ISC2
Free ISC2 CC Certified in Cybersecurity Practice Questions
The ISC2 Certified in Cybersecurity (CC) is an entry-level, vendor-neutral certification designed to validate the foundational knowledge of individuals new to the field by testing their grasp of core principles like network security, access controls, and incident response.
10
Sample questions
120 min
Exam time limit
70%
Passing score
$392
Exam voucher
About the ISC2 CC Certified in Cybersecurity Exam
CompTIA Security+ (SY0-701) is the most widely held entry-level cybersecurity certification in the world, and the baseline standard for IT security roles across both the private sector and US federal government. It is approved under DoD 8570/8140, making it a mandatory requirement for many defence and government contractor positions. Security+ validates that you can assess the security posture of an enterprise environment, recommend and implement appropriate security solutions, monitor and secure hybrid environments, and respond to security incidents. The exam covers six domains: General Security Concepts, Threats, Vulnerabilities and Mitigations, Security Architecture, Security Operations, Security Programme Management and Oversight, and Cryptography and PKI. Security+ is vendor-neutral, meaning the skills it certifies apply across all technology platforms and cloud providers. It is the ideal next step after CompTIA Network+ or for IT professionals moving into a dedicated security role.
Exam Domains Covered
Exam Format & Details
The CompTIA Security+ exam (SY0-701) consists of a maximum of 90 questions, including multiple-choice and performance-based questions (PBQs). The time limit is 90 minutes. The passing score is 750 on a scale of 100–900. The exam is available at Pearson VUE test centres worldwide or via online proctoring. The exam voucher costs $392 USD. CompTIA recommends (but does not require) CompTIA Network+ certification and two years of IT experience with a security focus before sitting Security+. Results are available immediately for computer-based testing.
Why Practice Questions Matter
Security+ uses performance-based questions (PBQs) alongside multiple-choice, which means some questions require you to interact with simulated environments — configuring firewalls, analysing logs, or identifying vulnerabilities in a network diagram. You cannot pass Security+ through memorisation alone. Timed practice builds the fluency you need to move through scenario questions quickly and confidently. CertCrush questions are written to match the SY0-701 domain weighting, so your practice time targets the areas that actually appear on the exam.
Try ISC2 CC Certified in Cybersecurity
Get a taste before you commit — no account needed.
Get full access to ISC2 CC Certified in Cybersecurity
All questions, timed exams, flashcards, PDF study guide download & progress tracking.
Sample Practice Questions
The following questions are a preview of the type of syllabus-aligned questions you will practise in CertCrush. They reflect the format and reasoning style of the ISC2 CC Certified in Cybersecurity exam — not actual exam content.
Q1.Which threat actor type has the HIGHEST level of sophistication, uses custom tools, and is motivated by espionage and geopolitical advantage?
- A.Organized crime
- B.Hacktivists
- C.Nation-state actors
- D.Insider threats
Domain: Security Operations and IR
Q2.Symmetric encryption uses how many keys, and what is its PRIMARY advantage over asymmetric encryption?
- A.Two keys; it provides non-repudiation
- B.One shared key; it is fast and efficient for encrypting large volumes of data
- C.No keys; it relies on hashing instead
- D.One key pair; it solves the key distribution problem
Domain: Security Operations and IR
Q3.During Phase 3 of the NIST 800-61 lifecycle, what must occur AFTER containment but BEFORE recovery?
- A.Post-incident activity
- B.Detection and analysis
- C.Eradication, which removes the root cause and all traces of the threat from affected systems
- D.Preparation, which ensures tools are ready for recovery
Domain: Security Operations and IR
Q4.Which symmetric encryption algorithm is the current industry standard, using key sizes of 128, 192, or 256 bits?
- A.RSA
- B.AES
- C.SHA-256
- D.DES
Domain: Security Operations and IR
Q5.An organization determines that the cost of implementing a security control to address a vulnerability on a non-critical internal system exceeds the potential impact of exploitation. The organization documents this decision and chooses not to implement the control. Which risk treatment option is being applied?
- A.Risk mitigation
- B.Risk transfer
- C.Risk avoidance
- D.Risk acceptance
Domain: Security Principles
Frequently Asked Questions
What is included in the free ISC2 CC Certified in Cybersecurity sample?
The free sample includes 10 syllabus-aligned practice questions, sample flashcards, and a preview chapter from the study guide. No account or payment is required to try the sample.
How many questions are in the full ISC2 CC Certified in Cybersecurity course?
The full course includes a comprehensive question bank covering all exam domains. You can see the total question count on the ISC2 CC Certified in Cybersecurity course page.
Are these official ISC2 exam questions?
No. CertCrush questions are independently written and syllabus-aligned — they mirror the format, difficulty, and reasoning style of the official exam. We are not affiliated with or endorsed by ISC2.
Which domains does the ISC2 CC Certified in Cybersecurity course cover?
The course covers 5 exam domains: Security Principles, Security Governance, IAM Concepts, Networking and Cloud Security, Security Operations and IR.
Can I study on mobile?
Yes. CertCrush is fully responsive and works on phones, tablets, and desktops. The timed exam, flashcards, and study guide all work on mobile without installing an app.
What happens when I create an account?
Creating a free account lets you access full courses, track your weak areas by domain, and resume practice sessions across devices. No credit card is required to register.