Back to ISC2 Certified in Cybersecurity CC

ISC2 exam questions

ISC2 Certified in Cybersecurity CC practice test

Practise RAM questions covering identification, installation, speeds, dual-channel, and troubleshooting for the CC exam.

500
practice questions
5
topics covered
CC
exam code
ISC2
vendor

Study modes

Three ways to study

Start with the Study Sheet to learn the material, switch to Practice Tests for active recall, then take a Mock Exam to simulate the real thing.

Study Sheet

All 500 questions with correct answers and explanations already visible. Read at your own pace — no time pressure.

Start reading →

Practice Test

Answer first, then see feedback and explanation. Tracks your score per session. Best for active recall and identifying weak areas.

Mock Exam

Full timed simulation with countdown. Answers hidden until the end. Includes all question types just like the real exam.

Start mock exam →

Study Sheet

All 500 CC questions with answers

Every question in the bank, paginated 75 per page. Correct answers and full explanations are revealed upfront — ideal for first-pass learning and pre-exam review.

7 pages · 75 questions per page · 500 total

Domain practice

Study CC by domain

Each domain has its own study sheet and practice test. Target the areas where you're weakest instead of repeating questions you already know.

All domains with question counts →

Related practice questions

Study CC by topic

Topic pages go deep on individual concepts — each one covers a specific exam topic with questions, explanations, and study notes.

Courseiva uses original exam-style practice questions created for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps. Learn the difference →

Sample questions

ISC2 Certified in Cybersecurity CC practice questions

Start practice test

A security analyst discovers that a user's account has been used to access sensitive data outside of normal business hours from an unfamiliar IP address. The user claims they were not logged in at that time. Which security operations process should be initiated first?

An organization wants to ensure that data remains unaltered during transmission over the internet. Which security goal is being addressed?

A security auditor discovers that a user has been granted read and write access to a sensitive file, but the user's job only requires read access. Which access control principle has been violated?

A company's network uses 802.1X authentication with PEAP-MSCHAPv2 on wired ports. Users report that after a recent switch firmware update, some workstations fail to authenticate intermittently, while others work fine. The authentication server logs show 'Authentication failed: Unknown CA certificate' for affected workstations. What is the most likely cause?

During a security audit, a penetration tester captures network traffic and finds that some packets have the IP ID field set to 0 and the DF (Don't Fragment) flag set. What is this technique attempting to do?

A security operations team is implementing a new SIEM solution. They want to ensure that logs from all critical systems are collected and analyzed in real time. Which of the following is the MOST important consideration when designing the log collection architecture?

Question 7mediummultiple choice
Read the full NAT/PAT explanation →

A company's security operations center (SOC) receives an alert about suspicious outbound traffic from a server in the DMZ to an external IP address known for command-and-control activity. The SOC analyst reviews the logs and sees that the source port is 443 and the destination port is 8080. Which of the following actions should the analyst take FIRST?

A SOC analyst is investigating a potential data exfiltration incident. The logs show that an internal user transferred a large volume of data to a cloud storage service using HTTPS. The analyst finds that the user's workstation has BitLocker Drive Encryption enabled, and the user has administrative privileges. Which of the following best describes the PRIMARY challenge in investigating this incident?

A company is implementing an access control system to protect sensitive data. Employees in the finance department must access financial records, but only during business hours and from company-issued devices. Which access control model best supports these requirements?

Question 10hardmulti select
Study the full AAA explanation →

A security administrator is reviewing the principles of access control. Which TWO of the following are core components of the AAA framework? (Select TWO.)

Refer to the exhibit. What action did the firewall take on the traffic from 10.0.1.15 to 10.0.2.10?

Exhibit

Refer to the exhibit.

syslog: 2025-03-15T10:23:45Z FW01 %SEC-6-IPACCESSLOGP: list 101 denied tcp 10.0.1.15(54321) -> 10.0.2.10(23), 1 packet

A security administrator notices that a user with standard privileges was able to modify a system file. Which security principle has been violated?

An organization uses a primary data center and a backup site 500 miles away. The backup site replicates data synchronously. Which risk is MOST likely introduced by this configuration?

Question 14mediummultiple choice
Read the full Network Security explanation →

Based on the exhibit, what is the most likely result of the client's HTTP request?

Exhibit

Refer to the exhibit.

Router# show running-config | section interface GigabitEthernet0/1
interface GigabitEthernet0/1
 ip address 192.168.1.1 255.255.255.0
 ip access-group BLOCK_HTTP in
!
ip access-list extended BLOCK_HTTP
 deny tcp any any eq 80
 permit ip any any

A client at 192.168.1.100 attempts to access a web server at 10.0.0.1. The router's interface IP is 192.168.1.1.
Question 15mediummultiple choice
Study the full ACL explanation →

Refer to the exhibit. A security engineer reviews this firewall ACL. Which of the following best describes the security posture?

Exhibit

Refer to the exhibit.

```
[Firewall Config]
access-list 100 permit tcp any host 10.0.1.10 eq 443
access-list 100 deny tcp any any eq 22
access-list 100 permit ip any any
```

A SOC analyst reviews an alert indicating a high number of failed login attempts from a single external IP address targeting multiple user accounts. Which security control is most effective at preventing this type of attack?

A SOC analyst notices that a large volume of outbound traffic is occurring from a single workstation to an external IP address known to be associated with a command-and-control server. What is the most likely conclusion?

Which TWO of the following are primary objectives of an incident response plan? (Choose two.)

A company's primary data center experiences a complete power failure, and operations are shifted to a secondary site. The failover process takes 4 hours, but the recovery point objective (RPO) is set to 1 hour. Which of the following is the most likely consequence of this incident?

Refer to the exhibit. A security analyst observes that users from the 192.168.1.0/24 network cannot access HTTPS websites, but HTTP access works fine. What is the most likely cause?

Exhibit

Refer to the exhibit.

! Configuration snippet from router R1
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 80
access-list 100 permit tcp 192.168.1.0 0.0.0.255 any eq 443
access-list 100 deny ip any any log
!
interface GigabitEthernet0/0
 ip access-group 100 in
!

A network security team is implementing a defense-in-depth strategy. Which TWO of the following controls are examples of network segmentation? (Choose two.)

A security analyst is reviewing an alert from the IDS that shows a large number of TCP SYN packets sent to a single port on multiple internal hosts from a single external IP address. The analyst suspects a reconnaissance attack. Which type of attack is this most likely?

Question 23hardmulti select
Read the full NAT/PAT explanation →

A SOC analyst is investigating an incident where an employee's workstation was compromised via a phishing email. The analyst has captured the following indicators: the email originated from a known malicious domain, the attachment was a macro-enabled document, and the macro executed a PowerShell command that downloaded a payload from a remote server. Which TWO actions should the analyst take immediately as part of the incident response process? (Choose two.)

A security team implements a policy that requires all access to sensitive data to be logged and audited. Which principle is being enforced?

Question Discussion

Share a tip, memory trick, or ask about the reasoning behind this question. Do not post real exam questions, leaked content, braindumps, or copyrighted exam material. Comments are moderated and may be removed without notice.

Loading comments…

Sign in to join the discussion.

Exam question guide

How to use these CC questions

Use these questions as active recall, not passive reading. Try the question first, review the answer choices, then open the explanation and connect the result back to the exam topic.

Quick answer

RAM tests your ability to identify, install, and troubleshoot memory types, speeds, and configurations for PCs.

Identifying DDR3 vs DDR4 vs DDR5 physical and electrical differences

Matching RAM speed (MHz) to motherboard and CPU support

Calculating total memory capacity from module size and slots

Troubleshooting common RAM errors like beep codes and blue screens

These CC practice questions are part of Courseiva's free ISC2 certification practice question bank. Courseiva provides original exam-style CC questions with detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics.