Free Practice Questions for Cisco 100-160 Exam

According to theCCST Cybersecuritycourse, Windows Event Viewer’sSecurity logsrecord authentication-related events that can help identify password-guessing attempts (also known as brute force attacks).

"The Account logon failure event indicates that an authentication attempt has failed, which may suggest incorrect credentials were used. Multiple such events in a short time frame can indicate a brute-force attack. The Account lockout success event confirms that an account has been locked due to repeated failed logon attempts, which further supports the suspicion of password-guessing attacks."

(CCST Cybersecurity,Incident Handling, Monitoring and Analyzing Security Events section, Cisco Networking Academy)

Object access failurerelates to unauthorized attempts to open or modify files, not login attempts.

Account logon failure (B)shows failed login attempts due to invalid credentials.

Account lockout success (C)confirms that repeated login failures have triggered a lockout.

Account logoff successis a normal event and does not indicate malicious activity.

TheCCST Cybersecurity Study GuidehighlightsFileVaultas the macOS full-disk encryption tool.

"FileVault is macOS’s built-in full-disk encryption feature. It encrypts the contents of the entire startup disk to help prevent unauthorized access to the information stored on the drive, even if the device is lost or stolen."

(CCST Cybersecurity,Endpoint Security Concepts, Disk Encryption section, Cisco Networking Academy)

Ais correct: FileVault provides complete volume encryption.

B(Gatekeeper) controls app installation by verifying code signatures.

C(System Integrity Protection) protects system files from modification.

D(XProtect) is macOS’s built-in malware detection system.

TheCCST Cybersecuritycourse describes ransomware as a form of malicious software that encrypts or locks access to an organization’s data, demanding payment for its release.

"Ransomware is a type of malware that denies access to data by encrypting it and demands payment from the victim to restore access. Threat actors may deliver ransomware through phishing emails, malicious downloads, or exploiting vulnerabilities in exposed systems."

(CCST Cybersecurity,Essential Security Principles, Malware Types and Threats section, Cisco Networking Academy)

Adescribes spyware or information-stealing malware.

Bis website defacement, which is vandalism, not ransomware.

Cis correct: locking/encrypting data and demanding payment is the defining behavior of ransomware.

Dis more aligned with insider threat or espionage activities.

TheCCST Cybersecurity Study Guidenotes that HIPAA (Health Insurance Portability and Accountability Act) requires that ePHI be protected both in storage and when devices are decommissioned or repurposed. This includes implementingdata removal policiesfor mobile devices.

"HIPAA requires procedures for the removal of electronic protected health information (ePHI) from devices before disposal, reuse, or reassignment."

(CCST Cybersecurity,Essential Security Principles, Regulatory Compliance section, Cisco Networking Academy)

TheCCST Cybersecuritystudy material definesInformation Assurance (IA)as the practice of managing information-related risks to ensure data availability, integrity, confidentiality, authentication, and non-repudiation. It specifically applies to sensitive information like PII (Personally Identifiable Information).

"Information assurance involves the protection and validation of data so that it remains accurate, confidential, and available only to authorized users. IA ensures the trustworthiness of information, particularly when handling sensitive or regulated data such as PII."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Information Assurance section, Cisco Networking Academy)

A(Risk framing) is part of risk management planning but does not verify data integrity and confidentiality directly.

B(Cyber Kill Chain) is an attack lifecycle model.

C(Workflow management) is about process efficiency, not data protection.

Dis correct: Information Assurance addresses the availability, accuracy, and confidentiality of sensitive data.

TheCCST Cybersecurity Study Guideoutlines worm mitigation as a four-step process:

Containment–

"Limit the spread of the worm by segmenting the network and restricting traffic from infected areas."

Inoculation–

"Apply patches or updates to uninfected systems to prevent them from being compromised."

Quarantine–

"Remove or block infected systems from the network to stop further infection."

Treatment–

"Clean and patch infected systems to remove the worm and fix vulnerabilities."

(CCST Cybersecurity,Incident Handling, Malware Mitigation Strategies section, Cisco Networking Academy)

TheCCST Cybersecuritycourse teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers.

"Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Analyzing and Responding to Scan Results section, Cisco Networking Academy)

Encrypted passwords (A)are good practice, not a vulnerability.

Disabled firewalls (B)leave systems defenseless against incoming attacks.

Open ports (C)can be exploited if the services they expose are vulnerable or misconfigured.

SSH packets (D)are normal in secure remote administration and are not inherently a vulnerability.

TheCCST Cybersecurity Study Guideoutlines common motivations for cyberattacks, which include:

Financial gain

Revenge or personal grievance(e.g., disgruntled employees)

Ideological or political purposes(hacktivism)

Espionage and intelligence gathering

"Cyberattack motivations range from financial and competitive advantage to personal vendettas and advancing political or social causes. Disgruntled insiders may misuse access privileges to harm an organization, while hacktivists target systems to promote social or political messages."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Motivations section, Cisco Networking Academy)

Beingdisgruntled at work→ common insider threat motivation (True)

Wanting toprotect personal data→ defensive action, not a reason to commit an attack (False)

Wanting toadvance a social agenda→ hacktivist motivation (True)

TheCCST Cybersecurity Study Guidedefines common attacker types:

Cyber criminal–

"An individual or group engaging in illegal activities for financial gain, such as selling stolen data or running spam campaigns."

State-sponsored attacker–

"Operates with the support or direction of a nation-state, often for espionage or political objectives."

Insider threat–

"A person within the organization, such as an employee or contractor, who misuses access to cause harm or steal data."

Hacktivist–

"Uses hacking techniques to promote political, social, or ideological causes."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)