ISC2 CC Cheat Sheet 2026

The 30 highest-yield ISC2 CC facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

100 questions
120 min time limit
70% to pass
  1. What is the purpose of periodic access reviews? To verify that user access rights remain appropriate and remove unnecessary permissions
  2. What is social engineering? Manipulating people through psychological tactics to reveal information or perform actions
  3. What is account provisioning? The process of creating and configuring user accounts and access rights
  4. What does change management in security ensure? That changes to systems are reviewed, approved, and documented before implementation
  5. Which of the following is a biometric authentication method? Retinal scan
  6. What is the purpose of network traffic encryption? To protect data from being intercepted and read while in transit
  7. What does data sanitization ensure before disposing of storage media? That all data is permanently removed and cannot be recovered from the media
  8. Which of the following BEST describes an Indicator of Compromise (IoC)? A forensic artifact suggesting a system has been breached
  9. What is multi-factor authentication (MFA)? Requiring two or more different types of authentication factors to verify identity
  10. What is one of the primary benefits of obtaining the ISC2 Certified in Cybersecurity (CC) certification? Validation of foundational cybersecurity knowledge and skills
  11. What does Single Sign-On (SSO) allow users to do? Authenticate once and access multiple systems without re-authenticating
  12. What is the purpose of a privileged account? To provide administrators with elevated permissions for system management tasks
  13. What does NAT (Network Address Translation) primarily do? Translates private internal IP addresses to a public IP address for internet access
  14. Which of the following is an example of a physical security control? Security badge reader
  15. What is a DMZ (Demilitarized Zone) in network security? A segment that hosts public-facing servers while isolating them from the internal network
  16. Why is a passphrase generally considered stronger than a typical short password? A passphrase is a longer sequence of words that is harder to crack due to its length
  17. What is the primary purpose of a Security Information and Event Management (SIEM) system? To monitor and analyze security events in real-time
  18. What does the term 'least privilege' mean in security? Restricting user access to only what is necessary for their job
  19. Which authentication factor category does a password belong to? Something you know
  20. What is the purpose of an Intrusion Detection System (IDS)? To monitor network traffic and generate alerts on suspicious activity
  21. Which step comes AFTER eradication in the standard incident response process? Recovery
  22. What is a cold site in disaster recovery? An empty facility with basic infrastructure but no equipment
  23. What is the primary objective of incident response? Minimizing the impact of security incidents and restoring operations
  24. Which concept refers to ensuring systems and data are accessible when needed? Availability
  25. Which access control model grants access based on job functions or roles? Role-Based Access Control (RBAC)
  26. Which document outlines the specific roles, responsibilities, and procedures for responding to security incidents? Incident Response Plan
  27. What is a tabletop exercise in business continuity planning? A discussion-based exercise where participants walk through a hypothetical scenario
  28. What does the term 'asset' mean in information security? Anything of value that needs protection
  29. What does MTTR stand for in availability planning? Mean Time To Repair
  30. What is the goal of the Eradication phase in incident response? Removing the root cause and malicious artifacts from affected systems