Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Newcomer I

Failed my CC exam today.

I recently experienced disappointment as I did not perform well in my CC exam. It's disheartening to realize that the questions, although seemingly straightforward, were not adequately covered in the provided study guide. This situation has led me to question whether this is a deliberate strategy to encourage candidates to pay for the exam.

Despite approaching the exam with confidence and thoroughly understanding the chapters, I was taken aback by the unfamiliarity of the majority of the questions. This has left me feeling both sad and confused. In light of this, I am considering rescheduling the exam.

To better prepare for the future, I am seeking advice. Your guidance would be greatly appreciated in helping me navigate this challenging situation.

17 Replies
Newcomer II

Sad but true. Digesting such news as an applicant is difficult.


Apart from reading book(s),

  1. Did you try quizzes to learn the question pattern?
  2. Did you go through any videos?
    These would give insight to the applicant and a certain degree of confidence before the exam. 

After the exam, did you ponder on why, how, and what went wrong? (Introspection would help in the next attempt.)


I had used the following:

  1. A course from Manny and Tasha.
  2. A course from Mike Chapple.
    (The above two should help know the context of the concepts and  develop an applicative mindset.)
  3. Official ISC2 eTextbook 1st Edition.
    (This should provide theoretical knowledge. It shows how organizations build cyber security.)
  4. Pre-assessments or quizzes.
    (This should help know the preparedness and scenarios to apply the acquired knowledge.)
  5. Glossary on ISC2.
    (This is a ready reckoner for reviewing the titles on or before the exam day.)
Newcomer I

Thanks for your response. I did all these except course from Manny and Tasha. 

I just kept wondering where I got it wrong. Also we not knowing our score too isn’t a good option for me. 

Newcomer II

Accept the reality of how the exam is conducted and the results are given out. Maybe these are the distinct features why certain institutions/organizations have them.


Though questions may not apply to CC, spend time viewing Andrew Ramdayal's video on YouTube about 50 questions for CISSP and the mindset.


When preparing or writing the exam, reflect on the practices an organization inculcates in cybersecurity. It is virtually applying the theory in practice.

Newcomer II

Sorry to hear that.


These resources helped me to pass the exam on my first try:

The ISC2 CC assessment & flash cards

Introduction to Computer Networks for Non-Techies (Udemy course)
11th Hour CISSP (book)
Jason Dion's Security+ (SC0-601) Udemy course

Thor Pedersen's practice exams that accompany his CC course on Udemy

(By the way, no, I didn't study all of these materials solely to pass the CC exam but rather to learn about computer networks and prepare myself for a career in IT security given that I have no prior experience in IT.)

Good luck on your next attempt!

Viewer II

I also recently failed my first attempt, so I can agree with your view. The practice questions

given on the ISC2 self paced course is NOT enough to the exam.


Just curious, but other than using the self paced course, what other Cybersecurity experience do you have?

So sorry about that Stan.
I passed mine although I have passed CompTIA Security+ before hand.
I used the self pace training from ISC2, Dr Messer Security+ on YouTube, and these Study set flashcard.



Viewer III

Hi Stan, 


First back up and think of that exam as a first attempt. Sometimes the language of some of these test questions is somewhat confusing. Read all the questions very carefully and narrow the answers down to two. I then may be presented with two correct options. However, one is more correct than the other. That method of tackling questions has helped me. I teach this stuff and I saw several questions with multiple right answers but one shone above the others. 


Good luck with your next attempt, you will ace it.

Newcomer II

I successfully passed my CC and CCSP on the first attempt. Drawing from my knowledge, understanding, and conversations with individuals who didn't succeed, I'd like to share some insights:

Let's consider an example:
Imagine a data center with 1 exit point and 15 entry points; which is the risk, entry points, or the exit point?
If approached from a technical standpoint, one might argue that the 15 entry points pose a risk due to the complexity of securing them. However, the best answer (in this scenario) is that the single exit point is the risk, as in the event of a fire, human lives could be jeopardized with only one exit.

Many of us, myself included, hail from technical backgrounds, often tackling challenging questions using our technical expertise rather than a managerial perspective.


The objective is not to recommend the ultimate technology capable of preventing any attack, but rather to strike a delicate balance between the business's risk tolerance and security solutions. You can't put a $100 collar on a $5 puppy.

Therefore, here are some points for you to ponder before responding to tricky questions:

Human safety is the top priority!
Behave ethically.
Ensure business continuity (Business should not fail).
Maximize corporate profits.
Avoid or minimize threats.
All controls must be cost-justified.
Senior management must drive the security program (Business proposals, positive ROI).
Security professionals typically have no decision-making authority.
Conduct a Business Impact Analysis (BIA) before making major changes to the infrastructure (e.g., transitioning to the cloud).
Note: This isn't an official ISC2 version; it's based on my hypothesis.