What is ISC2 CC?
The (ISC)² Certified in Cybersecurity (CC) credential validates a candidate’s grasp of foundational cybersecurity concepts such as security principles, access controls, network basics, incident response, and security operations. ISC2 CC is a globally recognized entry-level certification that confirms readiness for junior cybersecurity roles and provides a stepping stone to advanced (ISC)² certifications.
Who should take the ISC2 CC Exam?
This (ISC)² Certified in Cybersecurity (CC) exam is built for beginners entering cybersecurity and those in adjacent IT roles looking to transition.
Typical candidates include:
- IT support or help-desk technicians wanting to move into security
- Network or system administrators seeking formal cybersecurity validation
- College students and recent graduates from computer science, IT, or related fields
- Career changers with some technology exposure
No prior cybersecurity work experience is required, making it attractive to newcomers.
Prerequisites and recommendations
Official prerequisites: None. (ISC)² allows anyone to sit for the CC exam.
Practical recommendations:
- Familiarity with basic networking and operating systems
- 1 year of general IT experience or completion of an IT fundamentals course
- Helpful prior certifications such as CompTIA ITF+ or Security+ (not mandatory)
Exam objectives and domains
The exam tests knowledge across five weighted domains:
- Security Principles – 26%
- Business Continuity, Disaster Recovery & Incident Response – 10%
- Access Controls – 22%
- Network Security – 24%
- Security Operations – 18%
Objective details by domain
Domain 1: Security Principles
- Core cybersecurity concepts and goals (confidentiality, integrity, availability)
- Security controls and governance
- Risk management basics
Domain 2: Business Continuity, Disaster Recovery & Incident Response
- Planning for business continuity
- Disaster recovery processes
- Incident detection and reporting
Domain 3: Access Controls
- Authentication, authorization, and accounting (AAA)
- Identity and access management best practices
- Physical and logical access methods
Domain 4: Network Security
- Network architecture and components
- Common attacks (DDoS, phishing) and defenses
- Secure network protocols and monitoring
Domain 5: Security Operations
- Basic digital forensics steps
- Security monitoring and event analysis
- Malware and threat response
What changed in this version
The latest 2025 outline includes:
- Removal of some legacy encryption protocol references
- Greater emphasis on cloud and endpoint security
- Refined incident response tasks reflecting modern ransomware threats
- Slight weight shift: Domain 1 increased by ~2%, Domain 5 reduced slightly
Registration and scheduling
- Register through Pearson VUE (online or test center)
- Choose online proctored or in-person delivery
- Flexible scheduling with reschedule/cancel options up to 48 hours before exam day
Pricing and vouchers
- Standard fee: USD $199 globally
- Student discount: 50% off with proof of enrollment
- Military/first-responder discounts in selected regions
- Corporate and academic voucher programs available for bulk purchases
Policies you should know
- Valid government photo ID required
- NDA (Non-Disclosure Agreement) signature at check-in
- Retake policy: up to 4 attempts per year with required wait periods
- Accommodation options for disabilities upon request
Scoring and results
- Scale: 100–1,000 points
- Passing score: 700
- Partial credit: No; questions are all-or-nothing
- Immediate provisional pass/fail on screen; detailed score report emailed within 24 hours
Exam day and test experience
- On-site: Arrive 30 minutes early; secure lockers for belongings
- Online proctoring: Room scan, webcam and mic check
- No personal items or notes allowed
- 2-hour limit for 100 multiple-choice questions
- Recommended pacing: about 1 minute per question, review flagged items at the end
Study plan and resources for ISC2 CC Exam
Sample 6-week plan for beginners
| Week | Goal | Action |
|---|---|---|
| 1 | Learn domain basics | Read (ISC)² CC Official Study Guide |
| 2 | Deep dive into Security Principles & Access Controls | Take notes and flashcards |
| 3 | Cover Network Security | Labs with packet sniffers and firewall rules |
| 4 | Study Business Continuity & Security Operations | Practice incident scenarios |
| 5 | Full-length practice exams | Identify weak areas |
| 6 | Final review & mock test | Focus on trouble spots |
For experienced IT pros (3-4 weeks)
- Quick domain review
- Targeted practice tests twice a week
- Emphasize incident response and network security labs
Recommended materials:
- Lab platforms like TryHackMe or Hack The Box for hands-on experience
- (ISC)² CC Official Study Guide and Practice Tests
- Free CC course from (ISC)²
Certification validity and renewal for ISC2 CC
- Valid for three years
- Renewal by earning 45 Continuing Professional Education (CPE) credits and paying an annual maintenance fee
- Higher-level certifications like CISSP or SSCP automatically renew CC
Career outcomes after ISC2 CC
- Common job titles: Security Analyst, SOC Analyst Level 1, Information Security Technician, IT Security Administrator
- Average salary: $60,000–$90,000 USD depending on region and experience (based on 2025 cybersecurity salary surveys)
- Widely accepted as proof of foundational security skills by employers worldwide
| Job Role | Key Responsibilities | Typical Experience Range | Estimated Salary (USD) |
|---|---|---|---|
| Junior Security Analyst / SOC Analyst Level 1 | Monitor security alerts, triage incidents, escalate suspicious activity | 0–2 years | $55k – $75k |
| Information Security Technician | Support security tools, maintain access controls, apply patches | 0–2 years | $50k – $70k |
| IT Security Administrator | Manage firewalls, endpoint security, user accounts, basic compliance tasks | 1–3 years | $60k – $85k |
| Cybersecurity Support Specialist | Assist in vulnerability scanning, documentation, and user awareness training | 0–2 years | $50k – $70k |
| Incident Response Technician | First-line investigation of malware, phishing, and intrusion events | 1–3 years | $60k – $80k |
| Network Security Associate | Support secure network design, monitor logs, enforce security policies | 1–3 years | $60k – $90k |
| Risk & Compliance Assistant | Help with audits, risk assessments, and security policy documentation | 0–2 years | $50k – $75k |
| Cloud Security Junior Analyst | Apply basic security principles to cloud accounts and SaaS apps | 1–3 years | $60k – $85k |
Related or next-step certifications
- SSCP – for professionals moving into hands-on operational security
- CISSP – for experienced managers and architects
- CompTIA Security+ – a vendor-neutral alternative or companion credential
How this exam compares to similar certifications
- ISC2 CC vs CompTIA Security+: CC is entry-level and concept-focused; Security+ adds more implementation and troubleshooting.
- ISC2 CC vs GIAC Security Essentials (GSEC): GSEC is deeper and pricier, suited for those already working in security.
Kick-start your ISC2 CC exam prep with real, updated practice questions. Visit Cert Empire for trusted study materials and explore our dedicated ISC2 exam dumps collection. Get PDF questions and an exam simulator that mirror the real test, so you can practice confidently and save valuable time.
Frequently Asked Questions (FAQs)
Is work experience mandatory for ISC2 CC?
No. You can take the exam without prior cybersecurity experience.
How long does it take to prepare for the ISC2 CC?
Beginners usually need 6–8 weeks of steady study; experienced IT staff may need only 3–4 weeks.
Can I renew the CC by passing a higher-level ISC2 exam?
Yes. Achieving SSCP, CISSP, or any advanced (ISC)² certification automatically renews the CC.
What if I fail the ISC2 CC Exam?
You can retake after 30 days for the first retake, 60 days for the second, and 90 days thereafter (up to four attempts per year).
