Bash, the Crucial Exams Chat Bot
AI Bot
Cloud, IoT, and Secure Architecture Principles (CCST) Flashcards
Cisco CCST Cybersecurity 100-160 Flashcards
Study our Cloud, IoT, and Secure Architecture Principles (CCST) flashcards for the Cisco CCST Cybersecurity 100-160 exam with 52+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Define DDoS mitigation options | Rate limiting CDN WAF autoscaling and specialized DDoS services |
| Define IAM principle | Manage identities and access policies to enforce who can do what on resources |
| Define serverless security concern | User controls code not the runtime ensure least privilege and secure dependencies |
| Define shared responsibility model | Provider secures cloud infrastructure Customer secures data apps and configurations |
| Define zero trust architecture | Never trust always verify enforce least privilege and continuous authentication |
| Describe device identity concept | Assign unique cryptographic identity to each device for authentication and authorization |
| Describe hybrid cloud segmentation goal | Ensure consistent policies across on prem and cloud to protect hybrid workloads |
| Describe OT vs IT security priorities | OT prioritizes safety and availability IT prioritizes confidentiality and integrity |
| Explain firmware signing benefits | Prevents unauthorized firmware and ensures vendor authenticity |
| Explain key rotation benefit | Limits exposure if a key is compromised by replacing it periodically |
| Explain network segmentation | Purposefully divide networks to limit lateral movement and reduce attack surface |
| How does MFA improve security | Adds an additional authentication factor reducing risk from stolen credentials |
| How to secure APIs in cloud | Use authentication authorization rate limiting input validation and logging |
| How to secure CI CD pipelines | Protect credentials enforce code review use signed artifacts and run vulnerability scans |
| How to segment OT networks | Isolate control networks use one way gateways and strict access controls |
| List IaaS PaaS and SaaS with responsibility shift | IaaS customer manages OS middleware apps PaaS customer manages apps SaaS provider manages stack |
| Name common IoT protocols with risk examples | MQTT CoAP HTTP note lack of auth encryption in some implementations |
| Name typical IoT lifecycle risks | Manufacturing backdoors insecure provisioning lack of updates and poor disposal practices |
| State difference between security groups and NACLs | Security groups are stateful host level NACLs are stateless subnet level |
| What is a CASB | Cloud access security broker enforces security policies for cloud service usage |
| What is a hardware root of trust | Trusted hardware component like TPM that anchors device cryptographic operations |
| What is a KMS | Key Management Service for generating storing and managing encryption keys |
| What is a VPC | Virtual private cloud isolated network in a public cloud provider |
| What is a WAF | Web application firewall that filters and blocks malicious HTTP traffic |
| What is ABAC | Attribute based access control grants access based on attributes of subject object and environment |
| What is an air gap and its limitation | Physically isolated networks reduce remote attack risk but vulnerable via removable media and supply chain |
| What is an HSM | Hardware security module for secure generation and storage of cryptographic keys |
| What is anomaly detection for IoT | Use baselines and ML to spot unusual device behavior that may indicate compromise |
| What is defense in depth | Layered security controls so multiple defenses protect assets |
| What is IaC security risk | Configuration drift and misconfigurations in templates lead to large scale issues if not managed |
| What is identity federation | Allow external identity providers to authenticate users for cloud services |
| What is immutable infrastructure | Deploy resources that are replaced rather than modified to ensure consistency and recoverability |
| What is least privilege | Grant minimum rights needed for tasks and nothing more |
| What is microsegmentation | Fine grained segmentation often at workload or host level for isolation |
| What is principle of secure defaults | Ship systems with least functionality and strongest safe settings enabled by default |
| What is RBAC | Role based access control grants permissions based on assigned roles |
| What is runtime protection for containers | Monitor and block malicious behavior in running container workloads |
| What is secrets management | Securely store and distribute credentials tokens and API keys |
| What is secure boot | Verify firmware and bootloader signatures before executing to prevent tampering |
| What is secure device provisioning | Process to enroll device identity keys and certificates securely at manufacture or deploy |
| What is SIEM | Security information and event management that aggregates and analyzes logs |
| What is supply chain integrity signing | Use cryptographic signing for binaries and images to verify origin and integrity |
| What is supply chain risk for devices | Compromise or tampering of components or firmware before deployment |
| Why audit logs are critical | Provide traceability for actions support incident response and compliance |
| Why backup and DR for cloud differ | Cloud offers rapid recovery options but requires tested backup strategies and permissions management |
| Why encrypt data at rest | Protect stored data from theft and unauthorized access |
| Why encrypt data in transit | Protect data moving across networks from interception and tampering |
| Why log telemetry from IoT devices | Detect anomalies perform forensics and measure device health |
| Why OTA updates must be signed | Ensure authenticity and integrity of firmware being installed on devices |
| Why perform threat modeling | Identify assets threats and mitigations early to design secure architectures |
| Why scan container images | Detect vulnerabilities and insecure configurations before runtime |
| Why use TLS for cloud services | Provides encrypted authenticated communication between clients and services |
Related Study Materials
About the Flashcards
Prepare for your certification with our comprehensive flashcards for the Cisco CCST Cybersecurity exam. This deck is designed to help you master crucial terminology and foundational concepts across a wide range of security domains. By reviewing these cards, you can reinforce your understanding of key principles and be better prepared for the questions you'll face. The topics range from core cloud security principles like the shared responsibility model and zero trust architecture to specific technical controls. You'll study network segmentation, data encryption, and identity and access management (IAM), along with modern security challenges in DevSecOps, container security, and securing Internet of Things (IoT) systems.
Topics covered in this flashcard deck:
- Cloud Security Fundamentals
- Network and Infrastructure Security
- Data Protection and Cryptography
- Identity and Access Management (IAM)
- DevSecOps and Application Security
- IoT and OT Security Principles