100-160 Questions and Answers

TheCCST Cybersecurity Study Guideemphasizes that backups should be stored off-site or in the cloud to ensure recovery even if the primary location is damaged or compromised.

"A comprehensive disaster recovery plan includes performing regular backups and ensuring copies are stored in locations not subject to the same physical risks as the primary site. Off-site storage and cloud-based backups provide resilience against local disasters."

(CCST Cybersecurity,Essential Security Principles, Backup and Disaster Recovery section, Cisco Networking Academy)

Ais correct: Off-site removable media ensures recovery even if the main site is destroyed.

Bis incorrect: Local-only backups are vulnerable to the same risks as production systems.

Cis correct: Cloud services provide geographically separate storage with automated redundancy.

Dis incorrect: RAID is for hardware fault tolerance, not a complete backup solution.

TheCCST Cybersecurity Study Guidehighlights thatSSH (Secure Shell)provides encrypted communication for secure remote access and file transfer (using SCP or SFTP) over unsecured networks. This ensures confidentiality and integrity of the files in transit.

"SSH encrypts all data exchanged between client and server, protecting credentials and file contents from interception. It is the preferred protocol for secure device management and file transfers across untrusted networks."

(CCST Cybersecurity,Basic Network Security Concepts, Secure Remote Management section, Cisco Networking Academy)

A(Telnet) transmits data in plaintext.

B(HTTP) is unencrypted web traffic.

C(TFTP) is a simple, insecure file transfer protocol without encryption.

Dis correct: SSH secures configuration file transfers across insecure networks.

TheCCST Cybersecurity Study Guideexplains thatSOAR (Security Orchestration, Automation, and Response)platforms integrate data from multiple tools and sources, support case management, and automate security workflows for faster incident response.

"SOAR solutions provide orchestration, automation, and response capabilities. They collect security data from multiple systems, enable analysts to manage incidents, and automate repetitive tasks in the response process."

(CCST Cybersecurity,Incident Handling, Security Automation Tools section, Cisco Networking Academy)

A(SIEM) collects and correlates security logs but lacks full orchestration and automated response capabilities.

Bis correct: SOAR adds orchestration, case management, and automated incident response.

C(NextGen IPS) focuses on intrusion prevention, not orchestration.

D(Snort) is an open-source intrusion detection/prevention tool, not an orchestration platform.

TheCCST Cybersecuritycourse teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers.

"Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Analyzing and Responding to Scan Results section, Cisco Networking Academy)

Encrypted passwords (A)are good practice, not a vulnerability.

Disabled firewalls (B)leave systems defenseless against incoming attacks.

Open ports (C)can be exploited if the services they expose are vulnerable or misconfigured.

SSH packets (D)are normal in secure remote administration and are not inherently a vulnerability.

TheCCST Cybersecuritycourse highlights that signs of brute-force attacks followed by successful access requireimmediate account security actionsand an investigation to determine if other systems were accessed.

"When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise."

(CCST Cybersecurity,Incident Handling, Account Compromise Response section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedefines common attacker types:

Cyber criminal–

"An individual or group engaging in illegal activities for financial gain, such as selling stolen data or running spam campaigns."

State-sponsored attacker–

"Operates with the support or direction of a nation-state, often for espionage or political objectives."

Insider threat–

"A person within the organization, such as an employee or contractor, who misuses access to cause harm or steal data."

Hacktivist–

"Uses hacking techniques to promote political, social, or ideological causes."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideoutlines common motivations for cyberattacks, which include:

Financial gain

Revenge or personal grievance(e.g., disgruntled employees)

Ideological or political purposes(hacktivism)

Espionage and intelligence gathering

"Cyberattack motivations range from financial and competitive advantage to personal vendettas and advancing political or social causes. Disgruntled insiders may misuse access privileges to harm an organization, while hacktivists target systems to promote social or political messages."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Motivations section, Cisco Networking Academy)

Beingdisgruntled at work→ common insider threat motivation (True)

Wanting toprotect personal data→ defensive action, not a reason to commit an attack (False)

Wanting toadvance a social agenda→ hacktivist motivation (True)

TheCCST Cybersecurity Study Guideexplains thatCVSS (Common Vulnerability Scoring System)is a standardized method for rating the severity of software vulnerabilities. It considers exploitability, impact, and environmental factors.

"The Common Vulnerability Scoring System (CVSS) provides a numerical score that reflects the severity of a vulnerability, enabling prioritization of remediation efforts."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Scoring section, Cisco Networking Academy)

TheCCST Cybersecuritycourse states that anIntrusion Detection System (IDS)passively monitors network or system traffic and analyzes it against a database of known threat signatures or behavioral patterns.

"IDS devices inspect network traffic, compare it to known malicious signatures or anomalies, and generate alerts for suspicious activity without actively blocking traffic."

(CCST Cybersecurity,Basic Network Security Concepts, IDS and IPS section, Cisco Networking Academy)

Ais correct: IDS is passive and signature-based.

B(IPS) is active and can block traffic.

C(Proxy Server) handles requests between clients and servers.

D(Honeypot) is a decoy system to attract attackers.

TheCCST Cybersecurity Study Guidespecifies thatAES (Advanced Encryption Standard)is the encryption method used in modern WiFi security protocols like WPA2 and WPA3.

"WPA2 and WPA3 use the Advanced Encryption Standard (AES) for securing wireless traffic. AES provides strong symmetric encryption, replacing outdated methods like WEP and TKIP."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security section, Cisco Networking Academy)

A(DES) is outdated and insecure.

B(Triple DES) is older and slower, rarely used in WiFi.

Cis correct: AES is the industry standard for WiFi security.

D(RSA) is asymmetric encryption used in key exchange, not bulk WiFi encryption.