Practice Free 100-160 Exam Online Questions
Question #81
Which of the following log file entries is typically associated with a Distributed Denial of Service (DDoS) attack?
- A . "High CPU utilization on server at 15:20:05."
- B . "Web server responding slowly to client requests at 14:10:15."
- C . "Spike in network traffic volume at 12:45:10."
- D . "Unusual number of concurrent sessions established at 09:30:00."
Correct Answer: C
C
Explanation:
In a Distributed Denial of Service (DDoS) attack, the attacker overwhelms the target system or network with a massive volume of traffic from multiple sources. This excessive traffic causes the targeted system to become inaccessible to legitimate users. Therefore, a sudden and significant spike in network traffic volume is a typical indicator of a DDoS attack. Additionally, other log entries may also be present, such as increased resource utilization or slow response times, as mentioned in the other options, but the spike in network traffic volume is the most indicative of a DDoS attack.
C
Explanation:
In a Distributed Denial of Service (DDoS) attack, the attacker overwhelms the target system or network with a massive volume of traffic from multiple sources. This excessive traffic causes the targeted system to become inaccessible to legitimate users. Therefore, a sudden and significant spike in network traffic volume is a typical indicator of a DDoS attack. Additionally, other log entries may also be present, such as increased resource utilization or slow response times, as mentioned in the other options, but the spike in network traffic volume is the most indicative of a DDoS attack.
Question #82
What should be done when a user forgets their password and requests a reset?
- A . Verify the user’s identity and follow the organization’s password reset process.
- B . Reset the password immediately without any further action.
- C . Escalate the request to the user’s supervisor for approval.
- D . Inform the user that password resets are not allowed for security reasons.
Correct Answer: A
A
Explanation:
When a user forgets their password and requests a reset, it is necessary to verify the user’s identity and follow the organization’s established password reset process. Password resets may involve sensitive information and can lead to unauthorized access if not handled appropriately. Therefore, following the organization’s procedures helps ensure the security and integrity of the password reset process.
A
Explanation:
When a user forgets their password and requests a reset, it is necessary to verify the user’s identity and follow the organization’s established password reset process. Password resets may involve sensitive information and can lead to unauthorized access if not handled appropriately. Therefore, following the organization’s procedures helps ensure the security and integrity of the password reset process.
Question #83
What is the purpose of using an application firewall in a cybersecurity setup?
- A . To encrypt network traffic between applications
- B . To perform vulnerability scanning of applications
- C . To increase the speed and performance of applications
- D . To block malicious incoming requests and attacks aimed at the application
Correct Answer: D
D
Explanation:
An application firewall, also known as a web application firewall (WAF) or application-level firewall, is designed to protect web applications from various attacks, such as cross-site scripting (XSS), SQL injection, and distributed denial-of-service (DDoS) attacks. It analyzes the incoming traffic and blocks malicious requests, protecting the application and its underlying infrastructure. Encryption, speed enhancement, and vulnerability scanning are not primary functions of an application firewall.
D
Explanation:
An application firewall, also known as a web application firewall (WAF) or application-level firewall, is designed to protect web applications from various attacks, such as cross-site scripting (XSS), SQL injection, and distributed denial-of-service (DDoS) attacks. It analyzes the incoming traffic and blocks malicious requests, protecting the application and its underlying infrastructure. Encryption, speed enhancement, and vulnerability scanning are not primary functions of an application firewall.
Question #84
You are going to perform a penetration test on a company LAN. As part of your preparation, you access the company’s websites, view webpage source code, and run internet searches to uncover domain information. You also use social media to gather details about the company and its employees.
Which type of reconnaissance activities are you performing?
- A . Passive
- B . Active
- C . Offline
- D . Invasive
Correct Answer: A
A
Explanation:
The CCST Cybersecurity Study Guide explains that reconnaissance is the process of collecting information about a target before attempting exploitation.
"Passive reconnaissance is conducted without directly engaging with the target systems. Examples include reviewing public websites, examining HTML source code, querying public DNS records, and using social media to gather information. Since no packets are sent directly to the target system, it reduces the risk of detection."
(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Reconnaissance Techniques section, Cisco Networking Academy)
Passive (A) is correct because all actions described ― viewing public pages, searching online, and checking social media ― involve no direct interaction that could alert the target. Active (B) would involve direct probing, like port scans or vulnerability scans.
Offline (C) is not an official reconnaissance classification in this context.
Invasive (D) is a general term and not used as a standard reconnaissance category in CCST material.
A
Explanation:
The CCST Cybersecurity Study Guide explains that reconnaissance is the process of collecting information about a target before attempting exploitation.
"Passive reconnaissance is conducted without directly engaging with the target systems. Examples include reviewing public websites, examining HTML source code, querying public DNS records, and using social media to gather information. Since no packets are sent directly to the target system, it reduces the risk of detection."
(CCST Cybersecurity, Vulnerability Assessment and Risk Management, Reconnaissance Techniques section, Cisco Networking Academy)
Passive (A) is correct because all actions described ― viewing public pages, searching online, and checking social media ― involve no direct interaction that could alert the target. Active (B) would involve direct probing, like port scans or vulnerability scans.
Offline (C) is not an official reconnaissance classification in this context.
Invasive (D) is a general term and not used as a standard reconnaissance category in CCST material.
Question #85
Which component of network security architecture is designed to separate the internal network from the external network?
- A . Cloud
- B . DMZ
- C . Proxy
- D . Virtualization
Correct Answer: B
B
Explanation:
A DMZ, or demilitarized zone, is a network segment that is used to separate the internal network from the external network. It acts as a buffer zone between the organization’s network and the internet, providing an additional layer of security. By placing servers, such as web servers or email servers, in the DMZ, organizations can ensure that external traffic is filtered and scrutinized before reaching the internal network.
B
Explanation:
A DMZ, or demilitarized zone, is a network segment that is used to separate the internal network from the external network. It acts as a buffer zone between the organization’s network and the internet, providing an additional layer of security. By placing servers, such as web servers or email servers, in the DMZ, organizations can ensure that external traffic is filtered and scrutinized before reaching the internal network.
Question #86
Which command-line tool is commonly used to test network connectivity and measure response time?
- A . netstat
- B . nslookup
- C . tcpdump
- D . ping
Correct Answer: D
D
Explanation:
The correct command-line tool for testing network connectivity and measuring response time is ping. It sends ICMP echo request packets to a specified network device or IP address and waits for the corresponding echo reply, helping to verify if a host is reachable and measure packet latency. However, it is important to note that although ping can provide some basic network testing, it does not capture traffic or packet contents like tcpdump.
D
Explanation:
The correct command-line tool for testing network connectivity and measuring response time is ping. It sends ICMP echo request packets to a specified network device or IP address and waits for the corresponding echo reply, helping to verify if a host is reachable and measure packet latency. However, it is important to note that although ping can provide some basic network testing, it does not capture traffic or packet contents like tcpdump.
Question #87
Which of the following is the primary objective of vulnerability assessment in cybersecurity?
- A . To determine the likelihood of a vulnerability being exploited.
- B . To identify and remove all vulnerabilities from a system.
- C . To assess the impact of identified vulnerabilities on the system.
- D . To evaluate the effectiveness of existing security controls.
Correct Answer: A
A
Explanation:
The primary objective of vulnerability assessment is to determine the probability of a vulnerability being exploited. It involves identifying and prioritizing vulnerabilities, so resources can be allocated to fix the most critical ones first.
A
Explanation:
The primary objective of vulnerability assessment is to determine the probability of a vulnerability being exploited. It involves identifying and prioritizing vulnerabilities, so resources can be allocated to fix the most critical ones first.
Question #88
Which technology allows on-demand access to shared pools of configurable computing resources over a network?
- A . Virtualization
- B . Cloud
- C . Proxy
- D . DMZ
Correct Answer: B
B
Explanation:
Cloud computing refers to the delivery of on-demand computing resources, including servers, storage, databases, networking, software, and analytics, over the internet. It provides organizations with the ability to access and use shared pools of configurable computing resources quickly and easily, without the need for extensive upfront infrastructure investments. Cloud computing offers scalability, cost-efficiency, and flexibility, making it an essential component of modern IT environments.
B
Explanation:
Cloud computing refers to the delivery of on-demand computing resources, including servers, storage, databases, networking, software, and analytics, over the internet. It provides organizations with the ability to access and use shared pools of configurable computing resources quickly and easily, without the need for extensive upfront infrastructure investments. Cloud computing offers scalability, cost-efficiency, and flexibility, making it an essential component of modern IT environments.
Question #89
Which of the following best defines the term "phishing" in the context of cybersecurity?
- A . Impersonating a trusted entity to deceive individuals into revealing sensitive information
- B . An unauthorized individual gaining access to a network by exploiting vulnerabilities
- C . Sending unsolicited emails to a large number of recipients for advertising purposes
- D . Using malware to gain control over a remote computer system
Correct Answer: A
A
Explanation:
Phishing is a form of cyber attack where attackers masquerade as a trustworthy entity, such as a bank or a reputable company, in order to deceive individuals into providing sensitive information like usernames, passwords, or credit card details. These attacks are typically carried out through malicious emails, websites, or instant messages.
A
Explanation:
Phishing is a form of cyber attack where attackers masquerade as a trustworthy entity, such as a bank or a reputable company, in order to deceive individuals into providing sensitive information like usernames, passwords, or credit card details. These attacks are typically carried out through malicious emails, websites, or instant messages.
Question #90
Which of the following represents a technique used in Classless Inter-Domain Routing (CIDR)?
- A . Variable-length subnet masks
- B . Compressed MAC addresses
- C . Binary notation for IP addresses
- D . 32-bit IP addresses
Correct Answer: A
A
Explanation:
Classless Inter-Domain Routing (CIDR) is a technique used to allocate and manage IP addresses more efficiently. It involves using variable-length subnet masks (VLSMs), which allow the network to have subnets of different sizes. VLSMs provide flexibility in allocating IP addresses by allowing the network administrator to choose the appropriate number of network and host bits based on the network requirements.
A
Explanation:
Classless Inter-Domain Routing (CIDR) is a technique used to allocate and manage IP addresses more efficiently. It involves using variable-length subnet masks (VLSMs), which allow the network to have subnets of different sizes. VLSMs provide flexibility in allocating IP addresses by allowing the network administrator to choose the appropriate number of network and host bits based on the network requirements.