- Home
- Cisco
- Cisco Certified Support Technician (CCST) Cybersecurity
- Cisco.100-160.v2026-02-24.q167
- Question 52
Valid 100-160 Dumps shared by EduDump.com for Helping Passing 100-160 Exam! EduDump.com now offer the newest 100-160 exam dumps, the EduDump.com 100-160 exam questions have been updated and answers have been corrected get the newest EduDump.com 100-160 dumps with Test Engine here:
Access 100-160 Dumps Premium Version
(360 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 52/167
Which two basic metrics should be taken into consideration when assigning a severity to a vulnerability during an assessment? (Choose 2.)
Correct Answer: A,B
The CCST Cybersecurity course describes that risk scoring for vulnerabilities often involves likelihood and impact - similar to the CVSS (Common Vulnerability Scoring System) model.
"When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs." (CCST Cybersecurity, Vulnerability Assessment and Risk Management, Risk Assessment and Prioritization section, Cisco Networking Academy) A is correct: Likelihood is a fundamental part of severity assessment.
B is correct: Impact determines how damaging an exploit would be.
C is incorrect: Time to choose replacement software is an operational consideration, not a severity metric.
D is incorrect: Hardware age may influence performance but does not directly define vulnerability severity.
"When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs." (CCST Cybersecurity, Vulnerability Assessment and Risk Management, Risk Assessment and Prioritization section, Cisco Networking Academy) A is correct: Likelihood is a fundamental part of severity assessment.
B is correct: Impact determines how damaging an exploit would be.
C is incorrect: Time to choose replacement software is an operational consideration, not a severity metric.
D is incorrect: Hardware age may influence performance but does not directly define vulnerability severity.
- Question List (167q)
- Question 1: Which state of data is appropriate for encrypting sensitive ...
- Question 2: Which of the following is true about security policies and p...
- Question 3: Which of the following best defines a vulnerability assessme...
- Question 4: What is the purpose of performing a vulnerability scan?...
- Question 5: Which of the following is a key element of an incident respo...
- Question 6: What is the main purpose of risk management in the context o...
- Question 7: Which security assessment of IT systems verifies that PII da...
- Question 8: What does the term "system logs" refer to in cybersecurity?...
- Question 9: What should be done when a user forgets their password and r...
- Question 10: Which aspect of security is primarily addressed by BYOD poli...
- Question 11: What is smishing?
- Question 12: Which of the following is a principle of data security?...
- Question 13: Which of the following best describes the relationship betwe...
- Question 14: Which threat intelligence technique involves utilizing known...
- Question 15: During the incident handling process, what is the main purpo...
- Question 16: Which component of network security architecture is designed...
- Question 17: Which encryption method is used to secure data while it is b...
- Question 18: Which level of risk category would be associated with a vuln...
- Question 19: Which of the following is a good practice for updating docum...
- Question 20: Which of the following log file entries is typically associa...
- Question 21: What is the role of policies in vulnerability assessment?...
- Question 22: You are reviewing your company's disaster recovery plan. Whi...
- Question 23: Which of the following best defines vulnerability management...
- Question 24: Which wireless security protocol provides the strongest prot...
- Question 25: Which of the following features help to secure a wireless So...
- Question 26: Which notation is used by IPv6?...
- Question 27: Which approach to risk management involves accepting the pot...
- Question 28: A restaurant installs a second wireless router that only emp...
- Question 29: Which of the following is true regarding secure web gateways...
- Question 30: When ranking risks, which of the following factors should be...
- Question 31: Which of the following is an example of an active vulnerabil...
- Question 32: Which of the following is a best practice for managing secur...
- Question 33: Which of the following is an example of a human-caused disas...
- Question 34: Which of the following services or protocols can be used to ...
- Question 35: Move each framework from the list on the left to the correct...
- Question 36: How can the preservation of evidence be ensured during a cyb...
- Question 37: What is the primary objective of identifying vulnerabilities...
- Question 38: Which of the following involves dividing a network into smal...
- Question 39: Which of the following statements best describes the impact ...
- Question 40: Which of the following features help to secure a wireless So...
- Question 41: What is a social engineering attack?...
- Question 42: What is the primary purpose of packet captures in identifyin...
- Question 43: What is one benefit of regularly updating documentation in t...
- Question 44: Which network infrastructure component allows for the transl...
- Question 45: Which of the following is a key element of management in cyb...
- Question 46: Which of the following security events should be escalated?...
- Question 47: Which of the following best describes network security?...
- Question 48: What is the purpose of Tactics in the context of cybersecuri...
- Question 49: Which of the following is a preventive control that can help...
- Question 50: What is the purpose of implementing a firewall in a network?...
- Question 51: Which of the following is a best practice for proactively ma...
- Question 52: Which two basic metrics should be taken into consideration w...
- Question 53: Which of the following is an example of a source of evidence...
- Question 54: Which of the following is a key requirement for conducting a...
- Question 55: Which of the following is NOT a component of an incident res...
- Question 56: Which of the following best describes risks in the context o...
- Question 57: Which compliance framework is designed to safeguard protecte...
- Question 58: Which of the following is an important aspect of ensuring th...
- Question 59: What logging mechanism is commonly used to track and record ...
- Question 60: Your supervisor suspects that someone is attempting to gain ...
- Question 61: Which of the following updates improve the functionality and...
- Question 62: Which of the following is a unique identifier assigned to a ...
- Question 63: What is a common security threat in which an attacker attemp...
- Question 64: What is the purpose of a firewall in endpoint security?...
- Question 65: How does a honeypot enhance network security?...
- Question 66: What is the purpose of a firewall in a network security infr...
- Question 67: Which of the following best defines the term "phishing" in t...
- Question 68: Which of the following describes the purpose of a firewall i...
- Question 69: Which of the following is NOT a typical phase of the plannin...
- Question 70: What is a common vulnerability in Internet of Things (IoT) d...
- Question 71: Which regulation sets standards for the security and privacy...
- Question 72: Which of the following is a common security control measure ...
- Question 73: Which of the following is an essential component of effectiv...
- Question 74: Which protocol is used for communication between web browser...
- Question 75: Which of the following is an integral part of the CIA triad ...
- Question 76: Which network security concept focuses on limiting network a...
- Question 77: What type of information can be found in cybersecurity repor...
- Question 78: What should you create to prevent spoofing of the internal n...
- Question 79: What is the main difference between a public and a private n...
- Question 80: Which compliance framework is specifically related to protec...
- Question 81: What is the purpose of a disaster recovery plan (DRP)?...
- Question 82: What is tailgating in the context of cybersecurity?...
- Question 83: Which statement accurately describes the concept of a code o...
- Question 84: Which of the following is a characteristic of an IPv6 addres...
- Question 85: What is the purpose of conducting a hardware inventory asses...
- Question 86: Which of the following is an example of a data security prin...
- Question 87: What is the role of a firewall in secure access technologies...
- Question 88: Which two passwords follow strong password policy guidelines...
- Question 89: Your home network seems to have slowed down considerably. Yo...
- Question 90: Which of the following is an example of multifactor authenti...
- Question 91: Which of the following is an effective strategy for managing...
- Question 92: A SOC analyst notices repeated failed login attempts from a ...
- Question 93: What is the primary advantage of using reputation-based dete...
- Question 94: Which of the following is an example of a detective control?...
- Question 95: Why is it necessary to update firmware to the latest version...
- Question 96: What is the primary purpose of running a vulnerability scan ...
- Question 97: Which of the following is an example of a network vulnerabil...
- Question 98: What is the primary goal of a threat actor in a cyber attack...
- Question 99: Which encryption type is commonly used to secure WiFi networ...
- Question 100: Which of the following is a common authentication protocol u...
- Question 101: Which of the following is not a component of risk management...
- Question 102: Which of the following is the primary objective of vulnerabi...
- Question 103: Which of the following is a common proactive measure for man...
- Question 104: How do threat actors launch ransomware attacks on organizati...
- Question 105: Which command-line tool is commonly used to display active n...
- Question 106: Which of the following represents a technique used in Classl...
- Question 107: Which of the following best describes the role of automated ...
- Question 108: Which of the following is a key advantage of multifactor aut...
- Question 109: What does the term "data classification" refer to in the con...
- Question 110: Which technology is responsible for monitoring network traff...
- Question 111: Which type of encryption algorithm uses two different keys: ...
- Question 112: Which cryptographic technique is used to ensure the integrit...
- Question 113: What is meant by the term "collective intelligence" in the c...
- Question 114: What action should be taken when a user reports a suspicious...
- Question 115: You need to manage security risks at your company. In which ...
- Question 116: What is the main purpose of a disaster recovery plan?...
- Question 117: You need to design your company's password policy to adhere ...
- Question 118: Which of the following is a key principle of access manageme...
- Question 119: Which of the following log file entries would most likely in...
- Question 120: Which of the following control types is focused on identifyi...
- Question 121: How can cybersecurity reports contribute to incident respons...
- Question 122: A client cannot connect to the corporate web server. You dis...
- Question 123: What type of encryption is used to secure data that is store...
- Question 124: During a vulnerability assessment, what is the purpose of ma...
- Question 125: Which protocol is commonly used for remote user authenticati...
- Question 126: Which compliance framework lays out guidelines for protectin...
- Question 127: What is the purpose of a Virtual Private Network (VPN) in cy...
- Question 128: What is one of the ethical principles that guide the code of...
- Question 129: Why is it important to maintain the chain of custody when ha...
- Question 130: What is the main purpose of port scanning in cybersecurity?...
- Question 131: Which of the following network technologies is commonly used...
- Question 132: What is the primary function of a server in a network infras...
- Question 133: Which of the following is an example of a natural disaster?...
- Question 134: Move each worm mitigation step from the list on the left to ...
- Question 135: Which of the following is an example of personally identifia...
- Question 136: What is the primary characteristic of an Advanced Persistent...
- Question 137: Which of the following is an example of a corrective control...
- Question 138: What is the purpose of a firewall in a network security syst...
- Question 139: Which of the following describes the purpose of a VPN (Virtu...
- Question 140: Which of the following best describes the main purpose of ma...
- Question 141: What is a common outcome of the policy development phase in ...
- Question 142: Which of the following is a characteristic of cloud-based ap...
- Question 143: Which macOS security feature encrypts the entire macOS volum...
- Question 144: Move each NIST Incident Response Lifecycle phase from the li...
- Question 145: Which of the following threat intelligence techniques involv...
- Question 146: During which stage of the incident response lifecycle are se...
- Question 147: Which protocol is used for broadcasting and resolving MAC ad...
- Question 148: What does "data integrity" refer to in the context of securi...
- Question 149: Which type of encryption protects data while it is being tra...
- Question 150: Which of the following is a data protection technique that i...
- Question 151: A threat actor sets up a rogue access point (AP) at a local ...
- Question 152: What is the purpose of incident response planning in cyberse...
- Question 153: Which of the following is a hardware or software-based netwo...
- Question 154: What is the primary reason for implementing multi-factor aut...
- Question 155: During a change management assessment, what should be evalua...
- Question 156: You need a software solution that performs the following tas...
- Question 157: Your supervisor tells you that you will participate in a CVS...
- Question 158: Your company is creating a BYOD policy to allow employees to...
- Question 159: What is configuration management in the context of cybersecu...
- Question 160: Which of the following is an example of a secure remote acce...
- Question 161: For each statement, select True if it is a common motivation...
- Question 162: What is the purpose of vulnerability management in cybersecu...
- Question 163: Which of the following is a common security threat that targ...
- Question 164: Which of the following is a common threat to cybersecurity?...
- Question 165: Which of the following is a feature of cloud computing?...
- Question 166: What does NAT stand for in networking?...
- Question 167: Which data type is protected through hard disk encryption?...
