ISC2 CC Training: Certified in Cybersecurity
Module 1: Security Principles 26% of exam
The foundation domain. Everything else in the CC exam β access control, networking, incident response, operations β sits on top of the ideas in this module. Expect the biggest slice of your exam questions to come from here, and expect them to be less about memorising acronyms than about recognising the right principle when you see it in a scenario.
- 1 What CC Is and Why It Matters 5 min Free preview
- 2 The CIA Triad: Confidentiality, Integrity, Availability 5 min π
- 3 Authentication, Authorization, and Accounting (AAA) 5 min π
- 4 Non-repudiation and Privacy 5 min π
- 5 Risk Basics: Threats, Vulnerabilities, and Impact 5 min π
- 6 Risk Management: Identify, Assess, Treat, Monitor 5 min π
- 7 Risk Treatment Options: Accept, Transfer, Mitigate, Avoid 5 min π
- 8 Security Controls: Categories and Types 5 min π
- 9 The ISC2 Code of Ethics 5 min π
- 10 Governance: Policies, Standards, Procedures, and Guidelines 5 min π
- 11 Regulatory and Legal Concepts 5 min π
- 12 Professional Ethics in Practice 4 min π
- 13 Domain 1 Wrap-Up and Study Notes 4 min π
Module 2: Business Continuity, Disaster Recovery, and Incident Response 10% of exam
The smallest of the five domains but a favourite for scenario questions. You are asked what should happen when things go wrong: how the organisation keeps operating, how it recovers, and how it handles security incidents in real time.
- 1 Business Continuity: Keeping the Lights On 5 min π
- 2 Disaster Recovery: Bringing Things Back 5 min π
- 3 Incident Response Basics 5 min π
- 4 Roles During an Incident: Who Does What 4 min π
- 5 Domain 2 Wrap-Up and Study Notes 4 min π
Module 3: Access Control Concepts 22% of exam
The second-largest domain. Access control is the day-to-day work of security teams β deciding who gets to see what, verifying that the people asking really are who they say they are, and making sure the privileges we hand out do not accumulate into a mess.
- 1 Access Control Fundamentals 5 min π
- 2 Physical Access Control 4 min π
- 3 Logical Access Control 4 min π
- 4 Identification and Authentication 5 min π
- 5 Passwords, Passphrases, and MFA 5 min π
- 6 Discretionary and Mandatory Access Control 5 min π
- 7 Role-Based Access Control (RBAC) 5 min π
- 8 Attribute-Based and Rule-Based Access Control 4 min π
- 9 Principle of Least Privilege and Segregation of Duties 5 min π
- 10 Privileged Access Management 4 min π
- 11 Domain 3 Wrap-Up and Study Notes 4 min π
Module 4: Network Security 24% of exam
Where security meets networks. This domain covers the vocabulary of networking, the common threats you meet on a network, and the controls used to defend it β firewalls, VPNs, segmentation, and the shared-responsibility model of the cloud. Almost a quarter of the exam lives here.
- 1 Networking Fundamentals for Security Pros 5 min π
- 2 The OSI Model and TCP/IP Basics 6 min π
- 3 Common Ports and Protocols 5 min π
- 4 IPv4 vs IPv6 and Network Addressing 5 min π
- 5 Common Threats and Attacks 6 min π
- 6 Wired and Wireless Networks 5 min π
- 7 Firewalls and Intrusion Detection 6 min π
- 8 Segmentation, VLANs, and DMZ 5 min π
- 9 Network Security Tools and Techniques 5 min π
- 10 Virtual Private Networks (VPNs) 4 min π
- 11 Cloud Basics and Shared Responsibility 5 min π
- 12 Domain 4 Wrap-Up and Study Notes 4 min π
Module 5: Security Operations 18% of exam
The daily work of running a security programme β handling data responsibly, using cryptography correctly, managing changes and configurations, and turning humans into partners rather than the weakest link. Almost a fifth of the exam sits here.
- 1 Data Handling and Classification 5 min π
- 2 Data Security: In Transit, At Rest, In Use 5 min π
- 3 Encryption Fundamentals 6 min π
- 4 Hashing and Digital Signatures 5 min π
- 5 Change Management Basics 5 min π
- 6 Configuration and Asset Management 4 min π
- 7 Security Awareness Training 4 min π
- 8 Common Security Policies 5 min π
- 9 Domain 5 Wrap-Up and Study Notes 4 min π
