How does a honeypot enhance network security?
Answer(s): B
According to the Cisco Certified Support Technician (CCST) Cybersecurity Study Guide, a honeypot is a security mechanism that appears to be a legitimate system or resource but is intentionally made vulnerable to attract attackers. Its purpose is not to serve legitimate users but to detect, study, and sometimes divert malicious activity."A honeypot is a decoy system or service designed to attract and engage attackers. By simulating a target of interest, it allows security teams to monitor attack methods, collect intelligence, and sometimes divert threats away from production systems. Honeypots do not prevent attacks but help in identifying them and understanding adversary tactics." (CCST Cybersecurity, Basic Network Security Concepts, Honeypots and Honey Nets section, Cisco Networking Academy)In this context:Option A describes an IDS (Intrusion Detection System), not a honeypot. Option C refers to a DMZ (Demilitarized Zone), not a honeypot.Option D describes an IPS (Intrusion Prevention System). Option B correctly identifies a honeypot's role as a decoy to divert or engage attackers.
Which data type is protected through hard disk encryption?
Answer(s): D
The CCST Cybersecurity Study Guide explains that hard disk encryption is a method used to protect data stored on a physical device from unauthorized access. "Data at rest refers to data stored on a device, such as files on a hard drive, SSD, or removable media. Hard disk encryption protects data at rest by converting it into an unreadable format unless accessed with the correct decryption key."(CCST Cybersecurity, Essential Security Principles, Data States and Protection Methods section, Cisco Networking Academy)Data in process refers to data actively being handled by applications in memory (RAM), which is not the primary target of disk encryption.Data in transit is protected via encryption methods such as TLS, not disk encryption. Data in use is accessed and manipulated by programs in real-time, also not the primary scope of disk encryption.Data at rest is the correct answer, as hard disk encryption directly safeguards stored files.
Your supervisor suspects that someone is attempting to gain access to a Windows computer by guessing user account IDs and passwords. The supervisor asks you to use the Windows Event Viewer security logs to verify the attempts.Which two audit policy events provide information to determine whether someone is using invalid credentials to attempt to log in to the computer? (Choose 2.) Note: You will receive partial credit for each correct selection.
Answer(s): B,C
According to the CCST Cybersecurity course, Windows Event Viewer's Security logs record authentication-related events that can help identify password-guessing attempts (also known as brute force attacks)."The Account logon failure event indicates that an authentication attempt has failed, which may suggest incorrect credentials were used. Multiple such events in a short time frame can indicate a brute-force attack. The Account lockout success event confirms that an account has been locked due to repeated failed logon attempts, which further supports the suspicion of password-guessing attacks."(CCST Cybersecurity, Incident Handling, Monitoring and Analyzing Security Events section, Cisco Networking Academy)Object access failure relates to unauthorized attempts to open or modify files, not login attempts. Account logon failure (B) shows failed login attempts due to invalid credentials. Account lockout success (C) confirms that repeated login failures have triggered a lockout. Account logoff success is a normal event and does not indicate malicious activity.
You are going to perform a penetration test on a company LAN. As part of your preparation, you access the company's websites, view webpage source code, and run internet searches to uncover domain information. You also use social media to gather details about the company and its employees.Which type of reconnaissance activities are you performing?
Answer(s): A
The CCST Cybersecurity Study Guide explains that reconnaissance is the process of collecting information about a target before attempting exploitation. "Passive reconnaissance is conducted without directly engaging with the target systems. Examples include reviewing public websites, examining HTML source code, querying public DNS records, and using social media to gather information. Since no packets are sent directly to the target system, it reduces the risk of detection."(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Reconnaissance Techniques section, Cisco Networking Academy)Passive (A) is correct because all actions described -- viewing public pages, searching online, and checking social media -- involve no direct interaction that could alert the target. Active (B) would involve direct probing, like port scans or vulnerability scans. Offline (C) is not an official reconnaissance classification in this context.Invasive (D) is a general term and not used as a standard reconnaissance category in CCST material.
Your manager asks you to review the output of some vulnerability scans and report anything that may require escalation.Which two findings should you report for further investigation as potential security vulnerabilities? (Choose 2.)
The CCST Cybersecurity course teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers. "Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Analyzing and Responding to Scan Results section, Cisco Networking Academy)Encrypted passwords (A) are good practice, not a vulnerability. Disabled firewalls (B) leave systems defenseless against incoming attacks. Open ports (C) can be exploited if the services they expose are vulnerable or misconfigured. SSH packets (D) are normal in secure remote administration and are not inherently a vulnerability.
A client cannot connect to the corporate web server. You discover a large number of half-open TCP connections to the server.What should you do?
The CCST Cybersecurity Study Guide identifies SYN flood attacks as a type of Denial of Service (DoS) attack that exploits the TCP three-way handshake. Attackers send many SYN requests without completing the handshake, leaving the server with numerous half-open connections and exhausting resources."A TCP SYN flood attack overwhelms a target server by initiating a high volume of TCP connections but never completing the handshake, resulting in numerous half-open connections that consume system resources and can render the service unavailable." (CCST Cybersecurity, Incident Handling, Denial-of-Service Attacks section, Cisco Networking Academy)A is correct: The proper action is to stop the SYN flood, often using firewalls, intrusion prevention systems, or SYN cookies.B (switching to HTTPS) does not address the flooding issue. C is incorrect because the excessive number of half-open connections indicates an attack, not normal operation.D (flushing DNS cache) is unrelated to this type of attack.
Which two basic metrics should be taken into consideration when assigning a severity to a vulnerability during an assessment? (Choose 2.)
Answer(s): A,B
The CCST Cybersecurity course describes that risk scoring for vulnerabilities often involves likelihood and impact -- similar to the CVSS (Common Vulnerability Scoring System) model. "When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs."(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Risk Assessment and Prioritization section, Cisco Networking Academy)A is correct: Likelihood is a fundamental part of severity assessment. B is correct: Impact determines how damaging an exploit would be. C is incorrect: Time to choose replacement software is an operational consideration, not a severity metric.D is incorrect: Hardware age may influence performance but does not directly define vulnerability severity.
Which Windows app is a command-line interface that includes a sophisticated scripting language used to automate Windows tasks?
The CCST Cybersecurity course identifies Windows PowerShell as both a command-line interface (CLI) and a robust scripting environment. It is used by system administrators for automation, configuration, and task scheduling."PowerShell is a Windows command-line shell and scripting language built on the .NET framework. It allows administrators to automate administrative tasks, manage system configurations, and execute complex scripts for system management."(CCST Cybersecurity, Endpoint Security Concepts, System Administration Tools section, Cisco Networking Academy)A is correct: PowerShell provides both interactive command execution and scripting capabilities. B (MMC) is a GUI-based management console, not a CLI.C (Vim) is a text editor, not a Windows-native CLI.D (MS-DOS) is a legacy command shell with no advanced scripting features comparable to PowerShell.
Share your comments for Cisco 100-160 exam with other users:
are these valid chfi questions
question: 162 should be dlp (b)
good exam questions
I have to say this is really close to real exam. Passed my exam with this.
good analytics question
this looks accurate
question 46, the answer should be data "virtualization" (not visualization).
its useful.
Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
informative for me.
question 134s answer shoule be "dlp"
in 72 the answer must be [sys_user_has_role] table.
i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
great to find this website, thanks
examination questions seem to be relevant.
planning to take psm test
please allow to download
please provide dumps
is the answer to question 15 correct ? i feel like the answer should be b
its getting more technical
i think these questions are what i need.
helpful assessment
i am confused about the answers to the questions. do you know if the answers are correct?
hi, please make the dumps available for my upcoming examination.
good practice
so far it is really informative
hi i want it please please upload it
am preparing for exam ,just nice questions
please upload c_tadm_23 exam
can we get tdvan4 vantage data engineering pdf?
want to clear the exam.
could you please upload the dumps of sap c_sac_2302
asm management configuration is about storage
kool thumb up