What CC Is and Why It Matters
The ISC2 Certified in Cybersecurity (CC) is an entry-level certification for people who want a foot in the door of the security industry without needing years of experience first. It replaced and simplified what used to be a much steeper on-ramp. If you have never held a security job before, this is the credential ISC2 built for you.
The exam covers five domains: Security Principles, Business Continuity and Incident Response, Access Control, Network Security, and Security Operations. There are one hundred multiple-choice questions and you have two hours to answer them. The passing mark is seven hundred out of a possible one thousand — but that is a scaled score, not a raw percentage, so getting exactly seventy questions right is not the same as passing. Some questions weight more than others.
What CC proves is that you understand the vocabulary and the reasoning of the field. You know what a firewall is for, why we hash passwords instead of storing them in plaintext, and what a business impact analysis does. You do not need to be able to configure a Cisco ASA from the command line. That comes later, in roles or in more advanced certs.
Because this is your first cert, do not read like you are cramming for a graduate exam. Read to understand. If a lesson mentions the CIA triad and you do not immediately know what the letters stand for, stop and look them up. Concepts that feel fuzzy on the first pass will feel obvious on the third. The questions on the real exam reward recognition, not recall.
One more thing worth saying up front: CC is renewable. Once you pass, you will owe ISC2 a small annual maintenance fee and a modest number of continuing professional education credits each year. That is normal for professional certifications and is how the credential stays meaningful over time.
