CCT Cheat Sheet 2026
The 30 highest-yield CCT facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
90 questions
120 min time limit
70% to pass
- What is the recommended approach to staying current in System Administration & Configuration? → Regular professional development, industry publications, and peer collaboration
- Why is it important to document an incident response process? → To provide a record for future reference and analysis
- A malware sample modifies the Windows registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run. What is the likely purpose? → Establishing persistence so the malware survives reboots
- What is the goal of the 'post-exploitation' phase in a penetration test? → Maintaining access, pivoting, and demonstrating the impact of a compromise
- Why is threat detection important in a cybersecurity strategy? → To identify and mitigate threats before escalation
- What role does a disaster recovery plan play in incident management? → It helps restore critical systems and data quickly
- Malware uses domain generation algorithms (DGA) to communicate with its C2 server. What is the main benefit to the attacker? → Generating random domains daily to evade static blocklists
- Which memory forensics framework is most commonly used to analyze RAM dumps and detect injected processes, hidden drivers, and network connections? → Volatility
- During a forensic investigation, an examiner finds a file with a .jpg extension but the magic bytes read '50 4B 03 04'. What does this indicate? → The file is actually a ZIP archive with a renamed extension
- What common challenge do professionals face when applying System Administration & Configuration principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- Why are security patches critical for compliance? → They fix vulnerabilities and ensure regulatory compliance
- Which best describes the scope of Cryptography & Data Protection in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- What common challenge do professionals face when applying Operating Systems & Platforms principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What is the recommended approach to staying current in Access Control & Identity Management? → Regular professional development, industry publications, and peer collaboration
- What is the purpose of a Web Application Firewall (WAF)? → Filter, monitor, and block malicious HTTP/HTTPS traffic targeting web applications
- Which Nmap scan type is considered a 'stealth scan' because it does not complete the TCP three-way handshake? → SYN scan (-sS)
- What is the most important competency assessed in Cryptography & Data Protection for professionals in this field? → Applied knowledge and practical problem-solving ability
- What is insecure direct object reference (IDOR)? → Exposing internal implementation objects to users without proper authorization checks
- What is the most important competency assessed in Operating Systems & Platforms for professionals in this field? → Applied knowledge and practical problem-solving ability
- What does encryption do in network security? → It protects data by making it unreadable without a decryption key
- What does a Cross-Site Request Forgery (CSRF) attack exploit? → The trust a website has in a user's browser session
- Which of the following is the best defense against CSRF attacks? → Implementing anti-CSRF tokens in forms
- What is a Zero-Day vulnerability? → A newly discovered vulnerability with no patch
- Which best describes the scope of Monitoring & Performance Optimization in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- Which best describes the scope of System Administration & Configuration in professional practice? → A comprehensive area covering both theoretical foundations and practical applications
- What is the recommended approach to staying current in Cryptography & Data Protection? → Regular professional development, industry publications, and peer collaboration
- What common challenge do professionals face when applying Cloud Computing & Virtualization principles? → Balancing theoretical best practices with practical constraints and real-world conditions
- What is the recommended approach to staying current in Emerging Technologies & Trends? → Regular professional development, industry publications, and peer collaboration
- What is the primary purpose of input validation in secure application development? → Prevent malicious data from being processed
- What is a key component of a disaster recovery plan? → Backup strategies to retrieve lost data
Turn these facts into recall: