changers transitioning from unrelated fields, recent college graduates or current students in IT or computer science programs, and IT generalists looking to formalize their security knowledge. ISC2 explicitly states that no prior work experience in cybersecurity or IT is required to sit for the exam, making it one of the most accessible professional certifications available.
The credential is particularly well-suited for individuals in roles such as help desk technician, IT support specialist, or junior systems administrator who want to move into dedicated security positions like SOC Analyst, Security Analyst, or IT Security Specialist. Analytical, problem-solving individuals who are new to the field but want a recognized credential to validate their foundational knowledge will benefit most from pursuing the CC.
ISC2 does not impose any formal prerequisites for the CC exam — there is no minimum work experience requirement, no prior certifications required, and no educational prerequisites. This policy sets the CC apart from nearly all other professional security credentials and makes it accessible to complete newcomers to the field.
While not required, ISC2 recommends familiarity with basic IT concepts before studying for the exam. Candidates who have completed coursework in networking fundamentals, operating systems, or general IT principles will find the material easier to absorb. After passing the exam, candidates must pay a $50 Annual Maintenance Fee (AMF) to complete certification and gain ISC2 member status; no endorsement from an existing ISC2 member is required, unlike the CISSP process.
The CC exam consists of 100 to 125 items, which include multiple-choice questions and advanced item types such as drag-and-drop and hotspot questions. The time limit is 2 hours (120 minutes). The exam is delivered via Pearson VUE in a computerized adaptive testing (CAT) format, available at authorized testing centers worldwide or via online proctoring. The exam is offered in English, Chinese, Japanese, German, and Spanish.
Scoring is on a scale of 0 to 1000, and the passing score is 700. The adaptive format means the difficulty of questions adjusts dynamically based on candidate performance, and the total number of questions delivered may vary within the 100–125 range depending on the test engine's assessment of candidate ability. Candidates should be prepared for both straightforward knowledge-recall questions and scenario-based items that require applying concepts to real-world situations.
Earning the CC positions candidates for entry-level and junior cybersecurity roles in a field that the U.S. Bureau of Labor Statistics projects will grow 32% by 2032 — more than ten times the average growth rate across all occupations. Common job titles pursued by CC holders include SOC Analyst, Security Analyst, IT Security Specialist, and Cybersecurity Technician, with entry-level salaries in the United States typically ranging from $60,000 to $85,000 annually. ISC2 reports that its certified members earn 35% higher salaries than non-members, and survey data shows that 10% of CC holders received a salary increase and 7% received a promotion within their first certification cycle.
Beyond immediate job placement, the CC serves as the foundational step in the ISC2 certification pathway, familiarizing candidates with ISC2's exam format and professional standards before advancing toward credentials such as the SSCP or CISSP. Compared to alternatives like CompTIA Security+, the CC's lack of prerequisites and free exam availability make it a lower-risk entry point, while ISC2's brand recognition — as the organization behind CISSP, the most recognized advanced security certification globally — lends the CC meaningful credibility with hiring managers and HR systems that filter for ISC2 credentials.
5 sample questions with answers and explanations. Start a practice session to test yourself across all 838 questions.
Preview — answers shown1. A company implements a backup strategy where a full backup runs every Sunday night, and every night Monday through Saturday, only the data that has changed since the last full backup is copied. The archive bit is left set to 1 after each incremental backup. On Friday morning, the system fails. Which backup sets are needed to restore the system? (Select one!)
Explanation
This scenario describes differential backups, not incremental backups. Differential backups copy all changes since the last full backup and leave the archive bit set to 1, meaning each differential grows larger but restoration only requires the full backup plus the most recent differential. To restore on Friday morning after Thursday night's backup, only the Sunday full and Thursday differential are needed. Incremental backups reset the archive bit to 0 and would require the full backup plus every incremental in sequence. The question's mention of the archive bit remaining at 1 is the key indicator of differential backups.
2. A security administrator needs to protect sensitive files on laptop computers to ensure data remains unreadable if a device is lost or stolen. The solution must protect data while the laptop is powered off or the hard drive is removed. Which data protection state and technology combination is most appropriate? (Select one!)
Explanation
Data at rest protection using Full Disk Encryption (FDE) is the appropriate solution for protecting stored data on laptop hard drives when devices are lost or stolen. FDE encrypts all data on the storage device, rendering it unreadable without the proper decryption key even if the physical drive is removed. Data in transit protection (TLS or IPsec) secures data moving across networks but does not protect stored data on a powered-off device. Data in use protection addresses data being actively processed in memory, which is not relevant when a laptop is powered off or stolen. The scenario specifically describes a data at rest protection requirement because the concern is unauthorized access to stored files on a physical device.
3. A retail organization implements a policy requiring employees to use passwords that are at least 12 characters long, contain uppercase and lowercase letters, numbers, and special characters, and must be changed every 90 days. What type of security control is this password policy? (Select one!)
Explanation
A password policy is an administrative control because it is a documented rule, procedure, or organizational directive that governs behavior. While password enforcement mechanisms (like technical controls that check complexity) support the policy, the policy itself is administrative. Administrative controls include policies, procedures, standards, and guidelines that direct people and processes. The policy serves multiple purposes including preventive and detective functions, but its implementation mechanism is administrative.
4. A security operations center implements NIST SP 800-61 incident response procedures. During an active ransomware outbreak affecting multiple servers, the team faces competing priorities: isolating infected systems to stop spread, preserving forensic evidence for legal prosecution, and restoring business operations. According to NIST and ISC2 best practices, which priority should guide the immediate response? (Select one!)
Explanation
Containment is the highest priority during active incident response according to both NIST SP 800-61 and ISC2 best practices. Isolating infected systems prevents lateral movement and stops the incident from escalating. While evidence preservation is important, containment may sometimes take priority over forensics as a business decision when active threats are spreading. Business restoration occurs during the recovery phase after containment and eradication are complete. Full analysis happens during the detection and analysis phase, but once an incident is confirmed active, immediate containment prevents additional damage. The proper sequence is detect, contain, eradicate, then recover.
5. An office building implements multiple security measures: a 6-foot fence surrounds the perimeter, security cameras monitor all entry points, employees must badge through card readers to unlock doors, and security guards patrol the facility 24/7. Which control serves all three functional purposes of preventive, detective, and deterrent? (Select one!)
Explanation
Security guards serve as preventive controls by physically blocking unauthorized access, detective controls by observing and identifying security incidents as they occur, and deterrent controls by creating psychological barriers that discourage potential intruders. The perimeter fence is primarily preventive and deterrent but not detective. Security cameras are detective and deterrent but do not actively prevent entry. Badge readers are primarily technical authentication controls that prevent unauthorized access but do not actively detect or deter in the same comprehensive manner as human guards.
Certified Cloud Security Professional (CCSP)
CCSP · 850 questions
Certified in Governance, Risk and Compliance (CGRC)
CGRC · 850 questions
Certified Information Systems Security Professional (CISSP)
CISSP · 850 questions
Information Systems Security Architecture Professional (ISSAP)
ISSAP · 850 questions
Information Systems Security Engineering Professional (ISSEP)
ISSEP · 850 questions
Systems Security Certified Practitioner (SSCP)
SSCP · 849 questions
$17.99
One-time access to this exam