
What we cover: Course orientation and use of provided study resources for review and memorization.
Why it matters: Structured reference materials support consistent terminology recall and reduce gaps across security concepts.
Exam relevance: Tested indirectly through accurate concept identification and rapid recall when selecting the best answer.
What we cover: Course community resources and instructor review request process.
Why it matters: Feedback and peer discussion support continuous improvement and knowledge reinforcement.
Exam relevance: No direct tested content; treat as non-exam administrative guidance.
What we cover: Course notation cues that flag high-priority topics, partial lists, and keywords for memorization.
Why it matters: Consistent cue recognition improves accurate retention of security terminology and control distinctions.
Exam relevance: Tested indirectly through precise term selection and distinguishing similar concepts in multiple-choice questions.
What we cover: Study workflow focused on concept mastery, practice-question review, question deconstruction, and time management.
Why it matters: It improves control selection accuracy by forcing precise understanding and reducing misreads under time pressure.
Exam relevance: Tested through scenario questions requiring the most correct choice, distractor elimination, and pacing across 100–125 items.
What we cover: Domain 1 security principles and governance foundations, including CIA, access control, risk, privacy, physical security, and ethics.
Why it matters: These concepts drive correct control selection and security objective prioritization across policies, systems, and environments.
Exam relevance: Tested as conceptual distinctions and scenario-based choices mapping controls and governance elements to CIA, risk, and compliance.
What we cover: The scope differences between information security, IT security, and cybersecurity and their relationship to the CIA triad.
Why it matters: Correct scoping drives appropriate control selection across physical, technical, and administrative categories.
Exam relevance: Tested as terminology and scope distinctions and as choosing CIA priorities and control types in prompts.
What we cover: The CIA triad as the core security model for confidentiality, integrity, and availability requirements.
Why it matters: It guides selecting administrative and technical controls to protect data access, correctness, and uptime.
Exam relevance: Tested as choosing which CIA element is impacted or prioritized and mapping controls like MFA and segmentation.
What we cover: The three data states and matching protection focus for confidentiality controls.
Why it matters: Correctly aligning encryption, access control, and user policy reduces exposure across storage, transit, and handling.
Exam relevance: Tested as selecting appropriate controls per data state and distinguishing need-to-know versus least privilege access models.
What we cover: Integrity in the CIA triad and how it differs from confidentiality.
Why it matters: Integrity controls ensure data remains accurate and unaltered despite unauthorized modification attempts.
Exam relevance: Tested through selecting integrity-focused controls like hashes and checksums versus confidentiality controls in scenario questions.
What we cover: Availability as the CIA triad principle, ensuring authorized access to systems and data when needed.
Why it matters: Availability controls reduce downtime risk from attacks, failures, and misconfigurations through resilient design and maintenance.
Exam relevance: Tested by choosing availability-focused controls and distinguishing DoS impacts, patch management, and redundancy approaches in scenarios.
What we cover: CIA triad objectives and their opposites as DAD: disclosure, alteration, and destruction.
Why it matters: It enables the correct selection of security controls to prevent unauthorized access, modification, or loss of access.
Exam relevance: Tested as keyword-driven conceptual distinctions and scenario-based mapping of controls to confidentiality, integrity, or availability.
What we cover: The IAAA access control model and Type 1 authentication.
Why it matters: It clarifies how identities are verified, permissions are granted, and actions are traceable. And starts with the first type of authentication.
Exam relevance: Tested as conceptual distinctions and control selection, including MFA factors and password policy versus brute-force mitigations.
What we cover: Type 2 authentication as possession factors, including hardware or software tokens and one-time passwords.
Why it matters: Possession factors strengthen authentication by requiring control of a trusted issued or generated authenticator.
Exam relevance: Identify possession factors and distinguish HOTP versus TOTP behavior and time synchronization requirements in MFA questions.
What we cover: Type 3 authentication as something you are using biometric factors and matching thresholds.
Why it matters: Biometrics increase assurance but introduce accuracy tradeoffs, privacy exposure, and non-revocability after compromise.
Exam relevance: Identify Type 3 synonyms and choose it when prompts emphasize the strongest authentication, highest cost, or FAR versus FRR tuning.
What we cover: IAAA and access control models including authentication factors and DAC, MAC, RBAC, ABAC distinctions.
Why it matters: Correct identity assurance and authorization boundaries enforce least privilege, need-to-know, and traceable accountability.
Exam relevance: Tested via scenario selection of authentication factors, access control model choice, and auditing versus non-repudiation distinctions.
What we cover: The IAAA access control model separating identification, authentication, authorization, and accountability.
Why it matters: It clarifies how identities are verified, permissions are granted, and actions are traceable.
Exam relevance: Tested as conceptual distinctions and control selection, including MFA factors and password policy versus brute-force mitigations.
What we cover: Privacy principles and the definition of personally identifiable information as regulated sensitive data.
Why it matters: Privacy controls limit collection, retention, and use of identifying data to meet legal and ethical requirements.
Exam relevance: Tested through identifying PII in prompts and selecting compliant handling based on jurisdictional privacy obligations.
What we cover: Risk calculation terms including threat, vulnerability, likelihood, impact, total risk, and residual risk after countermeasures.
Why it matters: These distinctions drive consistent risk evaluation and control selection as environments and threats change iteratively.
Exam relevance: Tested through scenario questions requiring correct term identification, equation interpretation, and choosing the next risk management action.
What we cover: The risk management cycle and the distinction between due diligence and due care.
Why it matters: It supports defensible control selection and sustained risk treatment through monitoring and accountability.
Exam relevance: Tested as qualitative versus quantitative assessment choices and due diligence versus due care versus negligence responsibility distinctions.
What we cover: Risk appetite and residual risk drive selection of mitigation, transference, acceptance, or avoidance strategies.
Why it matters: Correct risk response aligns controls to acceptable exposure while meeting due care and due diligence expectations.
Exam relevance: Tested as choosing the correct risk treatment and distinguishing acceptance from negligence or improper rejection.
What we cover: Qualitative versus quantitative risk analysis and how residual and secondary risk are identified and tracked.
Why it matters: Risk analysis supports selecting and justifying controls based on likelihood, impact, and measurable loss.
Exam relevance: Tested as choosing qualitative versus quantitative methods, interpreting risk register terms, and selecting risk responses.
What we cover: The distinction between KGI, KPI, and KRI within risk management measurement and reporting.
Why it matters: These metrics validate goal attainment, control performance, and risk exposure against defined risk appetite.
Exam relevance: Identify which indicator type fits a prompt and map it to risk response, monitoring, and reporting decisions.
What we cover: Risk management fundamentals including threat, vulnerability, impact, and qualitative versus quantitative risk analysis.
Why it matters: Accurate risk evaluation drives appropriate control selection and governance-aligned risk treatment decisions.
Exam relevance: Tested through selecting correct risk response types and interpreting basic risk formulas and analysis outputs.
What we cover: Key distinctions among criminal, civil, administrative, and private regulatory requirements affecting cybersecurity and privacy.
Why it matters: Correctly classifying legal and regulatory obligations guides compliant control selection and data-handling requirements.
Exam relevance: Tested through scenario-based identification of law type, burden of proof, and which privacy rule or standard applies.
What we cover: GDPR scope and core privacy obligations for personal data processing in the EU and EEA.
Why it matters: It drives lawful processing, data minimization, breach notification, and accountability roles for privacy controls.
Exam relevance: Tested as regulatory identification and selecting correct compliance actions for consent, data subject rights, and 72-hour notification.
What we cover: Governance hierarchy linking values and vision and mission to policies, standards, and procedures using NIST CSF and CIS Controls.
Why it matters: Clear separation of governance intent from implementation detail enables consistent security control selection and enforcement.
Exam relevance: Tested as distinguishing policy types and policy versus standard versus procedure and recognizing NIST CSF versus CIS Controls roles.
What we cover: Access control categories as administrative, physical, and technical controls within layered defense.
Why it matters: Correct control categorization ensures policies, physical barriers, and technical enforcement work together to reduce risk.
Exam relevance: Tested through distinguishing control types and selecting appropriate controls in access control and defense-in-depth questions.
What we cover: Access control types as control functions: preventive, detective, corrective, recovery, deterrent, and compensating.
Why it matters: Correctly classifying control function guides selecting controls that stop, find, fix, restore, discourage, or substitute.
Exam relevance: Tested through scenario-based control selection and distinguishing overlapping functions, especially corrective versus preventive and compensating use.
What we cover: Physical security controls for perimeter defense and surveillance within defense-in-depth.
Why it matters: Correct control categorization supports layered protection and reduces predictable weaknesses in facility protection.
Exam relevance: Tested as selecting physical controls by type and distinguishing deterrent, preventive, and detective functions in scenarios.
What we cover: Physical access controls using locks, combination locks, smart cards, and magnetic stripe cards.
Why it matters: Control strength depends on resistance to bypass and on credential handling discipline.
Exam relevance: Tested as selecting appropriate physical controls and distinguishing weaknesses like key copying, brute force, shoulder surfing, RFID skimming, and magstripe cloning.
What we cover: Physical access threats and controls including tailgating and barriers that enforce single-person entry.
Why it matters: Correct physical and administrative controls reduce unauthorized entry and improve access discipline.
Exam relevance: Tested as selecting appropriate physical controls and classifying them as preventive, detective, or deterrent.
What we cover: Physical security as layered perimeter defense using sensors, hardened openings, and controlled interior boundaries.
Why it matters: Balanced barriers and trained personnel reduce bypass paths while maintaining safe egress and controlled access.
Exam relevance: Tested through selecting appropriate physical controls and classifying guards as deterrent, preventive, detective, or compensating.
What we cover: Physical security controls and their classification as deterrent, preventive, detective, or compensating.
Why it matters: Correct control categorization drives layered defense design and appropriate risk-based selection for facilities.
Exam relevance: Tested through scenario questions requiring the best physical control choice and correct control-type identification.
What we cover: Administrative controls and control functions, plus policy types and data states with appropriate protection.
Why it matters: Clear policies and procedures drive consistent security behavior and guide selection of technical and physical controls.
Exam relevance: Tested as control-category and control-function classification, policy-type differentiation, and choosing protections for data at rest, motion, and use.
What we cover: Professional ethics principles and the four core canons in a formal code of ethics.
Why it matters: Ethics guides security conduct and accountability when legal requirements or policies are unclear.
Exam relevance: Tested as recall of the preamble and canons and as choosing the most ethical action in judgment questions.
What we cover: Domain 1 security principles and governance concepts.
Why it matters: These fundamentals guide control selection, risk decisions, and policy alignment across security programs.
Exam relevance: Tested heavily through conceptual distinctions and scenario-based selection among principles, controls, and governance elements.
What we cover: Security governance scope across GRC, resiliency, security awareness training, and cybersecurity effectiveness measurement.
Why it matters: Governance aligns controls, roles, and oversight to manage risk and validate security program performance.
Exam relevance: Tested as conceptual distinctions and scenario-based selection of governance, training, resiliency, and metrics approaches.
What we cover: Governance versus management roles in security oversight and policy lifecycle ownership.
Why it matters: Clear role separation ensures accountable direction-setting, risk appetite approval, and effective control implementation.
Exam relevance: Tested through scenario questions selecting who approves policies, sets risk appetite, and where security leadership should report.
What we cover: How governance, risk management, and compliance integrate as a single GRC control and oversight model.
Why it matters: Alignment between policy direction, risk appetite, and mandatory obligations drives consistent security control selection.
Exam relevance: Tested as role and responsibility distinctions and scenario-based selection of governance, risk response, or compliance actions.
What we cover: Business continuity planning as an overarching administrative control set that includes disaster recovery as an IT-focused subplan.
Why it matters: It defines organizational priorities and governance to sustain essential functions and protect personnel during disruptions.
Exam relevance: Tested as plan-scope differentiation and correct plan selection when given continuity, recovery, communications, or safety requirements.
What we cover: BCP subplans and related standards, including BRP, IT contingency planning, and crisis management responsibilities.
Why it matters: Clear plan boundaries align recovery actions, IT availability, and personnel safety with risk management priorities.
Exam relevance: Tested as selecting the correct plan type or standard and prioritizing life safety over asset protection.
What we cover: Business continuity planning lifecycle with business impact analysis, downtime tiers, disaster categories, and plan maintenance triggers.
Why it matters: It aligns preventive controls and recovery strategies to prioritized assets and defined downtime tolerance.
Exam relevance: Tested through selecting BIA outputs, distinguishing natural versus human versus environmental events, and identifying when plans require updates.
What we cover: Disaster recovery planning as a business continuity subplan with defined objectives, roles, and escalation authority.
Why it matters: Clear declaration authority and communication paths enable coordinated technical recovery actions during disruptions.
Exam relevance: Tested as selecting DRP lifecycle phases and identifying who declares disasters and triggers notifications.
What we cover: Business impact analysis metrics for disaster recovery planning including RTO, RPO, MTD, WRT, MTBF, MTTR, and MOR.
Why it matters: These metrics define acceptable downtime and data loss to prioritize systems and select appropriate resilience controls.
Exam relevance: Tested as terminology differentiation and choosing correct recovery objectives and availability requirements from brief outage and backup descriptions.
What we cover: Disaster recovery site types and their readiness differences as availability controls.
Why it matters: Site selection determines achievable recovery time and data currency during outages.
Exam relevance: Tested as choosing the correct site type based on RTO and data replication expectations.
What we cover: Disaster recovery planning lifecycle and governance, including lessons learned and plan maintenance controls.
Why it matters: Clear ownership, scope, and current documentation enable consistent recovery actions when preventive controls fail.
Exam relevance: Tested as selecting appropriate DR/BCP elements, identifying plan failure causes, and distinguishing recovery site readiness levels.
What we cover: Data center power continuity controls using UPS, PDU, transfer switch, and generator with redundancy.
Why it matters: Stable voltage and uninterrupted power preserve availability and prevent hardware damage and data corruption.
Exam relevance: Tested as selecting appropriate physical resilience controls and distinguishing power events like blackout, brownout, sag, surge, and spike.
What we cover: Backup types and retention policies as recovery controls distinct from fault tolerance and redundancy.
Why it matters: Correct backup selection and verified restores ensure recoverability without reintroducing compromised system components.
Exam relevance: Tested through choosing full, incremental, differential, or copy backups and aligning retention with recovery requirements.
What we cover: Backup types and archive bit behavior across full, incremental, differential, and copy backups.
Why it matters: Backup selection balances storage and backup time against restore speed and recovery reliability.
Exam relevance: Tested as choosing the correct backup type and restore set based on archive bit clearing and recovery requirements.
What we cover: RAID as a redundancy and fault-tolerance storage control using mirroring, striping, and parity.
Why it matters: Correct RAID selection reduces single points of failure and supports resiliency during component outages.
Exam relevance: Tested as conceptual differentiation of RAID 0, 1, and 5 capabilities and fault-tolerance tradeoffs.
What we cover: High availability redundancy across power, networking, and servers using hot-swappable components and clustering models.
Why it matters: Redundancy reduces single points of failure and maintains service continuity during component or site outages.
Exam relevance: Tested as selecting appropriate availability controls and distinguishing active-active versus active-passive failover and site redundancy.
What we cover: Fault tolerance and redundancy methods including RAID levels, high availability pairs, and near real-time backup approaches.
Why it matters: These controls maintain availability and recoverability by reducing single points of failure and limiting data loss.
Exam relevance: Tested as selecting the correct availability or backup option and distinguishing RAID 0, 1, and 5 behaviors.
What we cover: Fire suppression principles using the fire triangle and data center suppression control categories.
Why it matters: Correct suppression selection reduces fire spread while protecting personnel and sensitive equipment.
Exam relevance: Identify fire classes and choose appropriate suppression methods for electrical versus ordinary combustible environments.
What we cover: Fire suppression controls for IT environments including sprinkler activation, wet versus dry pipe, and extinguisher classes.
Why it matters: Correct suppression selection reduces safety risk and prevents avoidable equipment damage during fire response.
Exam relevance: Tested as conceptual matching of fire classes and choosing appropriate suppression methods for data center scenarios.
What we cover: Security training and awareness as an administrative or directive control that drives user behavior change.
Why it matters: Effective awareness programs reduce human-caused security risk by reinforcing secure habits and consistent reporting.
Exam relevance: Tested as control-type classification and selecting awareness training as the appropriate administrative control in scenarios.
What we cover: Social engineering as a low-tech attack that exploits users to bypass security controls.
Why it matters: It drives selection of administrative controls like awareness training and strict access control enforcement.
Exam relevance: Tested through identifying influence tactics and choosing appropriate mitigations in scenario-based questions.
What we cover: Social engineering phishing variants and their targeting scope across email and voice channels.
Why it matters: Correctly classifying the attack type drives appropriate user-awareness and layered defensive control selection.
Exam relevance: Tested as terminology differentiation and scenario-based identification of phishing, spear phishing, whaling, and vishing.
What we cover: Cybersecurity effectiveness measurement using metrics tracked over time and the KPI versus KRI distinction.
Why it matters: Metrics support control evaluation and risk monitoring by showing performance and emerging risk trends.
Exam relevance: Tested as selecting KPI or KRI in prompts and interpreting trend-based metrics for security posture judgments.
What we cover: Security governance concepts including GRC, resiliency, security awareness training, and performance measurement.
Why it matters: Governance aligns controls, responsibilities, and metrics to manage risk and sustain security outcomes.
Exam relevance: Tested as selecting appropriate governance elements and distinguishing training, resiliency, and measurement in scenario questions.
What we cover: Identity and access management concepts focused on the identity lifecycle and logical access controls.
Why it matters: Correct IAM control selection depends on distinguishing identity management from access enforcement mechanisms.
Exam relevance: Tested as conceptual differentiation and scenario-based selection of lifecycle actions versus logical access control types.
What we cover: Logical controls in IAM provisioning, including entity versus identity versus attributes and federated identity versus SSO.
Why it matters: Correct IAM design enforces least privilege while preserving accountability through controlled provisioning and deprovisioning.
Exam relevance: Tested by distinguishing control categories and selecting federated identity or SSO tradeoffs and compensating controls.
What we cover: Centralized, decentralized, and hybrid access control architectures and how they enforce access using access control lists.
Why it matters: Architecture choice balances manageability and consistency against latency, availability, and single-point-of-failure risk.
Exam relevance: Tested as selecting the appropriate access control model and identifying tradeoffs, including just-in-time provisioning for third parties.
What we cover: Logical access control models and security models for authorization decisions across confidentiality, integrity, and availability priorities.
Why it matters: Correct model selection enforces least privilege and prevents unauthorized disclosure or modification under defined policy constraints.
Exam relevance: Tested as conceptual distinctions and scenario-based selection among DAC, MAC, RBAC, ABAC, context/content controls, and Bell-LaPadula versus Biba.
What we cover: Administrative access controls and security models that govern confidentiality and integrity decisions.
Why it matters: These controls reduce insider misuse by limiting authority, enforcing oversight, and enabling accountability.
Exam relevance: Identify least privilege, separation of duties, job rotation, mandatory vacations, NDAs, background checks, and model keywords.
What we cover: Identity and access management concepts across identity lifecycle and logical access control categories.
Why it matters: Correct IAM control selection ensures appropriate authorization boundaries and consistent identity governance.
Exam relevance: Tested as conceptual distinctions among provisioning, SSO, federation, access control models, and Bell-LaPadula versus Biba.
What we cover: Core networking and cloud security concepts including models, addressing, protocols, and cloud service and deployment types.
Why it matters: Correctly classifying network and cloud components drives appropriate security control selection and responsibility boundaries.
Exam relevance: Tested through conceptual distinctions and scenario-based selection of models, ports, protocols, and cloud service choices.
What we cover: Core networking distinctions for data flow, signaling, network scope, switching methods, QoS, and transport behavior.
Why it matters: Correctly matching communication characteristics to network design supports secure, reliable traffic handling.
Exam relevance: Tested as conceptual differentiation and scenario-based selection between duplex types, baseband versus broadband, intranet versus extranet, circuit versus packet switching, QoS use, and TCP versus UDP.
What we cover: Network scope categories and VPN tunneling as a logical overlay network.
Why it matters: Correct scope identification guides appropriate security controls and trust boundaries.
Exam relevance: Tested as terminology differentiation and selecting the correct network type or VPN use in short scenarios.
What we cover: OSI model layers with focus on Layer 1 physical media and Layer 2 data link addressing.
Why it matters: Correct layer identification guides appropriate security controls for transmission risks and local network trust boundaries.
Exam relevance: Tested as mapping terms to layers and selecting mitigations for cable security, MAC spoofing, flooding, and ARP behavior.
What we cover: OSI Layers 3 through 7 functions and their key protocol and attack associations.
Why it matters: Layer mapping enables correct control placement and accurate identification of where traffic is addressed, transported, and interpreted.
Exam relevance: Tested as OSI-layer identification and selecting likely protocols or attacks such as IP spoofing, SYN floods, and application-layer threats.
What we cover: OSI model layer functions and where common protocols and attacks map across layers.
Why it matters: Accurate layer mapping guides correct control placement and troubleshooting boundaries between media, network, transport, and application.
Exam relevance: Tested as protocol-to-layer and attack-to-layer classification plus TCP versus UDP and common port identification.
What we cover: TCP/IP four-layer model mapping to OSI layers and where IP addressing, ports, and encapsulation occur.
Why it matters: Accurate layer identification supports correct protocol selection and consistent communication about network behavior.
Exam relevance: Tested as model comparison and layer-based troubleshooting decisions involving IP routing, TCP versus UDP, and port usage.
What we cover: IP addressing basics and port ranges including well-known, registered, and ephemeral ports.
Why it matters: Correctly distinguishing addressing layers and port usage enables accurate traffic control and protocol hardening.
Exam relevance: Tested through protocol-to-port mapping and choosing correct port ranges and secure alternatives in scenarios.
What we cover: IPv4 and IPv6 addressing types including public, private, loopback, link-local, and broadcast.
Why it matters: Correct address classification supports routing boundaries and secure network troubleshooting decisions.
Exam relevance: Tested as identifying address ranges and IPv6 traits like 128-bit hexadecimal and built-in IPsec.
What we cover: MAC addressing versus IP addressing and port numbering across IPv4 and IPv6.
Why it matters: Correctly distinguishing identifiers and routability supports secure network design and traffic control.
Exam relevance: Tested via protocol and port identification, private versus public addressing decisions, and IPv4 versus IPv6 feature comparisons.
What we cover: ARP resolution and poisoning risk, ICMP messaging for reachability and path discovery, and HTTP versus HTTPS transport security.
Why it matters: These protocols affect trust at Layer 2, network visibility, and confidentiality of web traffic.
Exam relevance: Identify ARP poisoning indicators and mitigations, interpret ping and traceroute ICMP behavior, and choose HTTP versus HTTPS by port and encryption.
What we cover: DHCP address assignment using dynamic leases versus static IPs with excluded ranges.
Why it matters: Correct IP management prevents address conflicts and ensures critical systems remain consistently reachable.
Exam relevance: Tested as protocol identification and configuration judgment, including lease behavior and avoiding dynamic pool overlap.
What we cover: Differences between UTP, STP, and fiber cabling and their susceptibility to EMI, crosstalk, and attenuation.
Why it matters: Cable type selection reduces signal interference and data exposure while maintaining reliable network transmission.
Exam relevance: Tested through choosing the correct cable or connector type and identifying EMI, crosstalk, attenuation, RJ45, and RJ11.
What we cover: Differences between copper and fiber cabling, including single-mode versus multi-mode fiber characteristics.
Why it matters: Cable type selection affects resistance to interception and electromagnetic interference exposure in physical networks.
Exam relevance: Tested as choosing the most secure medium and distinguishing fiber from copper using susceptibility and signal properties.
What we cover: LAN topology types and their fault tolerance characteristics across bus, tree, ring, star, and mesh designs.
Why it matters: Topology choice determines resilience, redundancy, and traffic behavior during link or node failures.
Exam relevance: Identify topologies from diagrams and select designs based on redundancy needs and single points of failure.
What we cover: Packet filtering versus stateful inspection firewalls and their OSI layer scope.
Why it matters: Correct firewall type selection determines traffic control granularity and default-deny enforcement at network boundaries.
Exam relevance: Tested as conceptual comparisons and scenario-based choices, including implicit deny behavior and fail-secure versus fail-safe distinctions.
What we cover: Proxy servers, application-layer firewalls, next-generation firewalls, and DMZ design as perimeter security controls.
Why it matters: These controls determine how traffic is inspected, segmented, and blocked to reduce exposure to untrusted networks.
Exam relevance: Tested as choosing the correct firewall type, inspection depth, DMZ placement, and fail-closed behavior in network scenarios.
What we cover: Wireless LAN basics and key WiFi threats including rogue access points, evil twins, and interference or jamming.
Why it matters: Wireless expands the attack surface and requires controls to preserve confidentiality, integrity, and availability.
Exam relevance: Identify WLAN terminology and choose the correct threat type and mitigation in scenario-based wireless security questions.
What we cover: Key distinctions between Bluetooth, LiFi, and Zigbee wireless technologies and their network scope categories.
Why it matters: Correctly matching wireless technology to range, medium, and exposure constraints supports appropriate security control selection.
Exam relevance: Tested as conceptual differentiation and scenario-based selection of the appropriate wireless technology and associated risks.
What we cover: Key characteristics of non-WiFi wireless networks including satellite links, cellular networks, and Bluetooth-based PAN threats.
Why it matters: Wireless technology differences drive appropriate connectivity choices and risk reduction through correct interface and exposure management.
Exam relevance: Tests conceptual differentiation of wireless types and identification of Bluetooth attack terms and basic cellular coverage tradeoffs.
What we cover: IoT and ICS components and the core security posture differences between enterprise and industrial environments.
Why it matters: Weakly managed connected devices expand attack surface and require hardening, patching, and network segmentation.
Exam relevance: Tested as conceptual distinctions and scenario-based control selection for IoT isolation and ICS terms like SCADA, PLC, DCS, RTU, DNP3.
What we cover: VLAN segmentation and VXLAN overlay extension as network isolation controls.
Why it matters: Proper segmentation limits Layer 2 broadcast scope and reduces unauthorized lateral movement.
Exam relevance: Identify VLAN tagging, trunking, and QoS for voice, and distinguish VXLAN for large-scale cloud segmentation.
What we cover: Router Layer 3 forwarding and routing table population using static, default, and dynamic routes.
Why it matters: Correct routing decisions control network reachability boundaries between internal private addressing and external public networks.
Exam relevance: Tested as device role differentiation and route type selection based on connectivity requirements and routing behavior.
What we cover: VPN encrypted tunneling, third-party connectivity governance, and NAC as a technical control enforcing access policy compliance.
Why it matters: These controls reduce exposure from remote access, vendor integration, and unmanaged endpoints through enforced trust boundaries.
Exam relevance: Tested via selecting VPN versus NAC, and identifying vendor agreement purposes for third-party access risk control.
What we cover: Software-defined networking concepts including SDN control-plane separation and SD-WAN as a WAN overlay model.
Why it matters: Centralized software control changes how segmentation, routing decisions, and security enforcement are applied across networks.
Exam relevance: Tests distinguishing SDN versus SD-WAN and selecting appropriate security controls for software-managed network architectures.
What we cover: Secure design principles for access control, layered defense, secure defaults, failure modes, and simplicity.
Why it matters: These principles reduce attack surface and limit damage by enforcing controlled access and predictable secure behavior.
Exam relevance: Tested as conceptual distinctions and best-control selection, especially least privilege, separation of duties versus dual control, and fail-open versus fail-closed.
What we cover: Zero Trust verification, Privacy by Design principles, and cloud shared responsibility across service models.
Why it matters: These guide secure architecture choices by enforcing continuous validation, default privacy, and clear control ownership.
Exam relevance: Tested through scenario selection of Zero Trust controls, privacy-by-default design principles, and IaaS/PaaS/SaaS responsibility boundaries.
What we cover: Virtualization fundamentals and how it differs from distributed computing in resource use and architecture.
Why it matters: These models change security posture through shared infrastructure, shifting trust boundaries, and configuration-driven exposure.
Exam relevance: Tested as conceptual differentiation and selecting appropriate controls for virtualized and cloud-hosted environments.
What we cover: Hypervisor types and virtualization security design controls for segmentation and host hardening.
Why it matters: Virtualization concentrates risk, so isolation and hardened control planes protect confidentiality, integrity, and availability.
Exam relevance: Identify Type 1 versus Type 2 hypervisors and choose controls for VM escape risk and resource oversubscription.
What we cover: Cloud deployment models and core cloud characteristics with shared responsibility boundaries.
Why it matters: Correctly assigning ownership of infrastructure and data controls prevents security gaps in outsourced environments.
Exam relevance: Tested as conceptual distinctions and scenario-based selection of deployment model, cloud traits, and responsibility ownership.
What we cover: Public cloud service models and shared responsibility boundaries across IaaS, PaaS, and SaaS.
Why it matters: Correctly assigning security ownership drives proper control placement and accountability in cloud deployments.
Exam relevance: Tested as choosing the right service model and identifying provider versus customer responsibilities in scenarios.
What we cover: Differences between high-performance computing clusters and edge computing placement of compute and data.
Why it matters: Architecture choices affect latency, bandwidth use, and concentration of resources that require appropriate security controls.
Exam relevance: Tested as conceptual distinctions and scenario-based selection between centralized HPC and distributed edge or CDN deployments.
What we cover: Networking and cloud security fundamentals across OSI/TCP-IP models and cloud service and deployment models.
Why it matters: Correctly classifying network layers and cloud models drives appropriate security control selection and responsibility boundaries.
Exam relevance: Tested through conceptual distinctions and scenario-based selection of protocols, devices, and cloud models.
What we cover: Domain 5 scope across data security, security operations, incident response, asset protection, and security testing.
Why it matters: It aligns operational controls to protect data, detect threats, respond to incidents, and validate security posture.
Exam relevance: Tested as domain mapping and control-category selection across operational scenarios and security posture verification.
What we cover: Data handling, storage, and retention as administrative controls governing access, backup media protection, and disposal timing.
Why it matters: These controls enforce need-to-know, preserve confidentiality across media, and align retention with legal and privacy requirements.
Exam relevance: Tested as control-category identification and best-choice selection for access logging, offsite backup storage, and retention versus destruction decisions.
What we cover: Data masking types and data disposal methods across media as data protection controls.
Why it matters: Proper masking and sanitization limit exposure during use and prevent recoverable remnants after retention ends.
Exam relevance: Tested as choosing masking versus tokenization and selecting deletion, clearing, sanitization, purging, degaussing, or destruction by media type.
What we cover: Data masking versus tokenization and administrative data handling with storage, retention, and secure media disposal.
Why it matters: These controls reduce unnecessary exposure of sensitive data across its lifecycle and limit recovery after disposal.
Exam relevance: Tested as control selection and terminology distinctions for data-in-use protection, need-to-know enforcement, backup storage requirements, and sanitization methods.
What we cover: Data classification levels and mandatory access control using labels, clearances, and need-to-know.
Why it matters: Classification drives consistent protection requirements and access decisions for sensitive information.
Exam relevance: Identify classification keywords and choose correct access control outcomes based on label versus clearance.
What we cover: Core cryptography terms and symmetric encryption fundamentals including plaintext, ciphertext, and cipher.
Why it matters: Correct terminology and key-sharing models drive appropriate control selection for confidentiality, integrity, authentication, and non-repudiation.
Exam relevance: Tested as definition-level distinctions and scenario-based choices between symmetric encryption concepts and cryptography versus cryptanalysis.
What we cover: Asymmetric cryptography key pairs for confidentiality, digital signatures, and hybrid encryption, plus quantum impact on algorithms.
Why it matters: Correct key usage enables secure key exchange, authenticity, and non-repudiation while limiting exposure from private key compromise.
Exam relevance: Tested as public versus private key direction, signature versus encryption purpose, hybrid selection, and quantum-resistant planning distinctions.
What we cover: Core cryptography concepts, including symmetric versus asymmetric use and hybrid encryption purpose.
Why it matters: Correct cryptographic selection enables confidentiality, integrity, authentication, and non-repudiation with appropriate key management.
Exam relevance: Tested through scenario-based choices of encryption type, key usage direction, and quantum impact on asymmetric algorithms.
What we cover: Hashing as a one-way cryptographic integrity control producing fixed-length digests from variable-length input.
Why it matters: Hashes detect any data alteration without enabling recovery of the original content.
Exam relevance: Identify hashing versus encryption and signatures, recognize collision risk, and select MD5 versus SHA-2/SHA-3 in questions.
What we cover: Core cryptographic attack types and their primary targets in key management and communications security.
Why it matters: Correctly identifying attack vectors drives appropriate control selection for key protection and secure authentication.
Exam relevance: Tested as conceptual distinctions and scenario-based choices between key theft, brute force, MITM, side channels, and quantum risk.
What we cover: SOC security operations and event triage prioritization using asset criticality, data sensitivity, and blast radius.
Why it matters: Triage and correlation reduce noise, so limited analyst time targets true incidents.
Exam relevance: Tested as SOC versus NOC role distinction and scenario-based alert prioritization, escalation flow, correlation, and alert fatigue tuning.
What we cover: Vulnerability scanning tools that identify known weaknesses on defined targets after hardening.
Why it matters: Targeted, approved scanning supports secure configuration validation while limiting disruption and false attack signals.
Exam relevance: Tests selecting vulnerability scanning versus other assessments, interpreting severity ratings, and applying scope and change control constraints.
What we cover: IDS versus IPS roles and network-based versus host-based placement for intrusion monitoring controls.
Why it matters: Correct control selection balances visibility, response capability, and false-positive risk across network and endpoint layers.
Exam relevance: Tested through scenario decisions choosing IDS or IPS, NIDS or HIDS, and signature versus heuristic detection tradeoffs.
What we cover: IDS/IPS types and detection engines plus alert outcomes using true or false positive or negative.
Why it matters: Correctly interpreting detections supports appropriate control tuning and reduces missed attacks or unnecessary blocking.
Exam relevance: Tested as conceptual distinctions and scenario-based selection between NIDS or HIDS, signature or behavioral, and alert classification.
What we cover: SIEM versus SOAR capabilities for centralized log and event monitoring and response automation.
Why it matters: Correctly configured monitoring controls improve detection fidelity and enable faster incident response while protecting high-privilege telemetry systems.
Exam relevance: Distinguish which tool fits a requirement for correlation and alerting versus orchestration and automated response in scenarios.
What we cover: The distinction between honeypots and honeynets as deceptive monitoring controls for attacker observation.
Why it matters: They enable attack intelligence collection while requiring strict segmentation and governance to limit liability.
Exam relevance: Identify honeypot versus honeynet and choose proper placement, isolation, and authorization in scenario questions.
What we cover: Attacker classifications by intent and authorization, including hat types and insider versus outsider threats.
Why it matters: Correctly categorizing adversaries guides appropriate preventive, detective, and corrective control selection.
Exam relevance: Tested through scenario-based identification of attacker type, team role, and likely threat source for control decisions.
What we cover: Hacktivist versus state-sponsored threats and botnet command-and-control and common virus subtypes.
Why it matters: Accurate threat classification drives appropriate defensive controls and detection expectations.
Exam relevance: Tested through terminology distinctions and selecting the correct threat type from brief behavioral indicators.
What we cover: Malware distinctions between worms, trojans, and remote access trojans plus signature-based versus heuristic detection.
Why it matters: Correctly classifying malware and detection methods drives appropriate preventive and detective control selection.
Exam relevance: Tested through scenario-based identification of malware type and choosing signature or behavioral detection limits.
What we cover: The distinction between zero-day vulnerability, zero-day exploit, and zero-day attack.
Why it matters: Unknown flaws bypass signature-based controls, requiring layered defenses and rapid patch management.
Exam relevance: Tested through terminology precision and selecting appropriate detective and preventive controls when signatures are unavailable.
What we cover: Tactical versus strategic cyber threat intelligence and core threat frameworks for modeling attacker behavior.
Why it matters: These concepts guide detection prioritization and control placement using shared intelligence and structured attack understanding.
Exam relevance: Tested as terminology distinctions and framework identification, including STIX versus TAXII and ATT&CK versus Kill Chain versus Diamond Model.
What we cover: Incident management terminology and severity classification for events, alerts, incidents, problems, non-disasters, emergencies, disasters, and catastrophes.
Why it matters: Consistent classification drives appropriate administrative response selection and root-cause focus during security operations.
Exam relevance: Tested as conceptual distinctions and scenario-based classification decisions that determine the correct response plan or recovery approach.
What we cover: Incident response lifecycle phases and core CIRT role responsibilities.
Why it matters: Clear phase sequencing and role ownership enables coordinated containment, recovery, and durable remediation.
Exam relevance: Tested as selecting the correct lifecycle phase or team function and distinguishing detection versus prevention tooling.
What we cover: Incident response phases covering containment, eradication, recovery, and continuous reporting with technical and nontechnical tracks.
Why it matters: Correct containment and evidence preservation limit spread while enabling effective remediation and coordinated organizational response.
Exam relevance: Tested as phase identification and best-action selection, including volatile memory handling and required notification and reporting escalation.
What we cover: Incident response recovery, remediation, and lessons learned with root-cause analysis as lifecycle phases.
Why it matters: These phases restore operations safely and prevent recurrence by closing systemic weaknesses and improving controls.
Exam relevance: Tested as phase identification and correct action selection, especially recovery monitoring versus remediation scope and RCA purpose.
What we cover: Incident management terms and the incident response lifecycle as defined in NIST 800-61.
Why it matters: Clear classification and lifecycle alignment drives correct response coordination and consistent containment and recovery actions.
Exam relevance: Tested as distinguishing event, alert, incident, problem, emergency, disaster, catastrophe, and mapping phases to response decisions.
What we cover: Asset and software inventory tracking with lifecycle status, plus baseline hardware hardening as a technical control.
Why it matters: Accurate inventories and hardened configurations reduce unmanaged exposure and enable timely patching and compensating controls.
Exam relevance: Tests EOL versus EOS distinctions and choosing inventory, hardening, patching, or compensating controls in scenarios.
What we cover: Configuration management as a preventive control using hardened baselines, approved tailoring, and continuous configuration monitoring.
Why it matters: It enforces least-privilege configurations and prevents undocumented drift that weakens security posture over a system lifecycle.
Exam relevance: Tests selecting baseline hardening versus tailoring and identifying when change control and configuration monitoring are required.
What we cover: Patch management as a corrective control with testing, change control, and timely deployment across all asset types.
Why it matters: It reduces known-vulnerability exposure by ensuring fixes are validated and consistently applied.
Exam relevance: Assessed through control-type classification and selecting appropriate patching and change-management actions in scenarios.
What we cover: Change management versus change control within formal change governance and the PDCA-aligned lifecycle.
Why it matters: Structured approval, testing, documentation, and monitoring reduce unintended security exposure and manage residual risk.
Exam relevance: Tested as selecting the correct governance process element and distinguishing management scope from control execution.
What we cover: Application security testing distinctions across SAST, DAST, and threat modeling using STRIDE.
Why it matters: Matching testing methods to lifecycle stage improves control selection and reduces missed vulnerability classes.
Exam relevance: Tested as choosing SAST versus DAST versus threat modeling and recognizing STRIDE threat categories.
What we cover: Domain 5 recap covering data security, security operations, incident response, asset protection, and security testing.
Why it matters: These control areas guide secure handling, monitoring, response coordination, and validation of security posture.
Exam relevance: Tested as conceptual distinctions and scenario-based selection of appropriate operational, response, and testing actions.
What we cover: Certification value as a career signal for entry-level cybersecurity roles.
Why it matters: Credentials help align hiring expectations with validated baseline security knowledge.
Exam relevance: Not directly tested; no security controls, frameworks, or scenario-based decision points map to the exam.
What we cover: A method for using practice questions to improve weak areas and answer precisely under time limits.
Why it matters: It builds accurate concept recall and disciplined decision-making instead of memorizing question patterns.
Exam relevance: It supports scenario-based selection by isolating keywords, choosing the best answer, eliminating distractors, and pacing time.
What we cover: Exam logistics and policies, including registration, test center delivery, scoring model, and unscored pretest items.
Why it matters: Understanding administrative constraints prevents compliance violations and supports proper planning for credential maintenance.
Exam relevance: Tested as policy awareness and ethics recognition, including unscored items, scaled scoring, and candidate agreement requirements.
What we cover: Computerized adaptive testing mechanics, including variable question difficulty, weighted scoring, fixed time, and no answer review.
Why it matters: Understanding adaptive scoring constraints improves time management and reduces errors from second-guessing.
Exam relevance: Appears as test-taking format knowledge requiring correct decisions about pacing, breaks, and committing answers without review.
What we cover: Testing center check-in and exam session rules for identity verification, timing, breaks, and prohibited items.
Why it matters: Following proctoring and identification controls preserves exam integrity and prevents administrative disqualification.
Exam relevance: Appears as policy-compliance knowledge where candidates must choose correct actions under exam-day constraints.
What we cover: Certification lifecycle requirements including endorsement, maintenance fees, and continuing education credits.
Why it matters: Ongoing professional ethics and continuing education sustain competence and credential validity.
Exam relevance: Tested as governance and compliance knowledge, focusing on renewal requirements and continuing education terminology distinctions.
What we cover: Post-failure retake strategy using domain proficiency feedback and disciplined question deconstruction.
Why it matters: Rapid, targeted remediation improves knowledge retention and reduces repeated errors under pressure.
Exam relevance: Tested indirectly through scenario judgment, selecting best answers, and mapping weak domains to focused review.
What we cover: Mapping a cybersecurity career goal to required skills and certifications using job postings and role pathways.
Why it matters: Clear role targets drive appropriate capability development and prevent mismatched training investments.
Exam relevance: Appears as role-based judgment of responsibilities and which security knowledge areas align to common job functions.
What we cover: Domain 1 recap covering security scope, CIA, IAAA, access control models, risk management, governance controls, privacy, and law.
Why it matters: These concepts drive correct control selection, authorization design, risk treatment, and compliant handling of sensitive data.
Exam relevance: Tested as terminology distinctions and scenario-based choices among access models, control types, risk responses, and privacy or legal obligations.
What we cover: Governance versus management roles across GRC, continuity planning, resilience controls, social engineering, and security metrics.
Why it matters: Clear role ownership and control selection align risk appetite, compliance duties, and availability requirements.
Exam relevance: Tested through scenario-based choices between governance or management actions, BCP versus DRP elements, backup or site types, and KPI versus KRI.
What we cover: Access control categories, control types, IAM provisioning, access models, and governance controls for authorization decisions.
Why it matters: Correct control selection enforces confidentiality, integrity, and availability while limiting misuse through least privilege and oversight.
Exam relevance: Tested via scenario-based identification of control category, access model, security model keywords, and appropriate administrative safeguards.
What we cover: Core networking concepts and security controls across OSI layers, addressing, segmentation, wireless, and cloud models.
Why it matters: Correctly mapping traffic and threats to layers enables appropriate protocol, firewall, and isolation control selection.
Exam relevance: Tested via scenario-based identification of layers, ports, protocols, attacks, and choosing controls like VPN, VLAN, DMZ, NAC, and zero trust.
What we cover: Domain 5 operations and incident response concepts including data governance, cryptography, monitoring, and change control.
Why it matters: These controls enable secure handling, detection, response, and lifecycle management across systems and data.
Exam relevance: Tested as scenario-based selection between controls, roles, processes, and crypto methods, plus key term distinctions.
** 100% UPDATED for the 2026 CC Exam! **
Welcome, I am Thor Pedersen, and I am here to help you get that critical entry-level Cybersecurity knowledge, so you can get your first job in Cybersecurity and/or pass your Certified in Cybersecurity (CC) certification by ISC2.
Join the over 80,000 students enrolled in my Certified in Cybersecurity (CC) courses.
My courses on Udemy have over 760,000 enrollments from 209 countries, and my courses Certified in Cybersecurity (CC), CISSP, PMP, and CISM are the “Best Selling” and “Highest Rated”.
Why should you buy this course?
Getting into Cybersecurity and (if you want) earning your Certified in Cybersecurity Certification (CC) by ISC2 RIGHT now is a very smart career move.
You could make an awesome salary:
Certified Cybersecurity professionals in North America make an average salary of USD99,000.
Entry-Level Cybersecurity Analysts earn on average USD82,000 in the US.
Worldwide certified individuals earn on average USD91,000, where their non-certified colleagues earn less than USD60,000 a year.
There are a ton of open job:
There is a global gap in the Cyber security workforce of over 2.7 million open jobs we can't fill.
514,000 of those jobs are in the US. There is 0% unemployment in Cybersecurity.
35% of ALL Cyber security jobs are unfilled, there are simply not enough Cybersecurity professionals to hire.
Cyber security job growth is expected to be 33% in the next 10 years, the average for all occupations is 7.7%.
Very high job satisfaction:
77% of Cybersecurity professionals reported they are satisfied or extremely satisfied with their jobs, with Gen Z/Millennials experiencing the highest satisfaction rate at 79%.
“Information Security Analyst” is the #1 job in the "U.S. News & World Report 2022 Best Jobs" list. The list ranks the 100 best jobs across 17 sectors including business, healthcare, and technology, taking into account factors such as growth potential, salary and work-life balance.
A TON of directions you can expand your career:
Cybersecurity is such a vast field, you can specialize in what sounds exciting to you and you can work in almost any sector. They all need Cybersecurity professionals. You get to work in an amazing meaningful field.
I think my courses are fantastic, but don't just take my word for it. Here's what some of my other students have to say about them:
I passed my exam as of yesterday. Thanks so much for all the information. The way the course taught me how this test was going to ask me questions was so accurate. Thanks so much! (Katie,★★★★★).
Used this course to prepare for the exam and passed first time. So far the best instructor I have found on this platform. (Annette, ★★★★★).
Thanks Thor, this was excellent-keep up the great work! I passed on my first attempt after going through the course , this also helped in studying and passing Comptia Security+ because some of the concept I already got from studying for Certified in Cybersecurity. (Rosanne, ★★★★★).
I passed my exam yesterday, I must say this course helped me a lot! it was my second attempt. I bought this course after I failed on my first attempt. THOR is a great teacher, with lots of techniques and insights during the lessons. this course is very easy to understand. Don't think twice go for it. The secret in life is not to give up! (Patricia, ★★★★★).
Join our community of successful students and reach your certification goals!
When you buy this course you get all this:
19 hours of Entry-level Cybersecurity videos.
124-page PDF Certified in Cybersecurity (CC) study guides: Detailed guides made from our lectures.
36-page PDF Certified in Cybersecurity (CC) Quick Sheets: For your review sessions.
1-page PDF Certified in Cybersecurity (CC) Mnemonics: Memory aids to help you remember key concepts.
24 CC Mind Maps - Detailed Mind Maps covering all Domains and Major topics.
260+ Certified in Cybersecurity (CC) practice questions: 60+ chapter completion questions and 2x 100 question practice tests.
700+ website links: Additional resources for you to delve deeper into entry-level Cybersecurity.
Subtitles in multiple languages: English, Spanish (Latin America), Portuguese (Brazil), French, Arabic, Japanese, Chinese, and Hindi.
An automatic certificate of completion: To hang on your wall, use for your resume, or for CEUs/PDUs. (19 CEUs)
30-day money-back guarantee: No questions asked.
Lifetime Access to the course and all future updates.
Offline video viewing: Available on the Udemy mobile apps.
In Domain 1: Security Principles we cover:
1.1 – Understand cybersecurity concepts
1.2 – Understand risk management concepts
1.3 – Understand governance concepts
1.4 – Understand cybersecurity controls
1.5 – Maintain professional and ethical conduct
In Domain 2: Security Governance we cover:
2.1 – Plan Governance, Risk, and Compliance (GRC)
2.2 – Understand redundancy
2.3 – Understand security awareness
2.4 – Measure cybersecurity effectiveness
In Domain 3: Identity And Access Management (IAM) Concepts we cover:
3.1 – Understand identity life cycle management
3.2 – Understand logical access controls
In Domain 4: Networking and Cloud Security Concepts we cover:
4.1 – Understand network security
4.2 – Understand network security architecture
4.3 – Understand cloud security
In Domain 5: Security Operations and Incident Response we cover:
5.1 – Understand data security
5.2 – Understand security operations
5.3 – Understand Incident Response (IR)
5.4 – Understand asset protection
5.5 – Understand security testing
We continue to update our courses to make sure you have the latest and most effective study materials:
2026: Full 2026 update. 5 new videos, 12 updated videos, new practice questions, links, study guides, quick sheets, and much more.
2025: Added 24 CC Mind Maps. Updated practice questions and tests. Updated the exam day videos to reflect the new CAT (Computerized Adaptive Testing) format starting October 1st, 2025.
2024: Added subtitles in Japanese and Portuguese (Brazil).
2023: Added updates/new videos: Scheduling your exam and what to expect, What to expect on exam day and after, I passed the exam, now what?, Domain 5 recap, Domain 2 recap, How to approach certification studying, Why you should want to get Certified in Cybersecurity. Added subtitles in Spanish (Latin America), French, Arabic, Chinese, and Hindi.
2022: Course release for the completely new CC – Certified in Cybersecurity certification from ISC2.
Start Your Certification Journey Today!
Join thousands of successful professionals who have transformed their careers with ThorTeaches. Let me guide you to Certified in Cybersecurity (CC) certification success.
Enroll now and let's achieve your certification goals together!
Thor Pedersen