Effective Date: August 29, 2022

Certified in Cybersecurity Certification Exam Outline

View and download the latest PDF version of the Certified in Cybersecurity Exam Outline in the following languages:

Supplement your training with the new CC eTextbook for only $19.95.

About Certified in Cybersecurity

(ISC)² developed the Certified in Cybersecurity (CC) credential for newcomers to the field, to recognize the growing trend of people entering the cybersecurity workforce without direct IT experience. Getting Certified in Cybersecurity provides employers with the confidence that you have a solid grasp of the right technical concepts, and a demonstrated aptitude to learn on the job. As an (ISC)² certification, those who hold the CC are backed by the world’s largest network of certified cybersecurity professionals helping them continue their professional development and earn new achievements and qualifications throughout their career.

The topics on the CC exam include:

Security Principles
Incident Response, Business Continuity (BC) and Disaster Recovery (DR) Concepts

Access Controls Concepts
Network Security
Security Operations

Certified in Cybersecurity Examination Information

Length of exam	2 hours
Number of items	100
Item format	Multiple choice
Passing grade	700 out of 1000 points
Exam language availability	English
Testing center	Pearson VUE Testing Center

Certified in Cybersecurity Examination Weights

Domains	Average Weight	# of Items
1. Security Principles	26%	20
2. Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts	10%	7
3. Access Controls Concepts	22%	17
4. Network Security	24%	18
5. Security Operations	18%	13
Total	100%	75*

*Each exam also contains 25 pre-test items for a total of 100 items during the pilot exam. They’re included for research purposes only. The pre-test items aren’t identified, so answer every item to the best of your ability.

Domains

Domain 1 - Security Principles Domain 1 - Security Principles
Domain 1:
Security Principles (26%, 20 items)
1.1

Understand the security concepts of information assurance

Confidentiality

Integrity

Availability

Authentication (e.g., methods of authentication, multi-factor authentication (MFA))

Non-repudiation

Privacy
1.2

Understand the risk management process

Risk management (e.g., risk priorities, risk tolerance)

Risk identification, assessment and treatment
1.3

Understand security controls

Technical controls

Administrative controls

Physical controls
1.4

Understand (ISC)² Code of Ethics

Professional code of conduct
1.5

Understand governance processes

Policies

Procedures

Standards

Regulations and laws
Domain 2 – Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts Domain 2 – Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts
Domain 2:
Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%, 7 items)
2.1

Understand business continuity (BC)

Purpose

Importance

Components
2.2

Understand disaster recovery (DR)

Purpose

Importance

Components
2.3

Understand incident response

Purpose

Importance

Components
Domain 3 – Access Controls Concepts Domain 3 – Access Controls Concepts
Domain 3:
Access Controls Concepts (22%, 17 items)
3.1

Understand physical access controls

Physical security controls (e.g., badge systems, gate entry, environmental design)

Monitoring (e.g., security guards, closed-circuit television (CCTV), alarm systems, logs)

Authorized versus unauthorized personnel
3.2

Understand logical access controls

Principle of least privilege

Segregation of duties

Discretionary access control (DAC)

Mandatory access control (MAC)

Role-based access control (RBAC)
Domain 4 - Network Security Domain 4 - Network Security
Domain 4:
Network Security (24%, 18 items)
4.1

Understand computer networking

Networks (e.g., Open Systems Interconnection (OSI) model, Transmission Control Protocol/Internet Protocol (TCP/IP) model, Internet Protocol version 4 (IPv4), Internet Protocol version 6 (IPv6), WiFi)

Ports

Applications
4.2

Understand network threats and attacks

Types of threats (e.g., distributed denial-of-service (DDoS), virus, worm, Trojan, man-in-the-middle (MITM), side-channel)

Identification (e.g., intrusion detection system (IDS), host-based intrusion detection system (HIDS), network intrusion detection system (NIDS))

Prevention (e.g., antivirus, scans, firewalls, intrusion prevention system (IPS))
4.3

Understand network security infrastructure

On-premises (e.g., power, data center/closets, Heating, Ventilation, and Air Conditioning (HVAC), environmental, fire suppression, redundancy, memorandum of understanding (MOU)/memorandum of agreement (MOA))

Design (e.g., network segmentation (demilitarized zone (DMZ), virtual local area network (VLAN), virtual private network (VPN), micro-segmentation), defense in depth, Network Access Control (NAC) (segmentation for embedded systems, Internet of Things (IoT))

Cloud (e.g., service-level agreement (SLA), managed service provider (MSP), Software as a Service (SaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS), hybrid)
Domain 5 - Security Operations Domain 5 - Security Operations
Domain 5:
Security Operations (18%, 13 items)
5.1

Understand data security

Encryption (e.g., symmetric, asymmetric, hashing)

Data handling (e.g., destruction, retention, classification, labeling)

Logging and monitoring security events
5.2

Understand system hardening

Configuration management (e.g., baselines, updates, patches)
5.3

Understand best practice security policies

Data handling policy

Password policy

Acceptable Use Policy (AUP)

Bring your own device (BYOD) policy

Change management policy (e.g., documentation, approval, rollback)

Privacy policy
5.4

Understand security awareness training

Purpose/concepts (e.g., social engineering, password protection)

Importance

Start Your Cybersecurity Career

Join (ISC)² Today

(ISC)² Candidate

INTERESTED IN?

Validate Your Expertise

About Certifications

(ISC)² Certifications

World-Class Cybersecurity Training

Schedule Training

Exam Preparation

Training Methods

Members Only

Profile & Info

Benefits

CPE & AMF

Continuing Education

Professional Development

Events

Resources

Network with Professionals

Chapters

Volunteer Center

Online Community

About (ISC)²

Our Associaton

News & Programs

Advocacy

Certified in Cybersecurity Certification Exam Outline

View and download the latest PDF version of the Certified in Cybersecurity Exam Outline in the following languages:

About Certified in Cybersecurity

Certified in Cybersecurity Examination Information

Certified in Cybersecurity Examination Weights

Domains

Domain 1:Security Principles (26%, 20 items)

1.1

Understand the security concepts of information assurance

1.2

Understand the risk management process

1.3

Understand security controls

1.4

Understand (ISC)² Code of Ethics

1.5

Understand governance processes

Domain 2:Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%, 7 items)

2.1

Understand business continuity (BC)

2.2

Understand disaster recovery (DR)

2.3

Understand incident response

Domain 3:Access Controls Concepts (22%, 17 items)

3.1

Understand physical access controls

3.2

Understand logical access controls

Domain 4:Network Security (24%, 18 items)

4.1

Understand computer networking

4.2

Understand network threats and attacks

4.3

Understand network security infrastructure

Domain 5:Security Operations (18%, 13 items)

5.1

Understand data security

5.2

Understand system hardening

5.3

Understand best practice security policies

5.4

Understand security awareness training

Domain 1:
Security Principles (26%, 20 items)

Domain 2:
Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts (10%, 7 items)

Domain 3:
Access Controls Concepts (22%, 17 items)

Domain 4:
Network Security (24%, 18 items)

Domain 5:
Security Operations (18%, 13 items)