ISC2 · Official Blueprint · Last reviewed May 2026
The official ISC2 CC exam covers 5 domains. Domain weights tell you exactly how much of the exam each topic represents — and where to invest your study time.
Covers the topics, concepts, and applied skills examined under the Security Principles domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Business Continuity, Disaster Recovery, and Incident Response domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Access Controls Concepts domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Covers the topics, concepts, and applied skills examined under the Network Security domain. Study the official exam objectives and practise questions in this area to build confidence and accuracy before your exam.
Incident response lifecycle, digital forensics, threat hunting, SIEM/SOAR tools, log analysis, and security automation.
The heaviest domain on the CC is "Security Principles" at null%. Start here and return to it regularly.
Allocate study time proportional to domain weight — a 25% domain deserves roughly 25% of your prep hours.
Never skip a low-weight domain. A 10% domain still represents 5–7 exam questions — enough to make the difference between pass and fail.
Use Courseiva domain analytics to track your accuracy per domain automatically. The system routes extra questions to your weak areas.
Courseiva tracks your accuracy per domain automatically and routes you toward your weakest areas — no manual configuration needed.