30, 60, and 90 Day Study Plan with Readiness Thresholds
Key Takeaways
- A 30-day plan suits candidates with recent IT or networking exposure who can study most days.
- A 60-day plan is the practical default for most first-time beginners: learn, practice, repair.
- A 90-day plan fits candidates new to IT, returning after a break, or working with limited weekly time.
- Readiness is measured by explanation quality, full domain coverage, calm timed pacing, and falling repeat-miss rates, not by finishing pages.
- In the final week, cut resource-switching, rehearse Pearson VUE logistics, and protect sleep instead of cramming new material.
Choosing the Right Study Window
The best CC plan gives you enough repetition to make beginner security decisions without rushing. Match the window to your starting point: a 30-day plan works if you already know basic computer and network concepts and can study most days; a 60-day plan fits most first-time candidates because it allows learning, practice, and correction; a 90-day plan is better if you are new to IT, returning after a long gap, or have inconsistent weekly time and need to build vocabulary before timed sets.
30-Day Plan (IT-experienced, daily study)
| Days | Focus | Output |
|---|---|---|
| 1-7 | Security Principles + Access Controls | Explain CIA, privacy, authentication vs. authorization, least privilege in scenarios |
| 8-14 | Network Security | Identify secure protocols, segmentation, common threats, basic defenses |
| 15-20 | Security Operations + BC/DR/IR | Practice logging, monitoring, backups, incident reporting, recovery (RTO/RPO) |
| 21-26 | Mixed timed review | Build a missed-question notebook from timed sets |
| 27-30 | Final readiness | Re-review weak areas, exam facts, and pacing |
60-Day Plan (the beginner default)
| Days | Focus | Output |
|---|---|---|
| 1-14 | Domain 1 foundation | Security goals, governance, ethics, risk, privacy, control types |
| 15-25 | Domain 3 Access Controls | Identity, authentication factors, authorization, account lifecycle |
| 26-38 | Domain 4 Network Security | Protocols, secure communication, attacks, segmentation |
| 39-47 | Domains 2 and 5 | Incident response, continuity, operations, awareness, physical security |
| 48-56 | Mixed timed practice | Repair weak domains with written scenario explanations |
| 57-60 | Exam rehearsal | Pacing, rest, logistics, light review |
90-Day Plan (new to IT or limited time)
| Days | Focus | Output |
|---|---|---|
| 1-20 | Vocabulary + Security Principles | Personal glossary and scenario notes |
| 21-40 | Access + Network foundations | Diagrams for identity flow and network defenses |
| 41-60 | Operations, incident, continuity, recovery | Response-ordering and control-selection drills |
| 61-75 | Domain-by-domain repair | Targeted practice by missed-question pattern |
| 76-85 | Mixed timed sets | Stable pacing, fewer repeated mistakes |
| 86-90 | Final review | Logistics, confidence checks, light recall |
Readiness Thresholds
Do not schedule just because you finished the reading. Sit only when you clear these practical signals:
| Readiness signal | Target |
|---|---|
| Domain coverage | You have reviewed all five domains and can describe each in plain language |
| Scenario explanation | You can say why the right answer wins and why the tempting distractor is weaker |
| Timed practice | You finish mixed sets without rushing the final items, under the no-going-back CAT rule |
| Weak-area repair | Your repeat misses are dropping, not just a one-time score bump |
| Exam facts | You know the format, 120-minute limit, 100-125 items, 700/1000 scoring, languages, Pearson VUE delivery, US$199 fee plus US$50 AMF, and the outline dates |
Scenario: Should You Delay?
A candidate is five days out and still confuses authentication with authorization, misses incident-response ordering, and has not taken a timed mixed set. Delaying is reasonable if the appointment and voucher rules allow it — and Pearson VUE generally lets you reschedule up to 24 hours before, though late changes may carry a fee, so check your confirmation. A second candidate misses a few isolated terms but explains scenarios crisply and finishes timed sets calmly; that person may be ready despite imperfect scores. Readiness is stable judgment under real exam conditions, not a perfect practice average.
In the final week, stop switching resources. Review your own notes, drill mixed items, rehearse the Pearson VUE check-in logistics (valid ID, arrival time, no notes), and protect sleep. CC rewards clear beginner judgment, and exhaustion plus last-minute cramming directly undermine it.
After You Pass: Endorsement and Maintenance
Passing the exam is not the final step, and candidates who do not plan for it lose the credential. Within a set window after passing, you must complete the ISC2 endorsement process — you agree to abide by the ISC2 Code of Ethics and your application is endorsed (an existing ISC2-certified professional can endorse you, or ISC2 itself can act as endorser for CC). Only after endorsement is the certification formally granted.
To keep the credential active, plan for two recurring obligations: pay the US$50 Annual Maintenance Fee (AMF) each year, and earn 45 Continuing Professional Education (CPE) credits over the three-year certification cycle (roughly 15 per year, with at least some required annually). Building this into your plan from day one — for example, noting free ISC2 webinars and reading that count as CPEs — prevents the common and avoidable outcome of passing the exam, ignoring upkeep, and watching the certification lapse.
A Test-Day Checklist
Reduce avoidable failures with a fixed routine the night before and the morning of:
| Timing | Action |
|---|---|
| Night before | Confirm appointment time, Pearson VUE center location, and that your ID name matches your ISC2 profile |
| Night before | Pack the photo ID; set out clothing; sleep 7-8 hours instead of cramming |
| 30+ minutes before | Arrive at the Pearson VUE center; store phones and notes in your locker before check-in |
| During | Read each stem for the question word; commit each CAT answer; do not panic on hard items |
| After | Receive a provisional pass/fail result, then begin the endorsement process promptly |
A candidate who masters the five domains, practices judgment under timed conditions, and respects the logistics walks in calm — and calm is exactly the state the CC exam rewards.
Which candidate is the best fit for a 90-day CC study plan?
Which are valid readiness signals before sitting the CC exam? Select all that apply.
Select all that apply
Order the major phases of the 60-day beginner CC plan.
Arrange the items in the correct order