100-160 Cisco Certified Support Technician (CCST) Cybersecurity Questions and Answers

TheCCST Cybersecuritystudy material definesInformation Assurance (IA)as the practice of managing information-related risks to ensure data availability, integrity, confidentiality, authentication, and non-repudiation. It specifically applies to sensitive information like PII (Personally Identifiable Information).

"Information assurance involves the protection and validation of data so that it remains accurate, confidential, and available only to authorized users. IA ensures the trustworthiness of information, particularly when handling sensitive or regulated data such as PII."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Information Assurance section, Cisco Networking Academy)

A(Risk framing) is part of risk management planning but does not verify data integrity and confidentiality directly.

B(Cyber Kill Chain) is an attack lifecycle model.

C(Workflow management) is about process efficiency, not data protection.

Dis correct: Information Assurance addresses the availability, accuracy, and confidentiality of sensitive data.

TheCCST Cybersecurity Study Guideexplains that aBYOD policy(Bring Your Own Device) should outline security requirements for personally owned devices connecting to the corporate network. Common requirements include:

Device encryptionfor stored sensitive corporate data.

Strong password or PINconfiguration for device access.

Restriction to secure and approved applicationsto reduce malware risk.

"BYOD policies typically mandate strong authentication, encryption of sensitive corporate data on personal devices, and installation of secure or approved applications. The goal is to protect corporate information while respecting personal ownership of the device."

(CCST Cybersecurity,Endpoint Security Concepts, BYOD Security section, Cisco Networking Academy)

Ais incorrect: BYOD policies do not require deletion of personal data unless wiping after separation.

Bis not a common requirement due to privacy and technical limitations.

E(upgrading data plans) is unrelated to security.

According to theCisco Certified Support Technician (CCST) Cybersecurity Study Guide, a honeypot is asecurity mechanism that appears to be a legitimate system or resource but is intentionally made vulnerable to attract attackers. Its purpose is not to serve legitimate users but to detect, study, and sometimes divert malicious activity.

"A honeypot is a decoy system or service designed to attract and engage attackers. By simulating a target of interest, it allows security teams to monitor attack methods, collect intelligence, and sometimes divert threats away from production systems. Honeypots do not prevent attacks but help in identifying them and understanding adversary tactics."

(CCST Cybersecurity,Basic Network Security Concepts, Honeypots and Honey Nets section, Cisco Networking Academy)

In this context:

Option Adescribes an IDS (Intrusion Detection System), not a honeypot.

Option Crefers to aDMZ (Demilitarized Zone), not a honeypot.

Option Ddescribes an IPS (Intrusion Prevention System).

Option Bcorrectly identifies a honeypot’s role as adecoyto divert or engage attackers.

According to theCCST Cybersecurity Study Guide, firmware updates are a critical security maintenance task because vulnerabilities in firmware can be exploited by attackers to gain persistent control over hardware.

"Keeping firmware up to date is necessary to patch security vulnerabilities and weaknesses that could be exploited by threat actors. Vendors release firmware updates to correct security flaws, enhance stability, and ensure compatibility with updated security protocols."

(CCST Cybersecurity,Endpoint Security Concepts, System and Firmware Maintenance section, Cisco Networking Academy)

Ais partially true but not the primary security reason for updates.

Bis incorrect because firmware is not part of the OS kernel; it’s embedded in the hardware.

Cis correct: patching vulnerabilities in firmware is essential for endpoint protection.

Dmay occur as a side benefit, but it’s not the main reason from a cybersecurity perspective.

TheCCST Cybersecurity Study Guidestates that after confirming a vulnerability is relevant and critical, the next step is to apply available patches or mitigations as soon as possible to reduce the attack surface.

"When a critical vulnerability is identified, remediation steps such as applying patches or configuration changes should be implemented immediately to prevent exploitation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Remediation section, Cisco Networking Academy)

TheCCST Cybersecuritycourse explains that MAC address filtering is a network access control method that allows only approved device hardware addresses to connect. While not foolproof against spoofing, it can block a specific device from reconnecting to a small home network.

"MAC address filtering restricts network access to devices whose unique hardware addresses are explicitly allowed. This can be used to block known unauthorized devices from reconnecting."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security Controls section, Cisco Networking Academy)

Ais incorrect: IP ACLs are better for controlling traffic types, not blocking specific devices at the router level.

Bis correct: It prevents the device’s hardware address from reconnecting.

Cis temporary since the host can get a new IP via DHCP.

Dmay hide the network but will not stop a determined attacker who can still detect it.

TheCCST Cybersecuritycourse states that anIntrusion Detection System (IDS)passively monitors network or system traffic and analyzes it against a database of known threat signatures or behavioral patterns.

"IDS devices inspect network traffic, compare it to known malicious signatures or anomalies, and generate alerts for suspicious activity without actively blocking traffic."

(CCST Cybersecurity,Basic Network Security Concepts, IDS and IPS section, Cisco Networking Academy)

Ais correct: IDS is passive and signature-based.

B(IPS) is active and can block traffic.

C(Proxy Server) handles requests between clients and servers.

D(Honeypot) is a decoy system to attract attackers.

TheCCST Cybersecurity Study GuideidentifiesSYN flood attacksas a type ofDenial of Service (DoS)attack that exploits the TCP three-way handshake. Attackers send many SYN requests without completing the handshake, leaving the server with numerous half-open connections and exhausting resources.

"A TCP SYN flood attack overwhelms a target server by initiating a high volume of TCP connections but never completing the handshake, resulting in numerous half-open connections that consume system resources and can render the service unavailable."

(CCST Cybersecurity,Incident Handling, Denial-of-Service Attacks section, Cisco Networking Academy)

Ais correct: The proper action is to stop the SYN flood, often using firewalls, intrusion prevention systems, or SYN cookies.

B(switching to HTTPS) does not address the flooding issue.

Cis incorrect because the excessive number of half-open connections indicates an attack, not normal operation.

D(flushing DNS cache) is unrelated to this type of attack.

TheCCST Cybersecuritycourse highlights that signs of brute-force attacks followed by successful access requireimmediate account security actionsand an investigation to determine if other systems were accessed.

"When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise."

(CCST Cybersecurity,Incident Handling, Account Compromise Response section, Cisco Networking Academy)

TheCCST Cybersecuritycourse teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers.

"Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Analyzing and Responding to Scan Results section, Cisco Networking Academy)

Encrypted passwords (A)are good practice, not a vulnerability.

Disabled firewalls (B)leave systems defenseless against incoming attacks.

Open ports (C)can be exploited if the services they expose are vulnerable or misconfigured.

SSH packets (D)are normal in secure remote administration and are not inherently a vulnerability.

According to theCCST Cybersecuritycourse, Windows Event Viewer’sSecurity logsrecord authentication-related events that can help identify password-guessing attempts (also known as brute force attacks).

"The Account logon failure event indicates that an authentication attempt has failed, which may suggest incorrect credentials were used. Multiple such events in a short time frame can indicate a brute-force attack. The Account lockout success event confirms that an account has been locked due to repeated failed logon attempts, which further supports the suspicion of password-guessing attacks."

(CCST Cybersecurity,Incident Handling, Monitoring and Analyzing Security Events section, Cisco Networking Academy)

Object access failurerelates to unauthorized attempts to open or modify files, not login attempts.

Account logon failure (B)shows failed login attempts due to invalid credentials.

Account lockout success (C)confirms that repeated login failures have triggered a lockout.

Account logoff successis a normal event and does not indicate malicious activity.

TheCCST Cybersecuritymaterial states that aVirtual Private Network (VPN)provides secure communication over an untrusted network, typically by ensuring:

Authentication→ verifying the identity of the user/device

Confidentiality→ encrypting the data so it cannot be read by unauthorized parties

Integrity→ ensuring that transmitted data has not been altered in transit

"VPNs secure remote access by authenticating users, encrypting data for confidentiality, and ensuring integrity through cryptographic checks."

(CCST Cybersecurity,Basic Network Security Concepts, VPNs section, Cisco Networking Academy)

Ais incorrect: WAN management is a network administration function, not a VPN feature.

Bis incorrect: Authorization is related but not a primary VPN security function.

Cis correct: Integrity is preserved through cryptographic hashing.

Dis correct: Authentication verifies user identity.

Eis correct: Confidentiality is provided via encryption.

Fis incorrect: Password management is separate from VPN functions.