(ISC)2 CC Review

How I passed (ISC)² CC

CC Domains

---

To begin with, while the certification doesn’t assess your technical abilities and is considered an entry-level certification, passing the exam is no easy feat and is only truly appreciated by those who have attempted it.

whoami before studying for the cert

I had a good understanding of web VAPT (why web? I’ll tell you in a min) and networking, and was well-versed in the networking protocols OSI and TCP/IP. As a result, network security module was not a challenge for me. I just needed to refresh my memory and get familiar with the way the exam questions were structured, which is crucial for these kinda exams.

Why did I attempt this certification

I attempted this certification exam with the goal of obtaining a certificate, and I found the challenge of the exam to be a positive experience. It’s no secret that many people struggle to pass this exam even though it’s an entry level cert, but as an infosec enthusiast, I enjoy being pushed out of my comfort zone and testing my knowledge.

Because the exam had to be taken in person at an exam center, I believe that the resulting certificate is more credible than those obtained through online courses or other means. I also see the certificate as a valuable addition to my resume.

Exam Structure

• Length of exam: 2 hours
• Number of questions: 100
• Exam format: Multiple choice
• Passing grade: 700 out of 1000 points

Study Materials

This is how I studied for the cert:

• To prepare for the certification exam, I first took the (ISC)² pre-assignment and reviewed my mistakes. This exercise gave me some confidence as I found that I already knew certain things.
• I then studied a few modules from the (ISC)² self-study program but ultimately found them to be less useful for the exam. I got to know that because of reading blogs and YouTube reviews/comments.
• I discovered two excellent courses:
  • Mike Chapple - linkedIn
  • Thor - Udmey
• Personally, I watched Mike Chapple’s videos and took detailed notes, although I later found that the material lacked some depth in certain concepts. Despite this, I would still recommend this course as it was concise and easy to understand.
• However, no matter how much you study, the exam will likely still feel challenging. That being said, I found the practice tests from Thor’s Udemy course to be incredibly helpful. Although I did not watch any of the course videos, I took the practice tests and made sure to understand the reasoning behind each answer.
• In fact, I recommend that you do not attempt the exam without scoring 90% or higher on both of the mock tests. I personally took the mock tests twice, and the second time I scored above 90% on both of them after reviewing my mistakes from the first attempts.
• While there were some questions from the mock tests that were similar to the actual exam, they were framed differently. In addition to the mock tests, I also went back and tried the (ISC)² pre-assignment again, and this time I scored 95%+.

What surprised me on the exam

This maybe subjective

• Have a clear distinction between Business Continuity Plan and Disaster Recovery Plan
• Learn about policies (Security Operation module)
• Learn about C-level executives roles and responsibilities
• Web vulnerabilities (in the context of access controls & network security)
• Secure design principles
• The way the questions are framed :), it’s important to take the time to fully understand and place emphasis on critical words before you answer.

Exam Preparation Tips

• If you have time, use a note-taking app like Obsidian or Notion to keep track of your study progress. When it comes to understanding the concepts, try to go beyond just memorization. Use different resources like YouTube videos and blogs to get a deeper understanding.
• Let’s say you don’t understand a concept fully even though you watched a video from the above mentioned courses, don’t be afraid to seek out other free resources to help you fully grasp the material. After all, this is a learning journey and you want to truly understand the concepts to prove your authenticity.
• Personally, when I encounter a high-level concept that I’m struggling to understand, I turn to YouTube to watch practical implementations of that concept. I don’t necessarily retain all the information from the videos, but it helps me visualize the concept when I’m studying and recalling the material. This technique works for me, but everyone has their own learning style, so experiment with different methods to find what works best for you.

Exam Day

Now, here comes the moment of truth.

• Don’t worry about running out of time during the exam, as you’ll have enough time to answer all the questions.
• As you start reading the first 10 questions, you might feel overwhelmed and realize that the questions are more difficult than you expected. You may come across topics you didn’t study for (this happened to me too!), but you’ll likely still recognize some of the answer choices. To narrow down the options, use the process of elimination by eliminating answer choices that are clearly not relevant.
• If you can’t remember certain concepts, try asking yourself “what” and “why” questions to help jog your memory.
• When I used this method, I would often be left with two possible answer choices that both seemed correct. In these situations, I would take some time to carefully evaluate and choose the answer that made the most sense to me. It’s important to note that you may not be able to do this for every question, but with enough practice and evaluation, you’ll do just fine.

Exam Center procedure

• To take the exam, you’ll need at least two government-issued IDs, with one of them having your signature.
• As someone from India, I used my PAN and debit card.
• If you plan on using a payment card, make sure your name matches on the card, Government ID, and the name you used when booking the exam. If you don’t have these documents, you won’t be allowed to take the exam.
• Once you arrive, they’ll provide a small locker for your belongings and ask you to empty your pockets. You’ll then be assigned to a computer system to take the exam.
• Note that you won’t be able to go back to previous questions once you move forward. Don’t stress about the time, you’ll have plenty to answer all the questions.
• Once you have completed the exam, they will give you a letter indicating whether you have passed or failed. You will not receive any information about your score.

Stay calm and go claim your certification! :)