ISC2 CC Certified in Cybersecurity Mock Exam
2026: 200 Latest Questions and Answers with
Detailed Rationales – Full Coverage of All
Domains – Graded A+ – Instant Pass Guarantee
Preparation.”
ISC2 CC Mock Exam – 2026 Update
100 Questions | Answers + Rationales | Graded A+
Domain 1: Security Principles (1–25)
Q1. Which of the following best describes the primary
goal of information security?
A) Ensure business continuity
B) Protect the CIA triad
C) Maximize system performance
D) Reduce costs
☑VERIFIED ANSWER B
Rationale: The primary goal is to protect the
Confidentiality, Integrity, and Availability (CIA) of
information. Business continuity is a related but distinct
objective.
,Q2. A hacker steals encrypted credit card data but
cannot read it. What principle is still intact?
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
☑VERIFIED ANSWER B
Rationale: Integrity means data is unaltered. Even if
stolen, encryption preserves confidentiality, but the
question states the data cannot be read — however, the
data itself remains unchanged, so integrity holds.
Q3. Which attack directly targets availability?
A) SQL injection
B) Phishing
C) DDoS
D) Man-in-the-middle
☑VERIFIED ANSWER C
Rationale: A Distributed Denial-of-Service (DDoS) attack
floods resources, making them unavailable to legitimate
users.
,Q4. A user denies sending a malicious email. Which
security service proves otherwise?
A) Integrity
B) Confidentiality
C) Non-repudiation
D) Authentication
☑VERIFIED ANSWER C
Rationale: Non-repudiation uses digital signatures and
logs to prove an action occurred, preventing denial.
Q5. What is the difference between a threat and a
vulnerability?
A) A threat is human, a vulnerability is technical
B) A threat exploits a vulnerability
C) A vulnerability is a potential harm, a threat is a
weakness
D) They are the same
☑VERIFIED ANSWER B
Rationale: A vulnerability is a weakness; a threat is
something that can exploit that weakness to cause harm.
, Q6. Which of the following is an example of a physical
control?
A) Firewall
B) Encryption
C) Security guard
D) Password policy
☑VERIFIED ANSWER C
Rationale: Security guards, fences, and locks are physical
controls. Firewalls and encryption are technical controls.
Q7. A company requires employees to sign an acceptable
use policy (AUP). What type of control is this?
A) Technical
B) Administrative
C) Physical
D) Detective
☑VERIFIED ANSWER B
Rationale: Administrative controls include policies,
procedures, and training. AUPs are administrative.
Q8. Which access control model allows the owner to
grant access to others?
2026: 200 Latest Questions and Answers with
Detailed Rationales – Full Coverage of All
Domains – Graded A+ – Instant Pass Guarantee
Preparation.”
ISC2 CC Mock Exam – 2026 Update
100 Questions | Answers + Rationales | Graded A+
Domain 1: Security Principles (1–25)
Q1. Which of the following best describes the primary
goal of information security?
A) Ensure business continuity
B) Protect the CIA triad
C) Maximize system performance
D) Reduce costs
☑VERIFIED ANSWER B
Rationale: The primary goal is to protect the
Confidentiality, Integrity, and Availability (CIA) of
information. Business continuity is a related but distinct
objective.
,Q2. A hacker steals encrypted credit card data but
cannot read it. What principle is still intact?
A) Availability
B) Integrity
C) Confidentiality
D) Non-repudiation
☑VERIFIED ANSWER B
Rationale: Integrity means data is unaltered. Even if
stolen, encryption preserves confidentiality, but the
question states the data cannot be read — however, the
data itself remains unchanged, so integrity holds.
Q3. Which attack directly targets availability?
A) SQL injection
B) Phishing
C) DDoS
D) Man-in-the-middle
☑VERIFIED ANSWER C
Rationale: A Distributed Denial-of-Service (DDoS) attack
floods resources, making them unavailable to legitimate
users.
,Q4. A user denies sending a malicious email. Which
security service proves otherwise?
A) Integrity
B) Confidentiality
C) Non-repudiation
D) Authentication
☑VERIFIED ANSWER C
Rationale: Non-repudiation uses digital signatures and
logs to prove an action occurred, preventing denial.
Q5. What is the difference between a threat and a
vulnerability?
A) A threat is human, a vulnerability is technical
B) A threat exploits a vulnerability
C) A vulnerability is a potential harm, a threat is a
weakness
D) They are the same
☑VERIFIED ANSWER B
Rationale: A vulnerability is a weakness; a threat is
something that can exploit that weakness to cause harm.
, Q6. Which of the following is an example of a physical
control?
A) Firewall
B) Encryption
C) Security guard
D) Password policy
☑VERIFIED ANSWER C
Rationale: Security guards, fences, and locks are physical
controls. Firewalls and encryption are technical controls.
Q7. A company requires employees to sign an acceptable
use policy (AUP). What type of control is this?
A) Technical
B) Administrative
C) Physical
D) Detective
☑VERIFIED ANSWER B
Rationale: Administrative controls include policies,
procedures, and training. AUPs are administrative.
Q8. Which access control model allows the owner to
grant access to others?
