Cisco Certified Support Technician (CCST) Cybersecurity 100-160 CCST Cybersecurity Exam Questions

Page: 1 / 14
Total 50 questions
Question 1

Which security assessment of IT systems verifies that PII data is available, accurate, confidential, and accessible only by authorized users?



Answer : D

The CCST Cybersecurity study material defines Information Assurance (IA) as the practice of managing information-related risks to ensure data availability, integrity, confidentiality, authentication, and non-repudiation. It specifically applies to sensitive information like PII (Personally Identifiable Information).

'Information assurance involves the protection and validation of data so that it remains accurate, confidential, and available only to authorized users. IA ensures the trustworthiness of information, particularly when handling sensitive or regulated data such as PII.'

(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Information Assurance section, Cisco Networking Academy)

A (Risk framing) is part of risk management planning but does not verify data integrity and confidentiality directly.

B (Cyber Kill Chain) is an attack lifecycle model.

C (Workflow management) is about process efficiency, not data protection.

D is correct: Information Assurance addresses the availability, accuracy, and confidentiality of sensitive data.


Question 2

You need to transfer configuration files to a router across an unsecured network.

Which protocol should you use to encrypt the files in transit?



Answer : D

The CCST Cybersecurity Study Guide highlights that SSH (Secure Shell) provides encrypted communication for secure remote access and file transfer (using SCP or SFTP) over unsecured networks. This ensures confidentiality and integrity of the files in transit.

'SSH encrypts all data exchanged between client and server, protecting credentials and file contents from interception. It is the preferred protocol for secure device management and file transfers across untrusted networks.'

(CCST Cybersecurity, Basic Network Security Concepts, Secure Remote Management section, Cisco Networking Academy)

A (Telnet) transmits data in plaintext.

B (HTTP) is unencrypted web traffic.

C (TFTP) is a simple, insecure file transfer protocol without encryption.

D is correct: SSH secures configuration file transfers across insecure networks.


Question 3

How does a honeypot enhance network security?



Answer : B

According to the Cisco Certified Support Technician (CCST) Cybersecurity Study Guide, a honeypot is a security mechanism that appears to be a legitimate system or resource but is intentionally made vulnerable to attract attackers. Its purpose is not to serve legitimate users but to detect, study, and sometimes divert malicious activity.

'A honeypot is a decoy system or service designed to attract and engage attackers. By simulating a target of interest, it allows security teams to monitor attack methods, collect intelligence, and sometimes divert threats away from production systems. Honeypots do not prevent attacks but help in identifying them and understanding adversary tactics.'

(CCST Cybersecurity, Basic Network Security Concepts, Honeypots and Honey Nets section, Cisco Networking Academy)

In this context:

Option A describes an IDS (Intrusion Detection System), not a honeypot.

Option C refers to a DMZ (Demilitarized Zone), not a honeypot.

Option D describes an IPS (Intrusion Prevention System).

Option B correctly identifies a honeypot's role as a decoy to divert or engage attackers.


Question 4

A remote worker is visiting a branch office to attend face-to-face meetings. The worker tries to associate their company laptop with the branch wireless access point (WAP) but is unable to do so.

What is a possible cause?



Answer : B

The CCST Cybersecurity material explains that MAC address filtering is a wireless security measure that allows only devices with approved hardware addresses to connect. If the laptop's MAC address is not on the allow list, the connection will be blocked even if the SSID is correct.

'Wireless access points can be configured with MAC address filters to limit network access to authorized devices. If a device's MAC address is not on the permitted list, the connection will fail regardless of credentials.'

(CCST Cybersecurity, Basic Network Security Concepts, Wireless Security section, Cisco Networking Academy)

A is unlikely because non-broadcast SSIDs can still be manually connected to.

B is correct: MAC address filtering would block an unregistered device.

C would cause IP issues after association, not prevent initial connection.

D (open authentication) would allow connection, so it's not the cause here.


Question 5

You need a software solution that performs the following tasks:

Compiles network data

Logs information from many sources

Provides orchestration in the form of case management

Automates incident response workflows

What product should you use?



Answer : B

The CCST Cybersecurity Study Guide explains that SOAR (Security Orchestration, Automation, and Response) platforms integrate data from multiple tools and sources, support case management, and automate security workflows for faster incident response.

'SOAR solutions provide orchestration, automation, and response capabilities. They collect security data from multiple systems, enable analysts to manage incidents, and automate repetitive tasks in the response process.'

(CCST Cybersecurity, Incident Handling, Security Automation Tools section, Cisco Networking Academy)

A (SIEM) collects and correlates security logs but lacks full orchestration and automated response capabilities.

B is correct: SOAR adds orchestration, case management, and automated incident response.

C (NextGen IPS) focuses on intrusion prevention, not orchestration.

D (Snort) is an open-source intrusion detection/prevention tool, not an orchestration platform.


Question 6

You are collecting data after a suspected intrusion on the local LAN.

You need to capture incoming IP packets to a file for an investigator to analyze.

Which two tools should you use? (Choose 2.)



Answer : A, B

The CCST Cybersecurity Study Guide specifies that both Wireshark and tcpdump are packet capture tools that can record network traffic to a file for later analysis.

'Wireshark provides a graphical interface for packet capture and analysis. Tcpdump is a command-line tool that captures packets for detailed offline review.'

(CCST Cybersecurity, Incident Handling, Network Traffic Analysis section, Cisco Networking Academy)

A is correct: Wireshark is widely used for packet capture and analysis.

B is correct: tcpdump is a CLI-based packet capture tool.

C (Nmap) is for network scanning, not packet capture.

D (netstat) displays network connections and ports but does not capture packets.


Question 7

You need to design your company's password policy to adhere to the National Institute of Standards and Technology (NIST) guidelines for user password security.

What is the minimum password length that you should require to be consistent with the NIST guidelines?



Answer : B

According to the CCST Cybersecurity course, NIST guidelines (SP 800-63B) recommend a minimum password length of 8 characters for user-generated passwords, without requiring overly complex composition rules, but encouraging longer passphrases for increased security.

'NIST guidelines specify that user-generated passwords must be at least 8 characters in length, and systems should allow passwords up to at least 64 characters.'

(CCST Cybersecurity, Essential Security Principles, Authentication Best Practices section, Cisco Networking Academy)


Page:    1 / 14   
Total 50 questions