Cisco 100-160 - Cisco Certified Support Technician (CCST) Cybersecurity

TheCCST Cybersecurity Study GuideidentifiesSYN flood attacksas a type ofDenial of Service (DoS)attack that exploits the TCP three-way handshake. Attackers send many SYN requests without completing the handshake, leaving the server with numerous half-open connections and exhausting resources.

"A TCP SYN flood attack overwhelms a target server by initiating a high volume of TCP connections but never completing the handshake, resulting in numerous half-open connections that consume system resources and can render the service unavailable."

(CCST Cybersecurity,Incident Handling, Denial-of-Service Attacks section, Cisco Networking Academy)

Ais correct: The proper action is to stop the SYN flood, often using firewalls, intrusion prevention systems, or SYN cookies.

B(switching to HTTPS) does not address the flooding issue.

Cis incorrect because the excessive number of half-open connections indicates an attack, not normal operation.

D(flushing DNS cache) is unrelated to this type of attack.

TheCCST Cybersecuritycourse states that anIntrusion Detection System (IDS)passively monitors network or system traffic and analyzes it against a database of known threat signatures or behavioral patterns.

"IDS devices inspect network traffic, compare it to known malicious signatures or anomalies, and generate alerts for suspicious activity without actively blocking traffic."

(CCST Cybersecurity,Basic Network Security Concepts, IDS and IPS section, Cisco Networking Academy)

Ais correct: IDS is passive and signature-based.

B(IPS) is active and can block traffic.

C(Proxy Server) handles requests between clients and servers.

D(Honeypot) is a decoy system to attract attackers.

TheCCST Cybersecuritycourse notes that isolation is a key part of thecontainment phaseof incident response. The goal is to prevent the compromised system from communicating with the attacker or spreading malware, while preserving it for analysis.

"Containment often involves removing an affected system from the production network and connecting it to a controlled forensic environment to preserve evidence and prevent further compromise."

(CCST Cybersecurity,Incident Handling, Containment Procedures section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidestates that vulnerability scanning is an automated process used to identify known security weaknesses in systems, software, and network devices. These scans compare system configurations and software versions against databases of known vulnerabilities, such as the Common Vulnerabilities and Exposures (CVE) list.

"A vulnerability scan is an automated test that checks systems and networks for known weaknesses by matching them against a database of vulnerabilities such as CVEs. This allows administrators to identify exploitable conditions before they are leveraged by attackers."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Scanning section, Cisco Networking Academy)

Ais asset discovery, not vulnerability scanning.

Bmay be part of remediation planning but is not the primary purpose.

Cis correct: Scans detect if systems have vulnerabilities associated with CVEs.

Ddescribes SIEM (Security Information and Event Management) log correlation, not vulnerability scanning.

TheCCST Cybersecurity Study Guidedescribes the CIA Triad as the foundational model for information security:

Confidentiality

"Confidentiality ensures that sensitive information is accessed only by authorized individuals and is protected from unauthorized disclosure."

Integrity

"Integrity ensures that data remains accurate, complete, and unaltered except by authorized processes or users."

Availability

"Availability ensures that information and systems are accessible to authorized users when needed."

(CCST Cybersecurity,Essential Security Principles, CIA Triad section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidenotes that HIPAA (Health Insurance Portability and Accountability Act) requires that ePHI be protected both in storage and when devices are decommissioned or repurposed. This includes implementingdata removal policiesfor mobile devices.

"HIPAA requires procedures for the removal of electronic protected health information (ePHI) from devices before disposal, reuse, or reassignment."

(CCST Cybersecurity,Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidespecifies thatAES (Advanced Encryption Standard)is the encryption method used in modern WiFi security protocols like WPA2 and WPA3.

"WPA2 and WPA3 use the Advanced Encryption Standard (AES) for securing wireless traffic. AES provides strong symmetric encryption, replacing outdated methods like WEP and TKIP."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security section, Cisco Networking Academy)

A(DES) is outdated and insecure.

B(Triple DES) is older and slower, rarely used in WiFi.

Cis correct: AES is the industry standard for WiFi security.

D(RSA) is asymmetric encryption used in key exchange, not bulk WiFi encryption.

TheCCST Cybersecuritymaterial explains that MAC address filtering is a wireless security measure that allows only devices with approved hardware addresses to connect. If the laptop’s MAC address is not on the allow list, the connection will be blocked even if the SSID is correct.

"Wireless access points can be configured with MAC address filters to limit network access to authorized devices. If a device's MAC address is not on the permitted list, the connection will fail regardless of credentials."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security section, Cisco Networking Academy)

Ais unlikely because non-broadcast SSIDs can still be manually connected to.

Bis correct: MAC address filtering would block an unregistered device.

Cwould cause IP issues after association, not prevent initial connection.

D(open authentication) would allow connection, so it’s not the cause here.

TheCCST Cybersecurity Study Guideoutlines the standardrisk management processin the following sequence:

Identify the risks–

"Determine potential threats and vulnerabilities that could negatively impact organizational assets."

Prioritize the risks–

"Assess each risk in terms of likelihood and potential impact to rank them for remediation."

Implement a response–

"Apply the appropriate mitigation, transfer, acceptance, or avoidance strategy to address each prioritized risk."

Monitor results–

"Continuously assess the effectiveness of implemented controls and make adjustments as needed."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Risk Management Process section, Cisco Networking Academy)