ISC2 CERTIFIED IN CYBERSECURITY (CC): 2025–2026 PRACTICE EXAM
QUESTIONS WITH MOST TESTED QUESTIONS (HARVARD STYLE)
✅ Key Features:
Focused coverage of the most tested domains in the CC exam:
o Security Principles
o Business Continuity, Disaster Recovery, and Incident Response
o Access Controls
o Network Security
o Security Operations
Updated for the 2025–2026 certification cycle with the latest exam expectations
Includes exam-style questions with in-depth rationales and step-by-step explanations
Supported with Harvard-style referencing for each explanation and concept
Designed to reflect the structure, scope, and difficulty of the actual ISC2 CC exam
Helps learners strengthen both theoretical knowledge and applied problem-solving
skills
📘 Best For:
Candidates preparing for the ISC2 Certified in Cybersecurity (CC) entry-level
certification
Students and career changers beginning their journey into cybersecurity
IT professionals seeking to validate foundational security skills
Learners aiming for exam success supported by academically referenced resources
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different
platforms, the vendor publishes several sets of instructions on how to install it, depending on which
platform the customer is using. This is an example of ______.
A. Law
B. Procedure
C. Standard
D. Policy - CORRECT ANSWER-B. Procedure
Prina is a database manager. Prina is allowed to add new users to the database, remove current
users and create new usage functions for the users. Prina is not allowed to read the data in the fields
of the database itself. This is an example of: A. Role-based access controls (RBAC)
B. Mandatory access controls (MAC)
C. Discretionary access controls (DAC)
,D. Alleviating threat access controls (ATAC) - CORRECT ANSWER-A. Role-based access controls
(RBAC)
Gary is unable to log in to the production environment. Gary tries three times and is then locked out
of trying again for one hour. Why?
A. Gary is being punished
B. The network is tired
C. Users remember their credentials if they are given time to think about it
D. Gary's actions look like an attack - CORRECT ANSWER-D. Gary's actions look like an attack
Larry and Fern both work in the data center. In order to enter the data center to begin their
workday, they must both present their own keys (which are different) to the key reader, before the
door to the data center opens.
Which security concept is being applied in this situation?
A. Defense in depth
B. Segregation of duties
C. Least privilege
D. Dual control - CORRECT ANSWER-D. Dual control
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but
is not allowed to read or modify the data in the database itself. When Prachi logs onto the system,
an access control list (ACL) checks to determine which permissions Prachi has.
In this situation, what is Prachi?
A. The subject
B. The rule
C. The file
D. The object - CORRECT ANSWER-A. The subject
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level,
called a "classification." Every person in the agency is assigned a "clearance" level, which determines
the classification of data each person can access.
What is the access control model being implemented in Tekila's agency?
,A. MAC (mandatory access control)
B. DAC (discretionary access control)
C. RBAC (role-based access control
D. FAC (formal access control) - CORRECT ANSWER-A. MAC (mandatory access control)
Guillermo logs onto a system and opens a document file. In this example, Guillermo is:
A. The subject
B. The object
C. The process
D. The software - CORRECT ANSWER-A. The subject
A tool that monitors local devices to reduce potential threats from hostile software.
A. NIDS (network-based intrusion-detection systems
B. Anti-malware
C. DLP (data loss prevention)
D. Firewall - CORRECT ANSWER-B. Anti-malware
Inbound traffic from an external source seems to indicate much higher rates of communication than
normal, to the point where the internal systems might be overwhelmed. Which security solution can
often identify and potentially counter this risk?
A. Firewall
B. Turnstile
C. Anti-malware
D. Badge system - CORRECT ANSWER-A. Firewall
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an
attack designed to affect the availability of the environment. Which of the following might be the
attack Ludwig sees?
A. DDOS (distributed denial of service)
B. Spoofing
C. Exfiltrating stolen data
, D. An insider sabotaging the power supply - CORRECT ANSWER-A. DDOS (distributed denial of
service)
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's
machine and Linda's machine and can then surveil the traffic between the two when they're
communicating. What kind of attack is this?
A. Side channel
B. DDOS
C. On-path
D. Physical - CORRECT ANSWER-C. On-path
A VLAN is a _____ method of segmenting networks.
A. Secret
B. Physical
C. Regulated
D. Logical - CORRECT ANSWER-D. Logical
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an
additional task necessary to ensure this control will function properly?
A. Pay all employees a bonus for allowing anti-malware solutions to be run on their systems
B. Update the anti-malware solution regularly
C. Install a monitoring solution to check the anti-malware solution
D. Alert the public that this protective measure has been taken - CORRECT ANSWER-B. Update
the anti-malware solution regularly
Cyril wants to ensure all the devices on his company's internal IT environment are properly
synchronized. Which of the following protocols would aid in this effort?
A. FTP (File Transfer Protocol)
B. NTP (Network Time Protocol)
C. SMTP (Simple Mail Transfer Protocol)
D. HTTP (Hypertext Transfer Protocol) - CORRECT ANSWER-B. NTP (Network Time Protocol)
QUESTIONS WITH MOST TESTED QUESTIONS (HARVARD STYLE)
✅ Key Features:
Focused coverage of the most tested domains in the CC exam:
o Security Principles
o Business Continuity, Disaster Recovery, and Incident Response
o Access Controls
o Network Security
o Security Operations
Updated for the 2025–2026 certification cycle with the latest exam expectations
Includes exam-style questions with in-depth rationales and step-by-step explanations
Supported with Harvard-style referencing for each explanation and concept
Designed to reflect the structure, scope, and difficulty of the actual ISC2 CC exam
Helps learners strengthen both theoretical knowledge and applied problem-solving
skills
📘 Best For:
Candidates preparing for the ISC2 Certified in Cybersecurity (CC) entry-level
certification
Students and career changers beginning their journey into cybersecurity
IT professionals seeking to validate foundational security skills
Learners aiming for exam success supported by academically referenced resources
A vendor sells a particular operating system (OS). In order to deploy the OS securely on different
platforms, the vendor publishes several sets of instructions on how to install it, depending on which
platform the customer is using. This is an example of ______.
A. Law
B. Procedure
C. Standard
D. Policy - CORRECT ANSWER-B. Procedure
Prina is a database manager. Prina is allowed to add new users to the database, remove current
users and create new usage functions for the users. Prina is not allowed to read the data in the fields
of the database itself. This is an example of: A. Role-based access controls (RBAC)
B. Mandatory access controls (MAC)
C. Discretionary access controls (DAC)
,D. Alleviating threat access controls (ATAC) - CORRECT ANSWER-A. Role-based access controls
(RBAC)
Gary is unable to log in to the production environment. Gary tries three times and is then locked out
of trying again for one hour. Why?
A. Gary is being punished
B. The network is tired
C. Users remember their credentials if they are given time to think about it
D. Gary's actions look like an attack - CORRECT ANSWER-D. Gary's actions look like an attack
Larry and Fern both work in the data center. In order to enter the data center to begin their
workday, they must both present their own keys (which are different) to the key reader, before the
door to the data center opens.
Which security concept is being applied in this situation?
A. Defense in depth
B. Segregation of duties
C. Least privilege
D. Dual control - CORRECT ANSWER-D. Dual control
Prachi works as a database administrator for Triffid, Inc. Prachi is allowed to add or delete users, but
is not allowed to read or modify the data in the database itself. When Prachi logs onto the system,
an access control list (ACL) checks to determine which permissions Prachi has.
In this situation, what is Prachi?
A. The subject
B. The rule
C. The file
D. The object - CORRECT ANSWER-A. The subject
Tekila works for a government agency. All data in the agency is assigned a particular sensitivity level,
called a "classification." Every person in the agency is assigned a "clearance" level, which determines
the classification of data each person can access.
What is the access control model being implemented in Tekila's agency?
,A. MAC (mandatory access control)
B. DAC (discretionary access control)
C. RBAC (role-based access control
D. FAC (formal access control) - CORRECT ANSWER-A. MAC (mandatory access control)
Guillermo logs onto a system and opens a document file. In this example, Guillermo is:
A. The subject
B. The object
C. The process
D. The software - CORRECT ANSWER-A. The subject
A tool that monitors local devices to reduce potential threats from hostile software.
A. NIDS (network-based intrusion-detection systems
B. Anti-malware
C. DLP (data loss prevention)
D. Firewall - CORRECT ANSWER-B. Anti-malware
Inbound traffic from an external source seems to indicate much higher rates of communication than
normal, to the point where the internal systems might be overwhelmed. Which security solution can
often identify and potentially counter this risk?
A. Firewall
B. Turnstile
C. Anti-malware
D. Badge system - CORRECT ANSWER-A. Firewall
Ludwig is a security analyst at Triffid, Inc. Ludwig notices network traffic that might indicate an
attack designed to affect the availability of the environment. Which of the following might be the
attack Ludwig sees?
A. DDOS (distributed denial of service)
B. Spoofing
C. Exfiltrating stolen data
, D. An insider sabotaging the power supply - CORRECT ANSWER-A. DDOS (distributed denial of
service)
Gary is an attacker. Gary is able to get access to the communication wire between Dauphine's
machine and Linda's machine and can then surveil the traffic between the two when they're
communicating. What kind of attack is this?
A. Side channel
B. DDOS
C. On-path
D. Physical - CORRECT ANSWER-C. On-path
A VLAN is a _____ method of segmenting networks.
A. Secret
B. Physical
C. Regulated
D. Logical - CORRECT ANSWER-D. Logical
Triffid, Inc., has deployed anti-malware solutions across its internal IT environment. What is an
additional task necessary to ensure this control will function properly?
A. Pay all employees a bonus for allowing anti-malware solutions to be run on their systems
B. Update the anti-malware solution regularly
C. Install a monitoring solution to check the anti-malware solution
D. Alert the public that this protective measure has been taken - CORRECT ANSWER-B. Update
the anti-malware solution regularly
Cyril wants to ensure all the devices on his company's internal IT environment are properly
synchronized. Which of the following protocols would aid in this effort?
A. FTP (File Transfer Protocol)
B. NTP (Network Time Protocol)
C. SMTP (Simple Mail Transfer Protocol)
D. HTTP (Hypertext Transfer Protocol) - CORRECT ANSWER-B. NTP (Network Time Protocol)
