ISC2 · 2026 Edition
A complete preparation guide written by ISC2-certified engineers. Covers the exam format,all 5 blueprint domains, a week-by-week study plan, and proven tips for passing first time.
4–8 weeks
Prep time
Beginner
Difficulty
100
Exam questions
700/1000
Pass mark
Exam code
CC
Full name
Certified in Cybersecurity
Vendor
ISC2
Duration
120 minutes
Questions
100 items
Passing score
700/1000 (scaled)
Domains covered
5 blueprint domains
Recommended experience
No prerequisites and no work experience required — designed as an entry-level credential
Typical prep time
4–8 weeks
The (ISC)² Certified in Cybersecurity (CC) is a free entry-level credential designed to open doors to cybersecurity careers. It validates foundational knowledge and is a credential employers can use to identify candidates serious about the field.
Job roles this opens
Domain percentage weights are not currently available for this exam. The checklist below is still useful for planning your study.
Weeks 1–2
Security Principles: CIA triad, access controls, authentication, security policies
Tip: (ISC)² offers a free self-paced CC training course on their website — start there. The course aligns directly with the exam domains and is produced by the same organisation that writes the exam.
Weeks 3–4
Incident Response, Business Continuity and Disaster Recovery
Tip: Know the NIST incident response lifecycle: Preparation → Detection and Analysis → Containment, Eradication and Recovery → Post-Incident Activity. BCDR concepts: RTO (how fast you recover), RPO (how much data loss you can accept), BIA (identifies critical business functions).
Weeks 5–6
Access Controls, Network Security, and Security Operations
Tip: Access control models: DAC (Discretionary — owner controls access, most flexible), MAC (Mandatory — labels enforced by system, most restrictive, used in government), RBAC (Role-Based — access by job function, most common in enterprises). Know when each is appropriate.
Weeks 7–8
Practice questions and review of weak areas
Tip: The CC exam has 100 questions in 3 hours and requires a score of 700/1000 to pass. The questions are scenario-based — they describe a situation and ask what you should do. Focus on understanding the WHY behind each control, not just its name.
The CC certification exam fee was waived by (ISC)² as part of their One Million Certified in Cybersecurity initiative — check their website for current pricing, which may have changed.
The CC is a stepping stone, not a destination. Plan your path to Security+ or SSCP after earning CC — employers value the credential as an entry point but expect progression.
Network security topics on CC: know the difference between a firewall (filters traffic by rules), IDS (detects intrusions, does not block), and IPS (detects and blocks intrusions). Also know what a VPN does at a high level.
Cryptography on CC is introductory: know that symmetric encryption (same key for encrypt/decrypt — AES) is faster, asymmetric encryption (public/private key pair — RSA) enables key exchange, and hashing (SHA-256) verifies integrity without encryption.
CC recertification requires 45 CPE credits over 3 years. (ISC)² offers many free CPE opportunities through their member portal, including webinars and chapter events.
Apply everything in this guide with adaptive practice questions, detailed answer explanations, and domain analytics.
Deep-dive explanations of the key topics tested on CC — with exam key points and common misconceptions.