Pass the Cisco CCST 100-160 Questions and answers with ExamsMirror

TheCCST Cybersecuritycourse describes that risk scoring for vulnerabilities often involveslikelihoodandimpact— similar to the CVSS (Common Vulnerability Scoring System) model.

"When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Risk Assessment and Prioritization section, Cisco Networking Academy)

Ais correct: Likelihood is a fundamental part of severity assessment.

Bis correct: Impact determines how damaging an exploit would be.

Cis incorrect: Time to choose replacement software is an operational consideration, not a severity metric.

Dis incorrect: Hardware age may influence performance but does not directly define vulnerability severity.

TheCCST Cybersecuritycourse defines a strong password as one that:

Is at least 8–12 characters long

Uses a mix of uppercase, lowercase, numbers, and symbols

Avoids dictionary words, personal information, and predictable patterns

"Strong passwords combine length, complexity, and unpredictability, making them resistant to brute force and dictionary attacks."

(CCST Cybersecurity,Essential Security Principles, Authentication and Access Control section, Cisco Networking Academy)

Ais correct: It’s long, mixed case, includes numbers and symbols, and is not easily guessable.

Bis incorrect: It’s based on a date, which is predictable.

Cis incorrect: Short and based on a dictionary word.

Dis correct: Uses complexity and length with leetspeak for added unpredictability.

TheCCST Cybersecurity Study Guideexplains thatWPA3is the most current and secure Wi-Fi Protected Access protocol, offering stronger encryption and better protection against brute-force attacks compared to earlier versions.

"WPA3 improves wireless security by using more robust encryption methods and protections against offline password guessing, making it the recommended protocol for securing modern Wi-Fi networks."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security Protocols section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidehighlights thatSSH (Secure Shell)provides encrypted communication for secure remote access and file transfer (using SCP or SFTP) over unsecured networks. This ensures confidentiality and integrity of the files in transit.

"SSH encrypts all data exchanged between client and server, protecting credentials and file contents from interception. It is the preferred protocol for secure device management and file transfers across untrusted networks."

(CCST Cybersecurity,Basic Network Security Concepts, Secure Remote Management section, Cisco Networking Academy)

A(Telnet) transmits data in plaintext.

B(HTTP) is unencrypted web traffic.

C(TFTP) is a simple, insecure file transfer protocol without encryption.

Dis correct: SSH secures configuration file transfers across insecure networks.

TheCCST Cybersecurity Study Guidecovers major privacy and security frameworks:

GDPR (General Data Protection Regulation)–

"EU regulation that protects personal data and privacy for individuals within the European Union."

HIPAA (Health Insurance Portability and Accountability Act)–

"US law that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge."

PCI-DSS (Payment Card Industry Data Security Standard)–

"Security standard to protect credit card data and reduce fraud."

FERPA (Family Educational Rights and Privacy Act)–

"US law that protects the privacy of student education records."

FISMA (Federal Information Security Management Act)–

"US law that requires federal agencies to protect information and information systems."

(CCST Cybersecurity,Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)

TheCCST Cybersecuritycourse highlights that signs of brute-force attacks followed by successful access requireimmediate account security actionsand an investigation to determine if other systems were accessed.

"When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise."

(CCST Cybersecurity,Incident Handling, Account Compromise Response section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideoutlines common motivations for cyberattacks, which include:

Financial gain

Revenge or personal grievance(e.g., disgruntled employees)

Ideological or political purposes(hacktivism)

Espionage and intelligence gathering

"Cyberattack motivations range from financial and competitive advantage to personal vendettas and advancing political or social causes. Disgruntled insiders may misuse access privileges to harm an organization, while hacktivists target systems to promote social or political messages."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Motivations section, Cisco Networking Academy)

Beingdisgruntled at work→ common insider threat motivation (True)

Wanting toprotect personal data→ defensive action, not a reason to commit an attack (False)

Wanting toadvance a social agenda→ hacktivist motivation (True)

TheCCST Cybersecurity Study Guideexplains thatport securityon switches can be configured to limit the number of MAC addresses allowed on a port, or to restrict it to specific devices.

"Port security can prevent unauthorized access by limiting or specifying the MAC addresses allowed to connect through a given switch port. This mitigates risks from rogue devices connecting to the network."

(CCST Cybersecurity,Basic Network Security Concepts, Switch Security section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideexplains that aBYOD policy(Bring Your Own Device) should outline security requirements for personally owned devices connecting to the corporate network. Common requirements include:

Device encryptionfor stored sensitive corporate data.

Strong password or PINconfiguration for device access.

Restriction to secure and approved applicationsto reduce malware risk.

"BYOD policies typically mandate strong authentication, encryption of sensitive corporate data on personal devices, and installation of secure or approved applications. The goal is to protect corporate information while respecting personal ownership of the device."

(CCST Cybersecurity,Endpoint Security Concepts, BYOD Security section, Cisco Networking Academy)

Ais incorrect: BYOD policies do not require deletion of personal data unless wiping after separation.

Bis not a common requirement due to privacy and technical limitations.

E(upgrading data plans) is unrelated to security.

TheCCST Cybersecurity Study Guideexplains that sandboxing is a security technique that executes suspicious programs in a controlled and isolated environment, preventing them from affecting production systems while enabling behavior analysis.

"Sandboxing isolates a suspected application in a secure, controlled environment where it can be executed and analyzed without risking damage to the host system or network."

(CCST Cybersecurity,Endpoint Security Concepts, Malware Analysis Techniques section, Cisco Networking Academy)