Pass the Cisco CCST 100-160 Questions and answers with ValidTests

TheCCST Cybersecurity Study Guidespecifies that bothWiresharkandtcpdumpare packet capture tools that can record network traffic to a file for later analysis.

"Wireshark provides a graphical interface for packet capture and analysis. Tcpdump is a command-line tool that captures packets for detailed offline review."

(CCST Cybersecurity,Incident Handling, Network Traffic Analysis section, Cisco Networking Academy)

Ais correct: Wireshark is widely used for packet capture and analysis.

Bis correct: tcpdump is a CLI-based packet capture tool.

C(Nmap) is for network scanning, not packet capture.

D(netstat) displays network connections and ports but does not capture packets.

TheCCST Cybersecurity Study Guidedefines common attacker types:

Cyber criminal–

"An individual or group engaging in illegal activities for financial gain, such as selling stolen data or running spam campaigns."

State-sponsored attacker–

"Operates with the support or direction of a nation-state, often for espionage or political objectives."

Insider threat–

"A person within the organization, such as an employee or contractor, who misuses access to cause harm or steal data."

Hacktivist–

"Uses hacking techniques to promote political, social, or ideological causes."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidestates thatAccess Control Lists (ACLs)can be used to filter traffic based on IP addresses and block packets that appear to originate from the internal network but arrive from external interfaces (IP spoofing).

"ACLs can prevent spoofing by dropping traffic from external sources that claim to have an internal source address. Configuring ACLs on the perimeter firewall or router is a common countermeasure for IP spoofing."

(CCST Cybersecurity,Basic Network Security Concepts, ACLs and Traffic Filtering section, Cisco Networking Academy)

A(NAT rule) changes IP addresses but does not inherently prevent spoofing.

B(ACL) is correct because it can enforce anti-spoofing filters.

C(host file) only affects name resolution locally.

D(DNS record) is for domain mapping, not spoofing prevention.

TheCCST Cybersecurity Study Guideexplains that sandboxing is a security technique that executes suspicious programs in a controlled and isolated environment, preventing them from affecting production systems while enabling behavior analysis.

"Sandboxing isolates a suspected application in a secure, controlled environment where it can be executed and analyzed without risking damage to the host system or network."

(CCST Cybersecurity,Endpoint Security Concepts, Malware Analysis Techniques section, Cisco Networking Academy)

TheCCST Cybersecuritycourse notes that isolation is a key part of thecontainment phaseof incident response. The goal is to prevent the compromised system from communicating with the attacker or spreading malware, while preserving it for analysis.

"Containment often involves removing an affected system from the production network and connecting it to a controlled forensic environment to preserve evidence and prevent further compromise."

(CCST Cybersecurity,Incident Handling, Containment Procedures section, Cisco Networking Academy)

TheCCST Cybersecuritymaterial describes that the first step after receiving a new CVE notification is toreview its details—such as affected systems, severity, and exploitability—to determine if it is relevant to your organization.

"Upon learning of a new CVE, security teams should analyze the vulnerability description, affected products, and CVSS score to determine applicability and urgency of mitigation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Prioritization section, Cisco Networking Academy)

Ais correct: Confirming applicability avoids unnecessary remediation for irrelevant vulnerabilities.

Bis done after confirming applicability.

C(disaster recovery plan) is unrelated to immediate CVE handling.

D(adding to firewall rules) is premature without confirming impact.

TheCCST Cybersecurity Study Guidedescribes aman-in-the-middle (MITM)attack as an attack where the adversary secretly intercepts and possibly alters communications between two parties, making them believe they are communicating directly. A rogue AP configured to pass traffic through itself before sending it on is a classic wireless MITM method.

"In a MITM attack, the attacker places themselves between the sender and receiver, intercepting and possibly altering data in transit. Rogue access points can facilitate MITM attacks in wireless environments."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Threats section, Cisco Networking Academy)

Ais incorrect: Reconnaissance is information gathering, not active interception.

Bis correct: This is a wireless MITM attack.

Cis incorrect: DDoS aims to overwhelm a service, not intercept data.

Dis incorrect: Ransomware encrypts data for extortion.

According to theCCST Cybersecuritycourse, NIST guidelines (SP 800-63B) recommend aminimum password length of 8 charactersfor user-generated passwords, without requiring overly complex composition rules, but encouraging longer passphrases for increased security.

"NIST guidelines specify that user-generated passwords must be at least 8 characters in length, and systems should allow passwords up to at least 64 characters."

(CCST Cybersecurity,Essential Security Principles, Authentication Best Practices section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidecovers major privacy and security frameworks:

GDPR (General Data Protection Regulation)–

"EU regulation that protects personal data and privacy for individuals within the European Union."

HIPAA (Health Insurance Portability and Accountability Act)–

"US law that protects sensitive patient health information from being disclosed without the patient’s consent or knowledge."

PCI-DSS (Payment Card Industry Data Security Standard)–

"Security standard to protect credit card data and reduce fraud."

FERPA (Family Educational Rights and Privacy Act)–

"US law that protects the privacy of student education records."

FISMA (Federal Information Security Management Act)–

"US law that requires federal agencies to protect information and information systems."

(CCST Cybersecurity,Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideexplains that disabling SSID broadcast hides the network from casual scanning, adding a layer of obscurity. While not a complete security measure, when combined with WPA2/WPA3 encryption and strong passwords, it can help protect private wireless networks, especially in environments with separate employee and guest access.

"Disabling SSID broadcast can reduce the visibility of a wireless network, making it less likely to be detected by casual attackers. This should be combined with strong encryption and authentication."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security section, Cisco Networking Academy)

A(IP filtering) provides limited protection and is harder to manage for employee devices.

Bis correct: Disabling SSID broadcast adds an extra layer of obscurity for the employee network.

Cwould make the network easier to access from outside the premises, which is less secure.

Dwould cause network conflicts and make segmentation impossible.