Practice Free 100-160 Exam Online Questions
Question #41
You are collecting data after a suspected intrusion on the local LAN.
You need to capture incoming IP packets to a file for an investigator to analyze.
Which two tools should you use? (Choose 2.)
- A . Wireshark
- B . tcpdump
- C . Nmap
- D . netstat
Correct Answer: A, B
A, B
Explanation:
The CCST Cybersecurity Study Guide specifies that both Wireshark and tcpdump are packet capture tools that can record network traffic to a file for later analysis.
"Wireshark provides a graphical interface for packet capture and analysis. Tcpdump is a command-line tool that captures packets for detailed offline review."
(CCST Cybersecurity, Incident Handling, Network Traffic Analysis section, Cisco Networking Academy)
A is correct: Wireshark is widely used for packet capture and analysis.
B is correct: tcpdump is a CLI-based packet capture tool.
C (Nmap) is for network scanning, not packet capture.
D (netstat) displays network connections and ports but does not capture packets.
A, B
Explanation:
The CCST Cybersecurity Study Guide specifies that both Wireshark and tcpdump are packet capture tools that can record network traffic to a file for later analysis.
"Wireshark provides a graphical interface for packet capture and analysis. Tcpdump is a command-line tool that captures packets for detailed offline review."
(CCST Cybersecurity, Incident Handling, Network Traffic Analysis section, Cisco Networking Academy)
A is correct: Wireshark is widely used for packet capture and analysis.
B is correct: tcpdump is a CLI-based packet capture tool.
C (Nmap) is for network scanning, not packet capture.
D (netstat) displays network connections and ports but does not capture packets.
Question #42
What is a denial of service (DoS) attack?
- A . A technique used by attackers to obtain sensitive information through deception.
- B . A software program that is designed to damage, disrupt, or gain unauthorized access to a computer
system. - C . A form of cyber attack that attempts to gain unauthorized access to a network.
- D . An attack that overwhelms a target system with a flood of traffic or requests, rendering it inaccessible to legitimate users.
Correct Answer: D
D
Explanation:
A denial of service (DoS) attack is a type of cyber attack that aims to make a target system or network unavailable to its intended users by overwhelming it with a flood of traffic or requests. This effectively denies legitimate users access to the system.
D
Explanation:
A denial of service (DoS) attack is a type of cyber attack that aims to make a target system or network unavailable to its intended users by overwhelming it with a flood of traffic or requests. This effectively denies legitimate users access to the system.
Question #43
Which of the following best describes the term "as they occur" in the context of cybersecurity?
- A . Planning and executing incident response procedures
- B . Developing mitigation strategies for potential security threats
- C . Conducting regular security audits and assessments
- D . Monitoring and analyzing security events in real-time
Correct Answer: D
D
Explanation:
"As they occur" refers to the practice of continuously monitoring and analyzing security events as they happen. This involves setting up systems and tools to detect and alert on potential security incidents in real-time. By identifying and addressing security events promptly, organizations can reduce the impact and minimize potential damage.
D
Explanation:
"As they occur" refers to the practice of continuously monitoring and analyzing security events as they happen. This involves setting up systems and tools to detect and alert on potential security incidents in real-time. By identifying and addressing security events promptly, organizations can reduce the impact and minimize potential damage.
Question #44
What is a social engineering attack?
- A . An attack that targets physical infrastructure
- B . An attack that attempts to overload a network with excessive traffic
- C . An attack that intercepts wireless network packets
- D . An attack that manipulates people to obtain sensitive information
Correct Answer: D
D
Explanation:
A social engineering attack is a type of attack that manipulates people to obtain sensitive information or perform actions that could compromise security. This could include techniques such as impersonating trustworthy entities, phishing, baiting, or tailgating. Social engineering attacks exploit human psychology and trust to deceive individuals into revealing confidential details or granting unauthorized access. It is important to be aware of such tactics and exercise caution when dealing with requests for sensitive information.
D
Explanation:
A social engineering attack is a type of attack that manipulates people to obtain sensitive information or perform actions that could compromise security. This could include techniques such as impersonating trustworthy entities, phishing, baiting, or tailgating. Social engineering attacks exploit human psychology and trust to deceive individuals into revealing confidential details or granting unauthorized access. It is important to be aware of such tactics and exercise caution when dealing with requests for sensitive information.
Question #45
Which technology focuses on automating security response actions based on predefined playbooks or workflows?
- A . SOAR (Security Orchestration, Automation, and Response)
- B . IDS (Intrusion Detection System)
- C . Firewall
- D . SIEM (Security Information and Event Management)
Correct Answer: A
A
Explanation:
SOAR (Security Orchestration, Automation, and Response) technology is designed to automate security response actions based on predefined playbooks or workflows. These playbooks specify the steps to be taken when specific security incidents or events occur, allowing for a consistent and automated response. SOAR integrates with various security tools and systems, enabling automatic and orchestrated actions to handle security incidents effectively.
A
Explanation:
SOAR (Security Orchestration, Automation, and Response) technology is designed to automate security response actions based on predefined playbooks or workflows. These playbooks specify the steps to be taken when specific security incidents or events occur, allowing for a consistent and automated response. SOAR integrates with various security tools and systems, enabling automatic and orchestrated actions to handle security incidents effectively.
Question #46
Which of the following is a unique identifier assigned to a network interface card (NIC)?
- A . IP address
- B . Default gateway
- C . MAC address
- D . Subnet mask
Correct Answer: C
C
Explanation:
A Media Access Control (MAC) address is a unique identifier assigned to a network interface card (NIC) by the manufacturer. It is a 48-bit address typically represented as six groups of two hexadecimal digits separated by colons or hyphens. MAC addresses are used for communication at the data link layer of the network stack.
C
Explanation:
A Media Access Control (MAC) address is a unique identifier assigned to a network interface card (NIC) by the manufacturer. It is a 48-bit address typically represented as six groups of two hexadecimal digits separated by colons or hyphens. MAC addresses are used for communication at the data link layer of the network stack.
Question #47
Which of the following is a limitation of vulnerability databases?
- A . They may not include vulnerabilities discovered by malicious actors.
- B . They require minimal human effort for maintaining and updating.
- C . They provide real-time information on emerging threats.
- D . They cover all known vulnerabilities in every software and hardware.
Correct Answer: A
A
Explanation:
Vulnerability databases are an essential resource for cybersecurity professionals to stay informed about known vulnerabilities. However, these databases primarily rely on information shared by vendors, security researchers, and ethical hackers. Malicious actors, who may discover vulnerabilities independently, may not disclose them in such databases. Therefore, it is crucial to adopt a well-rounded approach to vulnerability management and consider potential undisclosed vulnerabilities.
A
Explanation:
Vulnerability databases are an essential resource for cybersecurity professionals to stay informed about known vulnerabilities. However, these databases primarily rely on information shared by vendors, security researchers, and ethical hackers. Malicious actors, who may discover vulnerabilities independently, may not disclose them in such databases. Therefore, it is crucial to adopt a well-rounded approach to vulnerability management and consider potential undisclosed vulnerabilities.
Question #48
Which of the following is an example of multifactor authentication?
- A . Using a fingerprint scan only
- B . Using a biometric scan and a passcode
- C . Using a username and password only
- D . Using a smart card and a PIN
Correct Answer: D
D
Explanation:
Multifactor authentication refers to the use of two or more different factors to verify an individual’s identity. In this case, using a smart card (something you have) and a PIN (something you know) constitutes multifactor authentication. Combining something you have and something you know adds an extra layer of security compared to using only one factor.
D
Explanation:
Multifactor authentication refers to the use of two or more different factors to verify an individual’s identity. In this case, using a smart card (something you have) and a PIN (something you know) constitutes multifactor authentication. Combining something you have and something you know adds an extra layer of security compared to using only one factor.
Question #49
An employee accidentally sends an email containing sensitive corporate information to an external email address.
Which type of threat does this scenario describe?
- A . Logic bomb
- B . Malware
- C . Phishing
- D . Insider
Correct Answer: D
D
Explanation:
The CCST Cybersecurity Study Guide explains that an insider threat is any threat to an organization that comes from people within the organization―employees, contractors, or business partners― who have inside information concerning the organization’s security practices, data, and systems. Insider threats may be intentional or unintentional.
"An insider threat can be malicious or accidental. Employees may unintentionally cause data breaches by mishandling sensitive information, such as sending it to the wrong recipient." (CCST Cybersecurity, Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)
A (Logic bomb) is malicious code triggered by conditions.
B (Malware) is malicious software, unrelated to accidental email leaks.
C (Phishing) is an external social engineering attack.
D is correct: This is an unintentional insider threat.
D
Explanation:
The CCST Cybersecurity Study Guide explains that an insider threat is any threat to an organization that comes from people within the organization―employees, contractors, or business partners― who have inside information concerning the organization’s security practices, data, and systems. Insider threats may be intentional or unintentional.
"An insider threat can be malicious or accidental. Employees may unintentionally cause data breaches by mishandling sensitive information, such as sending it to the wrong recipient." (CCST Cybersecurity, Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)
A (Logic bomb) is malicious code triggered by conditions.
B (Malware) is malicious software, unrelated to accidental email leaks.
C (Phishing) is an external social engineering attack.
D is correct: This is an unintentional insider threat.
Question #50
Which technology is responsible for managing cryptographic keys, digital certificates, and providing other security-related services?
- A . Intrusion Detection System (IDS)
- B . Virtual Private Network (VPN)
- C . Public Key Infrastructure (PKI)
- D . Firewall
Correct Answer: C
C
Explanation:
Public Key Infrastructure (PKI) is a framework of hardware, software, policies, and procedures used to manage the generation, storage, distribution, and revocation of digital certificates and encryption keys. PKI provides important security services such as authentication, encryption, and integrity checking. It enables secure communication, verifies the trustworthiness of digital identities, and ensures the confidentiality and integrity of data exchanged between parties.
C
Explanation:
Public Key Infrastructure (PKI) is a framework of hardware, software, policies, and procedures used to manage the generation, storage, distribution, and revocation of digital certificates and encryption keys. PKI provides important security services such as authentication, encryption, and integrity checking. It enables secure communication, verifies the trustworthiness of digital identities, and ensures the confidentiality and integrity of data exchanged between parties.