Certified in Cybersecurity (CC) Practice Exam
Certified in Cybersecurity (CC) Practice Exam
About Certified in Cybersecurity (CC) Exam
The Certified in Cybersecurity (CC) credential by ISC2, is designed for candidates new to the cybersecurity field, acknowledging the increasing trend of professionals entering cybersecurity without direct IT experience. Obtaining the Certified in Cybersecurity credential demonstrates to employers your solid grasp of essential technical concepts and your ability to learn on the job effectively.
Skills Acquired
The Certified in Cybersecurity (CC) credential validates your foundational knowledge, skills, and abilities, making you suitable for entry- or junior-level cybersecurity roles.
Who should take the exam?
By becoming Certified in Cybersecurity, you demonstrate to employers that you possess the foundational knowledge and enthusiasm necessary to join their cybersecurity teams. This certification is particularly beneficial for:
- IT professionals
- Individuals transitioning into cybersecurity from other fields
- College students or recent graduates
Ideal candidates for the Certified in Cybersecurity (CC) credential are:
- Problem solvers
- Creative thinkers
- Analytical and critical thinkers
- Enthusiastic about continuous learning opportunities
Exam Details
- Exam Duration: 2 hours
- Number of Questions: 100
- Exam Format: Multiple choice
- Passing Grade: 700 out of 1000 points
- Exam Languages: English, Chinese, Japanese, German
Course Outline
The Certified in Cybersecurity (CC) covers the following topics -
Domain 1- Describe Security Principles
1.1 Understanding Information Assurance Security Concepts
- Confidentiality
- Integrity
- Availability
- Authentication (e.g., methods, multi-factor authentication (MFA))
- Non-repudiation
- Privacy
1.2 Understanding Risk Management Process
- Risk management (e.g., priorities, tolerance)
- Risk identification, assessment, and treatment
1.3 Understanding Security Controls
- Technical controls
- Administrative controls
- Physical controls
1.4 Undertsanding ISC2 Code of Ethics
- Professional code of conduct
1.5 Understanding Governance Processes
- Policies
- Procedures
- Standards
- Regulations and laws
Domain 2 - Describe Business Continuity (BC), Disaster Recovery (DR), & Incident Response
2.1 Understanding Business Continuity (BC)
- Purpose
- Importance
- Components
2.2 Understanding Disaster Recovery (DR)
- Purpose
- Importance
- Components
2.3 Understanding Incident Response
- Purpose
- Importance
- Components
Domain 3: Describe Access Controls Concepts
3.1 Understanding Physical Access Controls
- Physical security controls (e.g., badge systems, gate entry, environmental design)
- Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)
- Authorized versus unauthorized personnel
3.2 Understanding Logical Access Controls
- Principle of least privilege
- Segregation of duties
- Discretionary access control (DAC)
- Mandatory access control (MAC)
- Role-based access control (RBAC)
Domain 4: Describe Network Security
4.1 Understanding Computer Networking
- Networks (e.g., OSI model, TCP/IP model, IPv4, IPv6, WiFi)
- Ports
- Applications
4.2 Understanding Network Threats and Attacks
- Types of threats (e.g., DDoS, virus, worm, Trojan, man-in-the-middle (MITM), side-channel)
- Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))
- Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))
4.3 Understanding Network Security Infrastructure
- On-premises (e.g., power, data center/closets, HVAC, environmental, fire suppression, redundancy, MOU/MOA)
- Design (e.g., network segmentation (DMZ, VLAN, VPN, micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT)))
- Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
Domain 5: Describe Security Operations
5.1 Understanding Data Security
- Encryption (e.g., symmetric, asymmetric, hashing)
- Data handling (e.g., destruction, retention, classification, labeling)
- Logging and monitoring security events
5.2 Understanding System Hardening
- Configuration management (e.g., baselines, updates, patches)
5.3 Understanding Best Practice Security Policies
- Data handling policy
- Password policy
- Acceptable Use Policy (AUP)
- Bring your own device (BYOD) policy
- Change management policy (e.g., documentation, approval, rollback)
- Privacy policy
5.4 Understanding Security Awareness Training
- Purpose/concepts (e.g., social engineering, password protection)
- Importance
What do we offer?
- Full-Length Mock Test with unique questions in each test set
- Practice objective questions with section-wise scores
- In-depth and exhaustive explanation for every question
- Reliable exam reports evaluating strengths and weaknesses
- Latest Questions with an updated version
- Tips & Tricks to crack the test
- Unlimited access
What are our Practice Exams?
- Practice exams have been designed by professionals and domain experts that simulate real-time exam scenario.
- Practice exam questions have been created on the basis of content outlined in the official documentation.
- Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
- Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
- You can also create your own practice exam based on your choice and preference