Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Cisco®
  3. 100-160

Cisco® 100-160 Exam (page: 2)
Cisco® Certified Support Technician (CCST) Cybersecurity
Updated on: 11-Dec-2025

Viewing Page 2 of 8
100-160 PDF 50 Questions

Why is it necessary to update firmware to the latest version?

  1. To support the latest operating systems and applications
  2. To patch firmware in the kernel of the operating system
  3. To correct security holes and weaknesses
  4. To explore new hardware features

Answer(s): C

Explanation:

According to the CCST Cybersecurity Study Guide, firmware updates are a critical security maintenance task because vulnerabilities in firmware can be exploited by attackers to gain persistent control over hardware.
"Keeping firmware up to date is necessary to patch security vulnerabilities and weaknesses that could be exploited by threat actors. Vendors release firmware updates to correct security flaws, enhance stability, and ensure compatibility with updated security protocols." (CCST Cybersecurity, Endpoint Security Concepts, System and Firmware Maintenance section, Cisco Networking Academy)
A is partially true but not the primary security reason for updates. B is incorrect because firmware is not part of the OS kernel; it's embedded in the hardware. C is correct: patching vulnerabilities in firmware is essential for endpoint protection. D may occur as a side benefit, but it's not the main reason from a cybersecurity perspective.



How do threat actors launch ransomware attacks on organizations?

  1. They implant malware to collect data from the corporation's financial system.
  2. They deface an organization's public-facing website.
  3. They lock data and deny access to the data until they receive money.
  4. They secretly spy on employees and collect employees' personal information.

Answer(s): C

Explanation:

The CCST Cybersecurity course describes ransomware as a form of malicious software that encrypts or locks access to an organization's data, demanding payment for its release. "Ransomware is a type of malware that denies access to data by encrypting it and demands payment from the victim to restore access. Threat actors may deliver ransomware through phishing emails, malicious downloads, or exploiting vulnerabilities in exposed systems." (CCST Cybersecurity, Essential Security Principles, Malware Types and Threats section, Cisco Networking Academy)
A describes spyware or information-stealing malware. B is website defacement, which is vandalism, not ransomware. C is correct: locking/encrypting data and demanding payment is the defining behavior of ransomware.
D is more aligned with insider threat or espionage activities.



Which macOS security feature encrypts the entire macOS volume?

  1. FileVault
  2. Gatekeeper
  3. System Integrity Protection (SIP)
  4. XProtect

Answer(s): A

Explanation:

The CCST Cybersecurity Study Guide highlights FileVault as the macOS full-disk encryption tool. "FileVault is macOS's built-in full-disk encryption feature. It encrypts the contents of the entire startup disk to help prevent unauthorized access to the information stored on the drive, even if the device is lost or stolen."
(CCST Cybersecurity, Endpoint Security Concepts, Disk Encryption section, Cisco Networking Academy)
A is correct: FileVault provides complete volume encryption. B (Gatekeeper) controls app installation by verifying code signatures. C (System Integrity Protection) protects system files from modification.

D (XProtect) is macOS's built-in malware detection system.



You are reviewing your company's disaster recovery plan.
Which two daily data backup actions should the plan include? (Choose 2.)

  1. Back up the data to removable media and store it off-site.
  2. Back up each department's data to a separate local server.
  3. Back up the data by using cloud services.
  4. Back up the data by using RAID on a local external hard drive with a secondary power source.

Answer(s): A,C

Explanation:

The CCST Cybersecurity Study Guide emphasizes that backups should be stored off-site or in the cloud to ensure recovery even if the primary location is damaged or compromised. "A comprehensive disaster recovery plan includes performing regular backups and ensuring copies are stored in locations not subject to the same physical risks as the primary site. Off-site storage and cloud-based backups provide resilience against local disasters." (CCST Cybersecurity, Essential Security Principles, Backup and Disaster Recovery section, Cisco Networking Academy)
A is correct: Off-site removable media ensures recovery even if the main site is destroyed. B is incorrect: Local-only backups are vulnerable to the same risks as production systems. C is correct: Cloud services provide geographically separate storage with automated redundancy. D is incorrect: RAID is for hardware fault tolerance, not a complete backup solution.



Which two passwords follow strong password policy guidelines? (Choose 2.)

  1. Wh@tareyouDo1ngtoday4
  2. Feb121978
  3. Fluffy#
  4. 1mPressm3!

Answer(s): A,D

Explanation:

The CCST Cybersecurity course defines a strong password as one that:
Is at least 8­12 characters long
Uses a mix of uppercase, lowercase, numbers, and symbols Avoids dictionary words, personal information, and predictable patterns

"Strong passwords combine length, complexity, and unpredictability, making them resistant to brute force and dictionary attacks."
(CCST Cybersecurity, Essential Security Principles, Authentication and Access Control section, Cisco Networking Academy)
A is correct: It's long, mixed case, includes numbers and symbols, and is not easily guessable. B is incorrect: It's based on a date, which is predictable. C is incorrect: Short and based on a dictionary word. D is correct: Uses complexity and length with leetspeak for added unpredictability.



Your home network seems to have slowed down considerably. You look at the home router GUI and notice that an unknown host is attached to the network.
What should you do to prevent this specific host from attaching to the network again?

  1. Create an IP access control list.
  2. Implement MAC address filtering.
  3. Block the host IP address.
  4. Change the network SSI

Answer(s): B

Explanation:

The CCST Cybersecurity course explains that MAC address filtering is a network access control method that allows only approved device hardware addresses to connect.
While not foolproof against spoofing, it can block a specific device from reconnecting to a small home network. "MAC address filtering restricts network access to devices whose unique hardware addresses are explicitly allowed. This can be used to block known unauthorized devices from reconnecting." (CCST Cybersecurity, Basic Network Security Concepts, Wireless Security Controls section, Cisco Networking Academy)
A is incorrect: IP ACLs are better for controlling traffic types, not blocking specific devices at the router level.
B is correct: It prevents the device's hardware address from reconnecting. C is temporary since the host can get a new IP via DHCP.

D may hide the network but will not stop a determined attacker who can still detect it.



HOTSPOT
For each statement, select True if it is a common motivation to commit cyber attacks or False if it is not.
Note: You will receive partial credit for each correct selection.

  1. See Explanation for the Answer.

Answer(s): A

Explanation:



The CCST Cybersecurity Study Guide outlines common motivations for cyberattacks, which include:
Financial gain
Revenge or personal grievance (e.g., disgruntled employees) Ideological or political purposes (hacktivism)
Espionage and intelligence gathering
"Cyberattack motivations range from financial and competitive advantage to personal vendettas and advancing political or social causes. Disgruntled insiders may misuse access privileges to harm an organization, while hacktivists target systems to promote social or political messages." (CCST Cybersecurity, Essential Security Principles, Threat Actor Motivations section, Cisco Networking Academy)
Being disgruntled at work common insider threat motivation (True) Wanting to protect personal data defensive action, not a reason to commit an attack (False) Wanting to advance a social agenda hacktivist motivation (True)



What should you create to prevent spoofing of the internal network?

  1. A NAT rule
  2. An ACL
  3. A record in the host file
  4. A DNS record

Answer(s): B

Explanation:

The CCST Cybersecurity Study Guide states that Access Control Lists (ACLs) can be used to filter traffic based on IP addresses and block packets that appear to originate from the internal network but arrive from external interfaces (IP spoofing).
"ACLs can prevent spoofing by dropping traffic from external sources that claim to have an internal source address. Configuring ACLs on the perimeter firewall or router is a common countermeasure for IP spoofing."
(CCST Cybersecurity, Basic Network Security Concepts, ACLs and Traffic Filtering section, Cisco Networking Academy)
A (NAT rule) changes IP addresses but does not inherently prevent spoofing. B (ACL) is correct because it can enforce anti-spoofing filters.
C (host file) only affects name resolution locally.
D (DNS record) is for domain mapping, not spoofing prevention.



Viewing Page 2 of 8



Share your comments for Cisco® 100-160 exam with other users:

ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


whoAreWeReally 12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
EUROPEAN UNION


vs 9/2/2023 12:19:00 PM

no comments
Anonymous


john adenu 11/14/2023 11:02:00 AM

nice questions bring out the best in you.
Anonymous


Osman 11/21/2023 2:27:00 PM

really helpful
Anonymous


Edward 9/13/2023 5:27:00 PM

question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
CANADA


Monti 5/24/2023 11:14:00 PM

iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
UNITED STATES


Anon 10/25/2023 10:48:00 PM

some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
MALAYSIA


PeterPan 10/18/2023 10:22:00 AM

are the question real or fake?
Anonymous


CW 7/11/2023 3:19:00 PM

thank you for providing such assistance.
UNITED STATES


Mn8300 11/9/2023 8:53:00 AM

nice questions
Anonymous


Nico 4/23/2023 11:41:00 PM

my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
ITALY


Chere 9/15/2023 4:21:00 AM

found it good
Anonymous


Thembelani 5/30/2023 2:47:00 AM

excellent material
Anonymous


vinesh phale 9/11/2023 2:51:00 AM

very helpfull
UNITED STATES


Bhagiii 11/4/2023 7:04:00 AM

well explained.
Anonymous


Rahul 8/8/2023 9:40:00 PM

i need the pdf, please.
CANADA


CW 7/11/2023 2:51:00 PM

a good source for exam preparation
UNITED STATES


Anchal 10/23/2023 4:01:00 PM

nice questions
INDIA


J Nunes 9/29/2023 8:19:00 AM

i need ielts general training audio guide questions
BRAZIL


Ananya 9/14/2023 5:16:00 AM

please make this content available
UNITED STATES


Swathi 6/4/2023 2:18:00 PM

content is good
Anonymous


Leo 7/29/2023 8:45:00 AM

latest dumps please
INDIA


Laolu 2/15/2023 11:04:00 PM

aside from pdf the test engine software is helpful. the interface is user-friendly and intuitive, making it easy to navigate and find the questions.
UNITED STATES


Zaynik 9/17/2023 5:36:00 AM

questions and options are correct, but the answers are wrong sometimes. so please check twice or refer some other platform for the right answer
Anonymous


Massam 6/11/2022 5:55:00 PM

90% of questions was there but i failed the exam, i marked the answers as per the guide but looks like they are not accurate , if not i would have passed the exam given that i saw about 45 of 50 questions from dump
Anonymous


Anonymous 12/27/2023 12:47:00 AM

answer to this question "what administrative safeguards should be implemented to protect the collected data while in use by manasa and her product management team? " it should be (c) for the following reasons: this administrative safeguard involves controlling access to collected data by ensuring that only individuals who need the data for their job responsibilities have access to it. this helps minimize the risk of unauthorized access and potential misuse of sensitive information. while other options such as (a) documenting data flows and (b) conducting a privacy impact assessment (pia) are important steps in data protection, implementing a "need to know" access policy directly addresses the issue of protecting data while in use by limiting access to those who require it for legitimate purposes. (d) is not directly related to safeguarding data during use; it focuses on data transfers and location.
INDIA


Japles 5/23/2023 9:46:00 PM

password lockout being the correct answer for question 37 does not make sense. it should be geofencing.
Anonymous


Faritha 8/10/2023 6:00:00 PM

for question 4, the righr answer is :recover automatically from failures
UNITED STATES


Anonymous 9/14/2023 4:27:00 AM

question number 4s answer is 3, option c. i
UNITED STATES


p das 12/7/2023 11:41:00 PM

very good questions
UNITED STATES


Anna 1/5/2024 1:12:00 AM

i am confused about the answers to the questions. are the answers correct?
KOREA REPUBLIC OF


Bhavya 9/13/2023 10:15:00 AM

very usefull
Anonymous


Rahul Kumar 8/31/2023 12:30:00 PM

need certification.
CANADA