Bash, the Crucial Exams Chat Bot
AI Bot
Cybersecurity Fundamentals and Threat Landscape (CCST) Flashcards
Cisco CCST Cybersecurity 100-160 Flashcards
Study our Cybersecurity Fundamentals and Threat Landscape (CCST) flashcards for the Cisco CCST Cybersecurity 100-160 exam with 45+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Authentication vs Authorization difference | Authentication verifies identity Authorization grants permissions |
| Availability definition | Ensuring authorized users have access when needed |
| Backup types full incremental differential | Full copies incremental backups of changes differential backups since last full |
| Brute force attack method | Trying many passwords until one succeeds |
| Business continuity vs Disaster recovery | Business continuity maintains operations Disaster recovery restores IT systems |
| Certificate revocation methods | CRL and OCSP used to check revoked certificates |
| CIA triad - what are the three principles | Confidentiality Integrity Availability |
| Common malware types | Mallet virus worm trojan ransomware spyware rootkit |
| Compliance vs Security difference | Compliance meets specific regulatory requirements Security reduces overall risk |
| Confidentiality definition | Protecting information from unauthorized access |
| Cross Site Scripting XSS basic concept | Attacker injects script into web pages viewed by other users |
| Defense in Depth concept | Multiple layered security controls reduce risk |
| Denial of Service vs Distributed Denial of Service | DoS originates from one source DDoS originates from many compromised hosts |
| Digital signature purpose | Provides authentication integrity and non repudiation of messages |
| Hash function property collision resistance | Difficult to find two inputs with the same hash |
| Incident response phases | Preparation Detection Containment Eradication Recovery Lessons learned |
| Insider threat examples | Malicious or negligent employees contractors or partners |
| Integrity definition | Ensuring data is accurate and unaltered |
| Man in the Middle attack basic idea | Attacker intercepts and possibly alters communication between parties |
| Multi factor authentication factors | Knowledge possession and inherence |
| NIST role in cybersecurity | Provides frameworks guidelines and standards for security practices |
| OWASP Top 10 relevance | Common web application security risks to prioritize |
| Password hashing and salting purpose | Hashing stores irreversible digests Salting prevents rainbow table attacks |
| Penetration testing vs Vulnerability scanning | Pen test actively exploits vulnerabilities Scan identifies possible issues |
| Phishing definition | Deceptive emails to steal credentials or deliver malware |
| Preventive Detective Corrective controls examples | Preventive firewall Detective IDS Corrective patching |
| Principle of Least Privilege | Users get only the access needed to perform their role |
| Privacy law examples | GDPR HIPAA and other regulations govern personal data protection |
| Public Key Infrastructure PKI components | Certificates Certificate Authority CA Private keys and CRL or OCSP |
| Ransomware primary behavior | Encrypts files and demands payment for decryption |
| Risk assessment basic steps | Identify assets Assess threats Identify vulnerabilities Evaluate likelihood and impact |
| Risk responses | Avoid Mitigate Transfer Accept |
| Security policy purpose | Defines rules and expectations for secure behavior and system use |
| Social engineering common techniques | Pretexting baiting tailgating and impersonation |
| Spear phishing difference | Targeted phishing aimed at specific individuals or organizations |
| SQL Injection basic concept | Attacker injects malicious SQL to manipulate a database |
| Supply chain attack definition | Compromise occurs in a third party component or vendor |
| Symmetric vs Asymmetric encryption difference | Symmetric uses one shared key Asymmetric uses public and private key pair |
| TLS purpose | Encrypts traffic between client and server to provide confidentiality and integrity |
| Tokenization vs Encryption difference | Tokenization replaces data with tokens Encryption transforms data with keys |
| Trojan horse characteristic | Disguises as legitimate software to deliver a payload |
| Virus vs Worm key difference | Virus needs a host Worm self propagates across networks |
| Vishing and Smishing definitions | Vishing uses voice calls Smishing uses SMS messages |
| Whaling target | Phishing aimed at high value targets like executives |
| Zero day vulnerability definition | Vulnerability unknown to vendor with no available patch |
Related Study Materials
About the Flashcards
Flashcards for the Cisco CCST Cybersecurity exam provide a concise study tool to review essential terminology, concepts, and definitions tested on the exam. They help you practice quick recall of core ideas like the CIA triad, authentication versus authorization, types of controls (preventive, detective, corrective), and the principle of least privilege.
Cards also summarize common threats and defenses: malware types (virus, worm, trojan, ransomware), social engineering (phishing, spear phishing, vishing, smishing, whaling), network and web attacks (DoS/DDoS, MITM, SQL injection, XSS), cryptography and PKI (symmetric vs asymmetric, hashing, TLS, certificates), plus risk assessment, incident response, and compliance topics like NIST, GDPR, and HIPAA.
Topics covered in this flashcard deck:
- CIA triad
- Authentication and authorization
- Malware and social engineering
- Cryptography and PKI
- Web application vulnerabilities
- Risk management and compliance