Is the ISC2 CC exam really free?

Yes. Through the One Million Certified in Cybersecurity initiative, ISC2 offers a free exam voucher and free official self-paced training. This makes CC one of the most cost-effective international security certifications available. Register on the ISC2 website to claim your free voucher.

How difficult is the CC exam and how long should I study?

CC is a Foundational-level certification designed for people with no prior security experience. The exam has 100 questions in 120 minutes, requiring 700/1000 to pass. With 2-4 weeks of dedicated study (1-2 hours per day), most candidates can pass comfortably. Focus on the five domains, especially Security Principles (26%) and Network Security (24%).

What is the relationship between CC and CISSP?

Both are ISC2 certifications. CC is entry-level with no experience requirement; CISSP is an advanced certification requiring at least 5 years of security experience. CC serves as an ideal stepping stone to CISSP, with overlapping knowledge domains. Many candidates use CC to validate fundamentals before pursuing CISSP.

What are the CC certification maintenance requirements?

CC is valid for 3 years. Holders must earn a specified number of CPE (Continuing Professional Education) credits annually and pay $50 USD/year as an Annual Maintenance Fee (AMF). CPE credits can be earned through training, conferences, volunteer work, or publishing security-related content.

Can I take the CC exam with zero IT background?

Absolutely. CC was specifically designed for people with no prior IT or security experience. There are no prerequisites — no work experience, no prior certifications. Anyone interested in cybersecurity can prepare systematically and pass the exam successfully.

其他基础级🔒 安全

(ISC)² Certified in Cybersecurity (CC)

(ISC)² 官方入门级网络安全认证，验证安全原则、访问控制、网络安全和安全运营基础能力。考试免费，适合零经验转型网络安全领域。

Start Practice Browse Learning Path

Exam Fee

100

Questions

120m

Exam Duration

70/100

Passing Score

✓

Bottom line · Worth it

免费考试 + 零经验要求，网络安全入门的最低门槛认证，通过后可以半价考 CISSP。

MEMBERSHIP

JR Academy Membership

Unlock all certifications, courses & tools at a fraction of the cost

All certification exam prep included
Course discounts up to 50%
AI tools & Chrome extensions
Priority 1-on-1 coaching

View Membership Plans

What this certification covers

This page is structured for quick scanning first: exam format, fit, prep time, and the actual study scope.

(ISC)2 Certified in Cybersecurity（CC）是 (ISC)2 于 2022 年推出的入门级安全认证，考试费免费（通过 (ISC)2 的"One Million Certified in Cybersecurity"计划），100 题，120 分钟，及格线约 70%，无工作经验要求。

CC 的 5 大考试域：安全原则（26%）、业务连续性/灾难恢复/事件响应（10%）、访问控制（22%）、网络安全（24%）和安全运营（18%）。内容深度大致相当于 CISSP 的 20% — 它教你"CIA 三要素是什么"，CISSP 教你"怎么在企业里落地 CIA 框架"。

CC 持证者可以加入 (ISC)2，获得 CISSP 考试费 50% 折扣。认证有效期 3 年，每年需要获得 15 个 CPE（Continuing Professional Education）学分维持，CPE 可以通过免费在线课程获得。

You will work with

CIA TriadAccess ControlNetwork SecurityIncident ResponseBusiness ContinuityRisk ManagementEncryptionAuthentication

After preparation

获得 (ISC)² 官方认可的 CC 网络安全认证
掌握网络安全五大领域核心概念
理解访问控制、网络安全和安全运营基础
为 SSCP、CISSP 等高级安全认证打下基础

Exam details

Exam Code

Provider

其他认证机构

Duration

120 minutes

Question Count

100 questions

Passing Score

70/100

Validity

3 years

Exam Fee

$0 USD

Question Types

Single choice, Multiple select

Languages

English, 中文(简体), 日本語, 한국어, Deutsch, Español

Official Page

Open AWS page

Who should take it

Good fit

希望进入网络安全领域的 IT 从业者
网络安全或信息安全专业在校学生
系统管理员和网络工程师拓展安全技能
对网络安全感兴趣的零基础初学者
准备进阶 CISSP 等高级安全认证的人员

Before you start

无特定工作经验要求
建议了解基本的计算机和网络概念
对信息安全有基本兴趣
具备基础的英文阅读能力（建议）

Is it worth it? Career value

Salary ranges, target job titles, and the real career impact of holding (ISC)² CC.

澳洲

$65K-90KAUD

美国

$55K-80KUSD

新加坡

$48K-72KSGD

Security Analyst (Junior)SOC Analyst Tier 1IT Security SupportCompliance Analyst

CC 的战略价值

CC 本身的市场认可度一般 — 它太新（2022 年推出），很多招聘经理还不熟悉。但它的核心价值是进入 (ISC)2 生态的跳板：通过 CC 后你成为 (ISC)2 会员，CISSP 考试费从 $749 降到 $375，并且可以参加 (ISC)2 的本地 Chapter 活动扩展安全圈子。

适合考的人：想转安全但没有任何安全认证的人。CC 免费考试 + 零经验要求，投入成本几乎为零。通过后简历上多了一行"(ISC)2 Certified"，比空白好。

不适合考的人：已经有 CompTIA Security+ 的人。Security+ 在市场上的认可度更高（尤其是政府和国防领域），不需要再考 CC。

Exam domains

Use this breakdown to decide where to spend study time first instead of reading chapters evenly.

Content Distribution

26%

1. 安全原则

Security Principles

Core Knowledge

CIA TriadRisk ManagementGovernanceSecurity Controls

10%

2. 业务连续性、灾难恢复与事件响应

Business Continuity, Disaster Recovery & Incident Response

Core Knowledge

Business ContinuityDisaster RecoveryIncident ResponseRTO/RPO

22%

3. 访问控制概念

Access Controls Concepts

Core Knowledge

IAMAuthenticationAuthorizationMFARBAC

24%

4. 网络安全

Network Security

Core Knowledge

Network SecurityFirewallVPNEncryptionIDS/IPS

18%

5. 安全运营

Security Operations

Core Knowledge

Data SecuritySIEMChange ManagementSecurity Awareness

Study preparation

With hands-on AWS

2-3 weeks

From scratch

4-6 weeks

Daily pace

1-2 hours/day

Learning path preview

7 chapters

CC 考试概述与备考指南

30 min

安全原则

120 min

业务连续性、灾难恢复与事件响应

60 min

访问控制概念

100 min

网络安全

110 min

安全运营

90 min

+ 1 more chapters inside the full path

Step-by-step preparation

A concrete week-by-week plan from past test-takers — not generic advice.

第一阶段：安全基础概念（1-2 周）

CIA 三要素（机密性/完整性/可用性）、AAA 框架（认证/授权/审计）、风险管理基础（风险 = 威胁 x 漏洞 x 影响）。这些概念会在考试中反复出现，不同场景下问你"哪个属于机密性保护"。

第二阶段：访问控制 + 网络安全（2 周）

访问控制模型（MAC/DAC/RBAC）、MFA 类型（知道的/拥有的/本身的）。网络安全部分：防火墙类型（包过滤/状态检测/应用层）、VPN 协议（IPSec/TLS）、无线安全（WPA3）。

第三阶段：BCP/DR + 安全运营 + 模考（1-2 周）

RTO（恢复时间目标）vs RPO（恢复点目标）、备份类型（全备/差异/增量）。安全运营：日志管理、变更管理、补丁管理。做 2-3 套模考，(ISC)2 官方提供免费的 CC 练习题。

Real test-taker experiences

What it actually took for real candidates to pass — prep time, scores, and lessons learned.

题目比预想简单，但陷阱在于"最佳答案" — 4 个选项里可能有 2-3 个技术上正确，要选最符合 (ISC)2 安全理念的那个。比如问"发现安全事件首先做什么"，答案是"通知管理层"而不是"自己修复"。

IT Support 转安全通过

· 4 weeks prep

完全没有 IT 背景花了 5 周。最难的是网络安全部分（OSI 模型、TCP/IP、端口号），建议先看 Professor Messer 的免费网络基础视频再开始准备 CC。

大学生零基础通过

· 5 weeks prep

Certification comparison

	(ISC)² CC	CISSP	CompTIA Security+
Provider	其他	其他	CompTIA
Level	基础级	大师级	助理级
Fee	$0	$749	$392
Duration	120 min	180 min	90 min
Question count	100	150	90
Validity	3 yrs	3 yrs	3 yrs

Study tips and common mistakes

💡

**免费报名入口**：通过 isc2.org/candidate 注册，选择 "1M Certified in Cybersecurity" 计划，考试费 $0。

💡

**CAT 自适应考试**：CC 使用 CAT（Computerized Adaptive Testing），题目难度根据你的表现动态调整，可能不到 100 题就结束。

💡

**"安全优先"原则**：任何涉及安全 vs 便捷性的取舍，(ISC)2 的答案永远是选安全。

⚠️

**(ISC)2 的答题思维** — (ISC)2 考试强调"管理者视角"而不是"技术者视角"。问"怎么处理安全事件"，优先选"报告和升级"而不是"立刻动手修复"。

⚠️

**RTO 和 RPO 搞反** — RTO 是系统恢复需要的最长时间，RPO 是可以容忍的最大数据丢失量（用时间衡量）。

⚠️

**忽略物理安全** — CC 考试包含门禁、监控摄像头、访客管理等物理安全内容，不是纯数字安全。

FAQ

Frequently Asked Questions

If you plan to take (ISC)² CC, start with real practice.

118+ questions, chapter-by-chapter learning, mock exams, wrong-question review, and AI tutor support live in the exam page.

Go to exam prep

From $19 · 2 free chapters

(ISC)² Certified in Cybersecurity (CC)

JR Academy Membership

What this certification covers

You will work with

After preparation

Exam details

Who should take it

Good fit

Before you start

Is it worth it? Career value

Exam domains

Content Distribution

1. 安全原则

2. 业务连续性、灾难恢复与事件响应

3. 访问控制概念

4. 网络安全

5. 安全运营

Study preparation

With hands-on AWS

From scratch

Daily pace

Learning path preview

Step-by-step preparation

第一阶段：安全基础概念（1-2 周）

第二阶段：访问控制 + 网络安全（2 周）

第三阶段：BCP/DR + 安全运营 + 模考（1-2 周）

Real test-taker experiences

Certification comparison

Study tips and common mistakes

FAQ

Frequently Asked Questions

If you plan to take (ISC)² CC, start with real practice.

Related certifications

CISSP

CompTIA Security+

SSCP