200+ Free CC Practice Questions

Pass your ISC2 CC Certified in Cybersecurity exam on the first try — instant access, no signup required.

✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately

~75% Pass Rate

200+ Questions

100% Free

1 / 200

Question 1

Score: 0/0

Which of the following is the correct definition of confidentiality in the CIA triad?

Ensuring data is accessible when needed

Preventing unauthorized access to information

Verifying the accuracy and completeness of data

Tracking user actions for accountability

to track

2026 Statistics

Key Facts: CC Exam

100

Exam Questions

ISC2

700/1000

Passing Score

70%

2 hours

Exam Duration

ISC2

$199

Exam Fee

ISC2 ($0 via 1MCC)

Domains Covered

ISC2

None

Experience Required

Entry-level

The ISC2 CC (Certified in Cybersecurity) exam uses CAT (Computerized Adaptive Testing) with 100 questions to be completed in 2 hours. The passing score is 700/1000 (70%). The exam covers 5 domains: Security Principles (26%), Business Continuity/DR/Incident Response (10%), Access Controls Concepts (22%), Network Security (24%), and Security Operations (18%). This entry-level certification requires no prior experience.

Sample CC Practice Questions

Try these sample questions to test your CC exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 200+ question experience with AI tutoring.

1Which of the following is the correct definition of confidentiality in the CIA triad?

A.Ensuring data is accessible when needed

B.Preventing unauthorized access to information

C.Verifying the accuracy and completeness of data

D.Tracking user actions for accountability

Explanation: Confidentiality ensures that information is accessible only to those authorized to have access. It prevents unauthorized disclosure of sensitive data. Availability ensures data is accessible when needed, integrity ensures accuracy, and accountability involves tracking actions.

2A company implements a system to verify that financial records have not been tampered with. Which security principle is being enforced?

A.Confidentiality

B.Integrity

C.Availability

D.Non-repudiation

Explanation: Integrity ensures that data is accurate, complete, and has not been modified without authorization. This includes protecting against unauthorized modification, deletion, or tampering. Financial record verification is a classic example of integrity protection.

3Which security principle is primarily concerned with ensuring systems and data are accessible to authorized users when needed?

A.Confidentiality

B.Integrity

C.Availability

D.Authentication

Explanation: Availability ensures that systems, data, and resources are accessible and usable by authorized users when needed. This includes protecting against denial-of-service attacks, hardware failures, and ensuring adequate capacity and performance.

4What type of security control is a firewall that blocks unauthorized network traffic?

A.Administrative control

B.Physical control

C.Technical control

D.Operational control

Explanation: Firewalls are technical (or logical) controls because they use technology to enforce security policies. Technical controls include hardware and software mechanisms like firewalls, encryption, and access control systems. Administrative controls are policies and procedures, while physical controls protect physical assets.

5Which of the following BEST describes a preventive security control?

A.A security camera that records activity

B.An antivirus program that blocks malware

C.A log review that detects suspicious activity

D.A backup system that restores lost data

Explanation: Preventive controls are designed to stop security incidents before they occur. An antivirus program that blocks malware is a preventive control. Security cameras are detective controls, log reviews are detective controls, and backup systems are corrective controls.

6A security guard monitoring building entrances represents which type of security control?

A.Technical control

B.Physical control

C.Administrative control

D.Logical control

Explanation: Security guards are physical controls because they protect physical assets and facilities. Physical controls include guards, fences, locks, and surveillance cameras. Technical controls are technology-based, and administrative controls are policy-based.

7Which of the following is an example of an administrative security control?

A.Encryption of sensitive data

B.Security awareness training program

C.Biometric access control system

D.Fire suppression system

Explanation: Administrative controls are policy, procedure, or training-based controls. Security awareness training is an administrative control. Encryption is a technical control, biometric systems are technical controls, and fire suppression is a physical control.

8In risk management, what term describes the process of identifying and evaluating potential threats to an organization?

A.Risk mitigation

B.Risk assessment

C.Risk transfer

D.Risk acceptance

Explanation: Risk assessment is the process of identifying potential threats, vulnerabilities, and the likelihood and impact of risks. Risk mitigation reduces risk, risk transfer shifts risk (like insurance), and risk acceptance acknowledges but does not address the risk.

9A company decides to purchase cyber insurance to offset potential financial losses from a data breach. Which risk treatment strategy is being used?

A.Risk avoidance

B.Risk mitigation

C.Risk transfer

D.Risk acceptance

Explanation: Risk transfer involves shifting the financial impact of risk to a third party, typically through insurance. Risk avoidance eliminates the risk entirely, risk mitigation reduces the risk, and risk acceptance means acknowledging the risk without taking action.

10According to the (ISC)² Code of Ethics, which of the following is a priority for certified professionals?

A.Maximize profits for their employer

B.Protect society, the common good, and the infrastructure

C.Prioritize client requests above all else

D.Maintain technical certifications through any means

Explanation: The (ISC)² Code of Ethics states that certified professionals must protect society, the common good, necessary public trust and confidence, and the infrastructure. This is the primary canon, taking precedence over employer loyalty or client requests.

About the CC Exam

The ISC2 Certified in Cybersecurity (CC) is an entry-level certification designed for individuals starting their cybersecurity career. It requires no prior work experience and covers five fundamental domains: Security Principles, Business Continuity/Disaster Recovery/Incident Response, Access Controls Concepts, Network Security, and Security Operations. The exam uses Computerized Adaptive Testing (CAT) to efficiently assess candidate knowledge.

Questions

100 scored questions

Time Limit

2 hours

Passing Score

700/1000 (70%)

Exam Fee

$199 ($0 for 1MCC initiative) ((ISC)² / Pearson VUE)

CC Exam Content Outline

26%

Security Principles

Confidentiality, integrity, availability (CIA triad), security governance, risk management, security controls (preventive, detective, corrective, deterrent), and ISC2 Code of Ethics

10%

Business Continuity/DR/Incident Response

Business continuity planning, disaster recovery strategies (hot/warm/cold sites), RTO/RPO concepts, and incident response phases (preparation, detection, containment, eradication, recovery, lessons learned)

22%

Access Controls Concepts

Authentication methods (passwords, biometrics, MFA), authorization models (RBAC, MAC, DAC, ABAC), least privilege, separation of duties, and physical access controls

24%

Network Security

Network protocols (TCP/IP, OSI model), network devices (firewalls, routers, switches), network attacks (DoS, MitM, spoofing), VPNs, wireless security, and segmentation

18%

Security Operations

Data security (encryption, hashing), system hardening, patch management, security awareness, log monitoring, change management, and secure disposal of media

How to Pass the CC Exam

What You Need to Know

Passing score: 700/1000 (70%)
Exam length: 100 questions
Time limit: 2 hours
Exam fee: $199 ($0 for 1MCC initiative)

Keys to Passing

Complete 500+ practice questions
Score 80%+ consistently before scheduling
Focus on highest-weighted sections
Use our AI tutor for tough concepts

CC Study Tips from Top Performers

1Focus on Security Principles (26%) — understand CIA triad, risk management, and the (ISC)² Code of Ethics thoroughly

2Master access control models — know the differences between RBAC, MAC, DAC, and ABAC and when each is used

3Learn network security fundamentals — OSI model layers, TCP vs UDP, common ports, firewall types, and VPN concepts

4Understand incident response phases — preparation, detection, containment, eradication, recovery, and lessons learned

5Study business continuity concepts — RTO vs RPO, hot/warm/cold sites, backup types (full, incremental, differential)

6Review security operations basics — encryption vs hashing, symmetric vs asymmetric, patch management, secure disposal

7Complete 200+ practice questions and score 75%+ consistently before scheduling the exam

Frequently Asked Questions

What is the ISC2 CC exam format?

The ISC2 CC exam uses Computerized Adaptive Testing (CAT) with 100 questions to be completed in 2 hours. The passing score is 700 out of 1000 (70%). The exam consists of multiple-choice questions. CAT adapts question difficulty based on your performance, providing a more efficient assessment.

Do I need experience for the ISC2 CC certification?

No — the Certified in Cybersecurity (CC) is designed as an entry-level certification with no prior work experience required. This makes it ideal for career changers, recent graduates, and those just starting in cybersecurity. You will need to obtain your certification within 3 years and pay an annual maintenance fee ($50/year) to keep it active.

What is the 1MCC initiative?

The 1MCC (One Million Certified in Cybersecurity) initiative by (ISC)² offers free CC certification exams and training to the first one million candidates. This initiative aims to help address the global cybersecurity workforce gap by making entry-level certification accessible to everyone. Check the ISC2 website for current availability.

What are the 5 domains of ISC2 CC?

The CC exam covers five domains: (1) Security Principles (26%): CIA triad, governance, risk management, security controls, ethics; (2) Business Continuity/DR/IR (10%): BCP, DR strategies, incident response phases; (3) Access Controls Concepts (22%): Authentication, authorization models, least privilege; (4) Network Security (24%): Protocols, devices, attacks, wireless security; (5) Security Operations (18%): Data security, hardening, patch management, awareness.

How long should I study for the ISC2 CC exam?

Most candidates study for 4-6 weeks, investing 40-60 hours total. If you have IT background, 2-3 weeks may suffice. Key study areas: 1) Understand the CIA triad and security principles; 2) Learn access control models (RBAC, MAC, DAC); 3) Study network basics (OSI model, protocols, devices); 4) Review incident response and business continuity concepts; 5) Complete 200+ practice questions and score 75%+ consistently.

How do I maintain my ISC2 CC certification?

CC certification requires annual maintenance fees ($50/year) and adherence to the ISC2 Code of Ethics. You must earn Continuing Professional Education (CPE) credits to maintain certification after the initial period. The exact CPE requirements depend on your certification status — check the ISC2 website for current maintenance policies.

What jobs can I get with ISC2 CC certification?

The CC certification prepares you for entry-level cybersecurity roles including: Security Analyst, SOC Analyst (Tier 1), IT Support Specialist, Junior Security Consultant, and Cybersecurity Technician. It provides a foundation for advancing to higher-level certifications like Security+, SSCP, and eventually CISSP. CC demonstrates to employers that you have fundamental cybersecurity knowledge and commitment to the field.