Pass the Cisco CCST 100-160 Questions and answers with CertsForce

TheCCST Cybersecurity Study Guideemphasizes that backups should be stored off-site or in the cloud to ensure recovery even if the primary location is damaged or compromised.

"A comprehensive disaster recovery plan includes performing regular backups and ensuring copies are stored in locations not subject to the same physical risks as the primary site. Off-site storage and cloud-based backups provide resilience against local disasters."

(CCST Cybersecurity,Essential Security Principles, Backup and Disaster Recovery section, Cisco Networking Academy)

Ais correct: Off-site removable media ensures recovery even if the main site is destroyed.

Bis incorrect: Local-only backups are vulnerable to the same risks as production systems.

Cis correct: Cloud services provide geographically separate storage with automated redundancy.

Dis incorrect: RAID is for hardware fault tolerance, not a complete backup solution.

According to theCisco Certified Support Technician (CCST) Cybersecurity Study Guide, a honeypot is asecurity mechanism that appears to be a legitimate system or resource but is intentionally made vulnerable to attract attackers. Its purpose is not to serve legitimate users but to detect, study, and sometimes divert malicious activity.

"A honeypot is a decoy system or service designed to attract and engage attackers. By simulating a target of interest, it allows security teams to monitor attack methods, collect intelligence, and sometimes divert threats away from production systems. Honeypots do not prevent attacks but help in identifying them and understanding adversary tactics."

(CCST Cybersecurity,Basic Network Security Concepts, Honeypots and Honey Nets section, Cisco Networking Academy)

In this context:

Option Adescribes an IDS (Intrusion Detection System), not a honeypot.

Option Crefers to aDMZ (Demilitarized Zone), not a honeypot.

Option Ddescribes an IPS (Intrusion Prevention System).

Option Bcorrectly identifies a honeypot’s role as adecoyto divert or engage attackers.

TheCCST Cybersecurity Study GuidehighlightsFileVaultas the macOS full-disk encryption tool.

"FileVault is macOS’s built-in full-disk encryption feature. It encrypts the contents of the entire startup disk to help prevent unauthorized access to the information stored on the drive, even if the device is lost or stolen."

(CCST Cybersecurity,Endpoint Security Concepts, Disk Encryption section, Cisco Networking Academy)

Ais correct: FileVault provides complete volume encryption.

B(Gatekeeper) controls app installation by verifying code signatures.

C(System Integrity Protection) protects system files from modification.

D(XProtect) is macOS’s built-in malware detection system.

According to theCCST Cybersecuritycourse, NIST guidelines (SP 800-63B) recommend aminimum password length of 8 charactersfor user-generated passwords, without requiring overly complex composition rules, but encouraging longer passphrases for increased security.

"NIST guidelines specify that user-generated passwords must be at least 8 characters in length, and systems should allow passwords up to at least 64 characters."

(CCST Cybersecurity,Essential Security Principles, Authentication Best Practices section, Cisco Networking Academy)

TheCCST Cybersecuritymaterial states that aVirtual Private Network (VPN)provides secure communication over an untrusted network, typically by ensuring:

Authentication→ verifying the identity of the user/device

Confidentiality→ encrypting the data so it cannot be read by unauthorized parties

Integrity→ ensuring that transmitted data has not been altered in transit

"VPNs secure remote access by authenticating users, encrypting data for confidentiality, and ensuring integrity through cryptographic checks."

(CCST Cybersecurity,Basic Network Security Concepts, VPNs section, Cisco Networking Academy)

Ais incorrect: WAN management is a network administration function, not a VPN feature.

Bis incorrect: Authorization is related but not a primary VPN security function.

Cis correct: Integrity is preserved through cryptographic hashing.

Dis correct: Authentication verifies user identity.

Eis correct: Confidentiality is provided via encryption.

Fis incorrect: Password management is separate from VPN functions.

According to theCCST Cybersecuritycourse, Windows Event Viewer’sSecurity logsrecord authentication-related events that can help identify password-guessing attempts (also known as brute force attacks).

"The Account logon failure event indicates that an authentication attempt has failed, which may suggest incorrect credentials were used. Multiple such events in a short time frame can indicate a brute-force attack. The Account lockout success event confirms that an account has been locked due to repeated failed logon attempts, which further supports the suspicion of password-guessing attacks."

(CCST Cybersecurity,Incident Handling, Monitoring and Analyzing Security Events section, Cisco Networking Academy)

Object access failurerelates to unauthorized attempts to open or modify files, not login attempts.

Account logon failure (B)shows failed login attempts due to invalid credentials.

Account lockout success (C)confirms that repeated login failures have triggered a lockout.

Account logoff successis a normal event and does not indicate malicious activity.

In theCCST Cybersecuritycourse, Windows Event ViewerErrorevents in the Application log indicate a severe problem that caused an application or component to fail. This usually requires investigation or repair.

"Error events indicate a significant problem such as a loss of functionality in an application or system component. Errors are often critical and need immediate attention."

(CCST Cybersecurity,Incident Handling, Event Logging and Analysis section, Cisco Networking Academy)

Ais incorrect: Performance slowness would usually generate warnings, not errors.

Bis correct: An "Error" level in Event Viewer means the application failed in some way.

Cis incorrect: That describes an "Information" event, not an error.

Dis incorrect: That also corresponds to an "Information" event.

TheCCST Cybersecuritymaterial describes that the first step after receiving a new CVE notification is toreview its details—such as affected systems, severity, and exploitability—to determine if it is relevant to your organization.

"Upon learning of a new CVE, security teams should analyze the vulnerability description, affected products, and CVSS score to determine applicability and urgency of mitigation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Prioritization section, Cisco Networking Academy)

Ais correct: Confirming applicability avoids unnecessary remediation for irrelevant vulnerabilities.

Bis done after confirming applicability.

C(disaster recovery plan) is unrelated to immediate CVE handling.

D(adding to firewall rules) is premature without confirming impact.

TheCCST Cybersecuritycourse highlights that signs of brute-force attacks followed by successful access requireimmediate account security actionsand an investigation to determine if other systems were accessed.

"When suspicious login activity is detected, immediate containment steps such as password resets and log analysis are necessary to limit damage and identify the extent of the compromise."

(CCST Cybersecurity,Incident Handling, Account Compromise Response section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideoutlines common motivations for cyberattacks, which include:

Financial gain

Revenge or personal grievance(e.g., disgruntled employees)

Ideological or political purposes(hacktivism)

Espionage and intelligence gathering

"Cyberattack motivations range from financial and competitive advantage to personal vendettas and advancing political or social causes. Disgruntled insiders may misuse access privileges to harm an organization, while hacktivists target systems to promote social or political messages."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Motivations section, Cisco Networking Academy)

Beingdisgruntled at work→ common insider threat motivation (True)

Wanting toprotect personal data→ defensive action, not a reason to commit an attack (False)

Wanting toadvance a social agenda→ hacktivist motivation (True)