Cisco Certified Support Technician (CCST) Cybersecurity 100-160 CCST Cybersecurity Exam Questions

Answer : B

The CCST Cybersecurity course explains that MAC address filtering is a network access control method that allows only approved device hardware addresses to connect. While not foolproof against spoofing, it can block a specific device from reconnecting to a small home network.

'MAC address filtering restricts network access to devices whose unique hardware addresses are explicitly allowed. This can be used to block known unauthorized devices from reconnecting.'

(CCST Cybersecurity, Basic Network Security Concepts, Wireless Security Controls section, Cisco Networking Academy)

A is incorrect: IP ACLs are better for controlling traffic types, not blocking specific devices at the router level.

B is correct: It prevents the device's hardware address from reconnecting.

C is temporary since the host can get a new IP via DHCP.

D may hide the network but will not stop a determined attacker who can still detect it.

Answer : B

The CCST Cybersecurity Study Guide explains that SOAR (Security Orchestration, Automation, and Response) platforms integrate data from multiple tools and sources, support case management, and automate security workflows for faster incident response.

'SOAR solutions provide orchestration, automation, and response capabilities. They collect security data from multiple systems, enable analysts to manage incidents, and automate repetitive tasks in the response process.'

(CCST Cybersecurity, Incident Handling, Security Automation Tools section, Cisco Networking Academy)

A (SIEM) collects and correlates security logs but lacks full orchestration and automated response capabilities.

B is correct: SOAR adds orchestration, case management, and automated incident response.

C (NextGen IPS) focuses on intrusion prevention, not orchestration.

D (Snort) is an open-source intrusion detection/prevention tool, not an orchestration platform.

Answer : C

The CCST Cybersecurity Study Guide states that vulnerability scanning is an automated process used to identify known security weaknesses in systems, software, and network devices. These scans compare system configurations and software versions against databases of known vulnerabilities, such as the Common Vulnerabilities and Exposures (CVE) list.

'A vulnerability scan is an automated test that checks systems and networks for known weaknesses by matching them against a database of vulnerabilities such as CVEs. This allows administrators to identify exploitable conditions before they are leveraged by attackers.'

(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Vulnerability Scanning section, Cisco Networking Academy)

A is asset discovery, not vulnerability scanning.

B may be part of remediation planning but is not the primary purpose.

C is correct: Scans detect if systems have vulnerabilities associated with CVEs.

D describes SIEM (Security Information and Event Management) log correlation, not vulnerability scanning.

Answer : C

The CCST Cybersecurity Study Guide explains that HTTP (port 80) transmits data in cleartext, making it susceptible to interception. Even if data is stored securely in an encrypted database, sensitive information can be compromised during transmission if HTTPS (port 443) is not used.

'When HTTP is used instead of HTTPS, all form inputs and transmitted data are sent in plaintext over the network, where they can be intercepted by attackers.'

(CCST Cybersecurity, Basic Network Security Concepts, Secure Protocols section, Cisco Networking Academy)

Answer : C

The CCST Cybersecurity Study Guide explains that sandboxing is a security technique that executes suspicious programs in a controlled and isolated environment, preventing them from affecting production systems while enabling behavior analysis.

'Sandboxing isolates a suspected application in a secure, controlled environment where it can be executed and analyzed without risking damage to the host system or network.'

(CCST Cybersecurity, Endpoint Security Concepts, Malware Analysis Techniques section, Cisco Networking Academy)

Answer : D

The CCST Cybersecurity Study Guide explains that hard disk encryption is a method used to protect data stored on a physical device from unauthorized access.

'Data at rest refers to data stored on a device, such as files on a hard drive, SSD, or removable media. Hard disk encryption protects data at rest by converting it into an unreadable format unless accessed with the correct decryption key.'

(CCST Cybersecurity, Essential Security Principles, Data States and Protection Methods section, Cisco Networking Academy)

Data in process refers to data actively being handled by applications in memory (RAM), which is not the primary target of disk encryption.

Data in transit is protected via encryption methods such as TLS, not disk encryption.

Data in use is accessed and manipulated by programs in real-time, also not the primary scope of disk encryption.

Data at rest is the correct answer, as hard disk encryption directly safeguards stored files.

Answer : A

The CCST Cybersecurity course identifies Windows PowerShell as both a command-line interface (CLI) and a robust scripting environment. It is used by system administrators for automation, configuration, and task scheduling.

'PowerShell is a Windows command-line shell and scripting language built on the .NET framework. It allows administrators to automate administrative tasks, manage system configurations, and execute complex scripts for system management.'

(CCST Cybersecurity, Endpoint Security Concepts, System Administration Tools section, Cisco Networking Academy)

A is correct: PowerShell provides both interactive command execution and scripting capabilities.

B (MMC) is a GUI-based management console, not a CLI.

C (Vim) is a text editor, not a Windows-native CLI.

D (MS-DOS) is a legacy command shell with no advanced scripting features comparable to PowerShell.