100-160 Cisco Certified Support Technician (CCST) Cybersecurity Free Practice Exam Questions (2025 Updated)

TheCCST Cybersecurity Study Guideexplains that hard disk encryption is a method used to protectdata stored on a physical devicefrom unauthorized access.

"Data at rest refers to data stored on a device, such as files on a hard drive, SSD, or removable media. Hard disk encryption protects data at rest by converting it into an unreadable format unless accessed with the correct decryption key."

(CCST Cybersecurity,Essential Security Principles, Data States and Protection Methods section, Cisco Networking Academy)

Data in processrefers to data actively being handled by applications in memory (RAM), which is not the primary target of disk encryption.

Data in transitis protected via encryption methods such as TLS, not disk encryption.

Data in useis accessed and manipulated by programs in real-time, also not the primary scope of disk encryption.

Data at restis the correct answer, as hard disk encryption directly safeguards stored files.

TheCCST Cybersecuritycourse defines a strong password as one that:

Is at least 8–12 characters long

Uses a mix of uppercase, lowercase, numbers, and symbols

Avoids dictionary words, personal information, and predictable patterns

"Strong passwords combine length, complexity, and unpredictability, making them resistant to brute force and dictionary attacks."

(CCST Cybersecurity,Essential Security Principles, Authentication and Access Control section, Cisco Networking Academy)

Ais correct: It’s long, mixed case, includes numbers and symbols, and is not easily guessable.

Bis incorrect: It’s based on a date, which is predictable.

Cis incorrect: Short and based on a dictionary word.

Dis correct: Uses complexity and length with leetspeak for added unpredictability.

According to theCCST Cybersecuritycourse, anti-malware solutions withreal-time protectionscan files as they are downloaded or opened, blocking malicious code before it runs.

"Real-time protection automatically inspects files, applications, and scripts as they are accessed or downloaded, preventing execution of malicious code."

(CCST Cybersecurity,Endpoint Security Concepts, Malware Protection section, Cisco Networking Academy)

TheCCST Cybersecuritycourse identifiesWindows PowerShellas both a command-line interface (CLI) and a robust scripting environment. It is used by system administrators for automation, configuration, and task scheduling.

"PowerShell is a Windows command-line shell and scripting language built on the .NET framework. It allows administrators to automate administrative tasks, manage system configurations, and execute complex scripts for system management."

(CCST Cybersecurity,Endpoint Security Concepts, System Administration Tools section, Cisco Networking Academy)

Ais correct: PowerShell provides both interactive command execution and scripting capabilities.

B(MMC) is a GUI-based management console, not a CLI.

C(Vim) is a text editor, not a Windows-native CLI.

D(MS-DOS) is a legacy command shell with no advanced scripting features comparable to PowerShell.

In theCCST Cybersecuritycourse, Windows Event ViewerErrorevents in the Application log indicate a severe problem that caused an application or component to fail. This usually requires investigation or repair.

"Error events indicate a significant problem such as a loss of functionality in an application or system component. Errors are often critical and need immediate attention."

(CCST Cybersecurity,Incident Handling, Event Logging and Analysis section, Cisco Networking Academy)

Ais incorrect: Performance slowness would usually generate warnings, not errors.

Bis correct: An "Error" level in Event Viewer means the application failed in some way.

Cis incorrect: That describes an "Information" event, not an error.

Dis incorrect: That also corresponds to an "Information" event.

TheCCST Cybersecurity Study Guideemphasizes that backups should be stored off-site or in the cloud to ensure recovery even if the primary location is damaged or compromised.

"A comprehensive disaster recovery plan includes performing regular backups and ensuring copies are stored in locations not subject to the same physical risks as the primary site. Off-site storage and cloud-based backups provide resilience against local disasters."

(CCST Cybersecurity,Essential Security Principles, Backup and Disaster Recovery section, Cisco Networking Academy)

Ais correct: Off-site removable media ensures recovery even if the main site is destroyed.

Bis incorrect: Local-only backups are vulnerable to the same risks as production systems.

Cis correct: Cloud services provide geographically separate storage with automated redundancy.

Dis incorrect: RAID is for hardware fault tolerance, not a complete backup solution.

TheCCST Cybersecuritycourse notes that isolation is a key part of thecontainment phaseof incident response. The goal is to prevent the compromised system from communicating with the attacker or spreading malware, while preserving it for analysis.

"Containment often involves removing an affected system from the production network and connecting it to a controlled forensic environment to preserve evidence and prevent further compromise."

(CCST Cybersecurity,Incident Handling, Containment Procedures section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedescribes theDiamond Model of Intrusion Analysisas a framework to map the relationships between four core features of an intrusion:

Adversary– The threat actor or group conducting the attack.

Example: Ransomware Group

Capability– The tools, techniques, or malware the adversary uses.

Example: Phishing Email, Malware

Infrastructure– The physical or logical communication and delivery systems the adversary uses.

Example: Email Server, Domain Name

Victim– The target of the attack, such as systems, organizations, or individuals.

Example: Customer and Product Databases

"The Diamond Model helps analysts connect the attacker, the tools they use, the infrastructure supporting the attack, and the victim, providing a holistic view of the intrusion event."

(CCST Cybersecurity,Incident Handling, Threat Modeling section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideoutlines worm mitigation as a four-step process:

Containment–

"Limit the spread of the worm by segmenting the network and restricting traffic from infected areas."

Inoculation–

"Apply patches or updates to uninfected systems to prevent them from being compromised."

Quarantine–

"Remove or block infected systems from the network to stop further infection."

Treatment–

"Clean and patch infected systems to remove the worm and fix vulnerabilities."

(CCST Cybersecurity,Incident Handling, Malware Mitigation Strategies section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedescribes the CIA Triad as the foundational model for information security:

Confidentiality

"Confidentiality ensures that sensitive information is accessed only by authorized individuals and is protected from unauthorized disclosure."

Integrity

"Integrity ensures that data remains accurate, complete, and unaltered except by authorized processes or users."

Availability

"Availability ensures that information and systems are accessible to authorized users when needed."

(CCST Cybersecurity,Essential Security Principles, CIA Triad section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedistinguishes betweenDisaster Recovery Plans (DRP)andBusiness Continuity Plans (BCP):

ABCPfocuses on keeping the business running during a disruption.

ADRPfocuses on restoring IT services and data after a disaster has occurred.

"A disaster recovery plan outlines procedures for restoring data and critical IT infrastructure to operational status following a disruptive incident. The goal is to resume normal IT operations as quickly as possible."

(CCST Cybersecurity,Essential Security Principles, Business Continuity and Disaster Recovery section, Cisco Networking Academy)

Ais a general effect of both BCP and DRP.

BandDdescribe business continuity, not disaster recovery.

Cis correct: DRP’s main purpose isrestoring IT systems and data quicklyafter disruption

TheCCST Cybersecuritymaterial describes that the first step after receiving a new CVE notification is toreview its details—such as affected systems, severity, and exploitability—to determine if it is relevant to your organization.

"Upon learning of a new CVE, security teams should analyze the vulnerability description, affected products, and CVSS score to determine applicability and urgency of mitigation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Prioritization section, Cisco Networking Academy)

Ais correct: Confirming applicability avoids unnecessary remediation for irrelevant vulnerabilities.

Bis done after confirming applicability.

C(disaster recovery plan) is unrelated to immediate CVE handling.

D(adding to firewall rules) is premature without confirming impact.

TheCCST Cybersecuritystudy material definesInformation Assurance (IA)as the practice of managing information-related risks to ensure data availability, integrity, confidentiality, authentication, and non-repudiation. It specifically applies to sensitive information like PII (Personally Identifiable Information).

"Information assurance involves the protection and validation of data so that it remains accurate, confidential, and available only to authorized users. IA ensures the trustworthiness of information, particularly when handling sensitive or regulated data such as PII."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Information Assurance section, Cisco Networking Academy)

A(Risk framing) is part of risk management planning but does not verify data integrity and confidentiality directly.

B(Cyber Kill Chain) is an attack lifecycle model.

C(Workflow management) is about process efficiency, not data protection.

Dis correct: Information Assurance addresses the availability, accuracy, and confidentiality of sensitive data.

TheCCST Cybersecurity Study Guidestates that after confirming a vulnerability is relevant and critical, the next step is to apply available patches or mitigations as soon as possible to reduce the attack surface.

"When a critical vulnerability is identified, remediation steps such as applying patches or configuration changes should be implemented immediately to prevent exploitation."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Remediation section, Cisco Networking Academy)