ISC2 CC Cheat Sheet 2026
The 30 highest-yield ISC2 CC facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
120 min time limit
70% to pass
- What is the purpose of periodic access reviews? → To verify that user access rights remain appropriate and remove unnecessary permissions
- What is social engineering? → Manipulating people through psychological tactics to reveal information or perform actions
- What is account provisioning? → The process of creating and configuring user accounts and access rights
- What does change management in security ensure? → That changes to systems are reviewed, approved, and documented before implementation
- Which of the following is a biometric authentication method? → Retinal scan
- What is the purpose of network traffic encryption? → To protect data from being intercepted and read while in transit
- What does data sanitization ensure before disposing of storage media? → That all data is permanently removed and cannot be recovered from the media
- Which of the following BEST describes an Indicator of Compromise (IoC)? → A forensic artifact suggesting a system has been breached
- What is multi-factor authentication (MFA)? → Requiring two or more different types of authentication factors to verify identity
- What is one of the primary benefits of obtaining the ISC2 Certified in Cybersecurity (CC) certification? → Validation of foundational cybersecurity knowledge and skills
- What does Single Sign-On (SSO) allow users to do? → Authenticate once and access multiple systems without re-authenticating
- What is the purpose of a privileged account? → To provide administrators with elevated permissions for system management tasks
- What does NAT (Network Address Translation) primarily do? → Translates private internal IP addresses to a public IP address for internet access
- Which of the following is an example of a physical security control? → Security badge reader
- What is a DMZ (Demilitarized Zone) in network security? → A segment that hosts public-facing servers while isolating them from the internal network
- Why is a passphrase generally considered stronger than a typical short password? → A passphrase is a longer sequence of words that is harder to crack due to its length
- What is the primary purpose of a Security Information and Event Management (SIEM) system? → To monitor and analyze security events in real-time
- What does the term 'least privilege' mean in security? → Restricting user access to only what is necessary for their job
- Which authentication factor category does a password belong to? → Something you know
- What is the purpose of an Intrusion Detection System (IDS)? → To monitor network traffic and generate alerts on suspicious activity
- Which step comes AFTER eradication in the standard incident response process? → Recovery
- What is a cold site in disaster recovery? → An empty facility with basic infrastructure but no equipment
- What is the primary objective of incident response? → Minimizing the impact of security incidents and restoring operations
- Which concept refers to ensuring systems and data are accessible when needed? → Availability
- Which access control model grants access based on job functions or roles? → Role-Based Access Control (RBAC)
- Which document outlines the specific roles, responsibilities, and procedures for responding to security incidents? → Incident Response Plan
- What is a tabletop exercise in business continuity planning? → A discussion-based exercise where participants walk through a hypothetical scenario
- What does the term 'asset' mean in information security? → Anything of value that needs protection
- What does MTTR stand for in availability planning? → Mean Time To Repair
- What is the goal of the Eradication phase in incident response? → Removing the root cause and malicious artifacts from affected systems
Turn these facts into recall: