Cisco 100-160 Cisco Certified Support Technician (CCST) Cybersecurity Exam Practice Test

TheCCST Cybersecurity Study Guideexplains thatCVSS (Common Vulnerability Scoring System)is a standardized method for rating the severity of software vulnerabilities. It considers exploitability, impact, and environmental factors.

"The Common Vulnerability Scoring System (CVSS) provides a numerical score that reflects the severity of a vulnerability, enabling prioritization of remediation efforts."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Scoring section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedescribes the CIA Triad as the foundational model for information security:

Confidentiality

"Confidentiality ensures that sensitive information is accessed only by authorized individuals and is protected from unauthorized disclosure."

Integrity

"Integrity ensures that data remains accurate, complete, and unaltered except by authorized processes or users."

Availability

"Availability ensures that information and systems are accessible to authorized users when needed."

(CCST Cybersecurity,Essential Security Principles, CIA Triad section, Cisco Networking Academy)

TheCCST Cybersecuritycourse notes that isolation is a key part of thecontainment phaseof incident response. The goal is to prevent the compromised system from communicating with the attacker or spreading malware, while preserving it for analysis.

"Containment often involves removing an affected system from the production network and connecting it to a controlled forensic environment to preserve evidence and prevent further compromise."

(CCST Cybersecurity,Incident Handling, Containment Procedures section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideexplains that HTTP (port 80) transmits data in cleartext, making it susceptible to interception. Even if data is stored securely in an encrypted database, sensitive information can be compromised during transmission if HTTPS (port 443) is not used.

"When HTTP is used instead of HTTPS, all form inputs and transmitted data are sent in plaintext over the network, where they can be intercepted by attackers."

(CCST Cybersecurity,Basic Network Security Concepts, Secure Protocols section, Cisco Networking Academy)

TheCCST Cybersecuritycourse describes that risk scoring for vulnerabilities often involveslikelihoodandimpact— similar to the CVSS (Common Vulnerability Scoring System) model.

"When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Risk Assessment and Prioritization section, Cisco Networking Academy)

Ais correct: Likelihood is a fundamental part of severity assessment.

Bis correct: Impact determines how damaging an exploit would be.

Cis incorrect: Time to choose replacement software is an operational consideration, not a severity metric.

Dis incorrect: Hardware age may influence performance but does not directly define vulnerability severity.

TheCCST Cybersecurity Study Guidedescribes theDiamond Model of Intrusion Analysisas a framework to map the relationships between four core features of an intrusion:

Adversary– The threat actor or group conducting the attack.

Example: Ransomware Group

Capability– The tools, techniques, or malware the adversary uses.

Example: Phishing Email, Malware

Infrastructure– The physical or logical communication and delivery systems the adversary uses.

Example: Email Server, Domain Name

Victim– The target of the attack, such as systems, organizations, or individuals.

Example: Customer and Product Databases

"The Diamond Model helps analysts connect the attacker, the tools they use, the infrastructure supporting the attack, and the victim, providing a holistic view of the intrusion event."

(CCST Cybersecurity,Incident Handling, Threat Modeling section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedescribes aman-in-the-middle (MITM)attack as an attack where the adversary secretly intercepts and possibly alters communications between two parties, making them believe they are communicating directly. A rogue AP configured to pass traffic through itself before sending it on is a classic wireless MITM method.

"In a MITM attack, the attacker places themselves between the sender and receiver, intercepting and possibly altering data in transit. Rogue access points can facilitate MITM attacks in wireless environments."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Threats section, Cisco Networking Academy)

Ais incorrect: Reconnaissance is information gathering, not active interception.

Bis correct: This is a wireless MITM attack.

Cis incorrect: DDoS aims to overwhelm a service, not intercept data.

Dis incorrect: Ransomware encrypts data for extortion.

TheCCST Cybersecurity Study Guideexplains that aninsider threatis any threat to an organization that comes from people within the organization—employees, contractors, or business partners—who have inside information concerning the organization's security practices, data, and systems. Insider threats may be intentional or unintentional.

"An insider threat can be malicious or accidental. Employees may unintentionally cause data breaches by mishandling sensitive information, such as sending it to the wrong recipient."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)

A(Logic bomb) is malicious code triggered by conditions.

B(Malware) is malicious software, unrelated to accidental email leaks.

C(Phishing) is an external social engineering attack.

Dis correct: This is anunintentional insider threat.

TheCCST Cybersecuritycourse teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers.

"Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Analyzing and Responding to Scan Results section, Cisco Networking Academy)

Encrypted passwords (A)are good practice, not a vulnerability.

Disabled firewalls (B)leave systems defenseless against incoming attacks.

Open ports (C)can be exploited if the services they expose are vulnerable or misconfigured.

SSH packets (D)are normal in secure remote administration and are not inherently a vulnerability.

TheCCST Cybersecurity Study GuidehighlightsFileVaultas the macOS full-disk encryption tool.

"FileVault is macOS’s built-in full-disk encryption feature. It encrypts the contents of the entire startup disk to help prevent unauthorized access to the information stored on the drive, even if the device is lost or stolen."

(CCST Cybersecurity,Endpoint Security Concepts, Disk Encryption section, Cisco Networking Academy)

Ais correct: FileVault provides complete volume encryption.

B(Gatekeeper) controls app installation by verifying code signatures.

C(System Integrity Protection) protects system files from modification.

D(XProtect) is macOS’s built-in malware detection system.

TheCCST Cybersecuritycourse identifiesWindows PowerShellas both a command-line interface (CLI) and a robust scripting environment. It is used by system administrators for automation, configuration, and task scheduling.

"PowerShell is a Windows command-line shell and scripting language built on the .NET framework. It allows administrators to automate administrative tasks, manage system configurations, and execute complex scripts for system management."

(CCST Cybersecurity,Endpoint Security Concepts, System Administration Tools section, Cisco Networking Academy)

Ais correct: PowerShell provides both interactive command execution and scripting capabilities.

B(MMC) is a GUI-based management console, not a CLI.

C(Vim) is a text editor, not a Windows-native CLI.

D(MS-DOS) is a legacy command shell with no advanced scripting features comparable to PowerShell.

TheCCST Cybersecurity Study Guide(based on the NIST Incident Response Lifecycle) outlines four phases:

Preparation–

"Develop and maintain an incident response capability to ensure organizational readiness. This includes tools, training, and security controls."

Detection and Analysis–

"Identify potential security incidents through monitoring, alerts, and analysis. Confirm whether suspicious activity is legitimate and assess the scope of the incident."

Containment, Eradication, and Recovery–

"Limit the impact of the incident, remove the threat, and restore systems to normal operation."

Post-Incident Activity–

"Document and review the incident to determine the root cause, evaluate response effectiveness, and implement measures to prevent recurrence."

(CCST Cybersecurity,Incident Handling, Incident Response Lifecycle section, Cisco Networking Academy)

According to theCCST Cybersecuritycourse, anti-malware solutions withreal-time protectionscan files as they are downloaded or opened, blocking malicious code before it runs.

"Real-time protection automatically inspects files, applications, and scripts as they are accessed or downloaded, preventing execution of malicious code."

(CCST Cybersecurity,Endpoint Security Concepts, Malware Protection section, Cisco Networking Academy)

TheCCST Cybersecuritymaterial describes that the first step after receiving a new CVE notification is toreview its details—such as affected systems, severity, and exploitability—to determine if it is relevant to your organization.

"Upon learning of a new CVE, security teams should analyze the vulnerability description, affected products, and CVSS score to determine applicability and urgency of mitigation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Prioritization section, Cisco Networking Academy)

Ais correct: Confirming applicability avoids unnecessary remediation for irrelevant vulnerabilities.

Bis done after confirming applicability.

C(disaster recovery plan) is unrelated to immediate CVE handling.

D(adding to firewall rules) is premature without confirming impact.

TheCCST Cybersecurity Study Guideexplains thatSOAR (Security Orchestration, Automation, and Response)platforms integrate data from multiple tools and sources, support case management, and automate security workflows for faster incident response.

"SOAR solutions provide orchestration, automation, and response capabilities. They collect security data from multiple systems, enable analysts to manage incidents, and automate repetitive tasks in the response process."

(CCST Cybersecurity,Incident Handling, Security Automation Tools section, Cisco Networking Academy)

A(SIEM) collects and correlates security logs but lacks full orchestration and automated response capabilities.

Bis correct: SOAR adds orchestration, case management, and automated incident response.

C(NextGen IPS) focuses on intrusion prevention, not orchestration.

D(Snort) is an open-source intrusion detection/prevention tool, not an orchestration platform.