The ideal prep guide for earning your CCST Cybersecurity certification
CCST Cisco Certified Support Technician Study Guide: Cybersecurity Exam is the perfect way to study for your certification as you prepare to start or upskill your IT career. Written by industry expert and Cisco guru Todd Lammle, this Sybex Study Guide uses the trusted Sybex approach, providing 100% coverage of CCST Cybersecurity exam objectives. You’ll find detailed information and examples for must-know Cisco cybersecurity topics, as well as practical insights drawn from real-world scenarios.
This study guide provides authoritative coverage of key exam topics, including essential security principles, basic network security concepts, endpoint security concepts, vulnerability assessment and risk management, and incident handling. You also get one year of FREE access to a robust set of online learning tools, including a test bank with hundreds of questions, a practice exam, a set of flashcards, and a glossary of important terminology. The CCST Cybersecurity certification is an entry point into the Cisco certification program, and a pathway to the higher-level CyberOps. It’s a great place to start as you build a rewarding IT career! - Study 100% of the topics covered on the Cisco CCST Cybersecurity certification exam - Get access to flashcards, practice questions, and more great resources online - Master difficult concepts with real-world examples and clear explanations - Learn about the career paths you can follow and what comes next after the CCST
This Sybex study guide is perfect for anyone wanting to earn their CCST Cybersecurity certification, including entry-level cybersecurity technicians, IT students, interns, and IT professionals.
CCST Cisco Certified Support Technician Study Guide: Cybersecurity Exam is the perfect way to study for your certification as you prepare to start or upskill your IT career. Written by industry expert and Cisco guru Todd Lammle, this Sybex Study Guide uses the trusted Sybex approach, providing 100% coverage of CCST Cybersecurity exam objectives. You’ll find detailed information and examples for must-know Cisco cybersecurity topics, as well as practical insights drawn from real-world scenarios.
This study guide provides authoritative coverage of key exam topics, including essential security principles, basic network security concepts, endpoint security concepts, vulnerability assessment and risk management, and incident handling. You also get one year of FREE access to a robust set of online learning tools, including a test bank with hundreds of questions, a practice exam, a set of flashcards, and a glossary of important terminology. The CCST Cybersecurity certification is an entry point into the Cisco certification program, and a pathway to the higher-level CyberOps. It’s a great place to start as you build a rewarding IT career! - Study 100% of the topics covered on the Cisco CCST Cybersecurity certification exam - Get access to flashcards, practice questions, and more great resources online - Master difficult concepts with real-world examples and clear explanations - Learn about the career paths you can follow and what comes next after the CCST
This Sybex study guide is perfect for anyone wanting to earn their CCST Cybersecurity certification, including entry-level cybersecurity technicians, IT students, interns, and IT professionals.
Table of Contents
Acknowledgments xxi About the Authors xxiii Introduction xxv Assessment Test xxxv Answer to Assessment Test xl Chapter 1 Security Concepts 1 Technology-Based Attacks 2 Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3 The Ping of Death 3 Distributed DoS (DDoS) 3 Botnet/Command and Control 3 Traffic Spike 4 Coordinated Attack 4 Friendly/Unintentional DoS 4 Physical Attack 5 Permanent DoS 5 Smurf 5 Acknowledgments xxi About the Authors xxiii Introduction xxv Assessment Test xxxv Answer to Assessment Test xl Chapter 1 Security Concepts 1 Technology-Based Attacks 2 Denial of Service (DoS)/Distributed Denial of Service (DDoS) 3 The Ping of Death 3 Distributed DoS (DDoS) 3 Botnet/Command and Control 3 Traffic Spike 4 Coordinated Attack 4 Friendly/Unintentional DoS 4 Physical Attack 5 Permanent DoS 5 Smurf 5
SYN Flood 5 Reflective/Amplified Attacks 7 On-Path Attack (Previously Known as Man-in-the-Middle Attack) 8 DNS Poisoning 8 VLAN Hopping 9 ARP Spoofing 10 Rogue DHCP 10 IoT Vulnerabilities 11 Rogue Access Point (AP) 11 Evil Twin 12 Ransomware 12 Password Attacks 12 Brute-Force 13 Dictionary 13 Advanced Persistent Threat 13 Hardening Techniques 13 Changing Default Credentials 14 Avoiding Common Passwords 14 DHCP Snooping 14 Change Native VLAN 15 Patching and Updates 15 Upgrading Firmware 16 Defense in Depth 16 Social-Based Attacks 17 Social Engineering 17 Insider Threats 17 Phishing 18 Vishing 19 Smishing 20 Spear Phishing 20 Environmental 20 Tailgating 20 Piggybacking 21 Shoulder Surfing 21 Malware 21 Ransomware 21 Summary 22 Exam Essentials 23 Review Questions 24 Chapter 2 Network Security Devices 27 Confidentiality, Integrity, Availability (CIA) 28 Confidentiality 29 Integrity 29 Availability 29 Threats 29 Internal 29 External 30 Network Access Control 30 Posture Assessment 30 Guest Network 30 Persistent vs. Nonpersistent Agents 30 Honeypot 31 Wireless Networks 31 Wireless Personal Area Networks 31 Wireless Local Area Networks 32 Wireless Metro Area Networks 33 Wireless Wide Area Networks 33 Basic Wireless Devices 34 Wireless Access Points 34 Wireless Network Interface Card 36 Wireless Antennas 36 Wireless Principles 37 Independent Basic Service Set (Ad Hoc) 37 Basic Service Set 38 Infrastructure Basic Service Set 39 Service Set ID 40 Extended Service Set 40 Nonoverlapping Wi-Fi channels 42 2.4 GHz Band 42 5 GHz Band (802.11ac) 43 2.4 GHz / 5GHz (802.11n) 43 Wi-Fi 6 (802.11ax) 45 Interference 45 Range and Speed Comparisons 46 Wireless Security 46 Authentication and Encryption 46 WEP 48 WPA and WPA2: An Overview 48 Wi-Fi Protected Access 49 WPA2 Enterprise 49 802.11i 50 WPA3 50 WPA3-Personal 51 WPA3-Enterprise 51 Summary 52 Exam Essentials 53 Review Questions 54 Chapter 3 IP, IPv6, and NAT 57 TCP/IP and the DoD Model 58 The Process/Application Layer Protocols 60 Telnet 61 Secure Shell (SSH) 61 File Transfer Protocol (FTP) 62 Secure File Transfer Protocol 63 Trivial File Transfer Protocol (TFTP) 63 Simple Network Management Protocol (SNMP) 63 Hypertext Transfer Protocol (HTTP) 64 Hypertext Transfer Protocol Secure (HTTPS) 65 Network Time Protocol (NTP) 65 Domain Name Service (DNS) 65 Dynamic Host Configuration Protocol (DHCP)/Bootstrap Protocol (BootP) 66 Automatic Private IP Addressing (APIPA) 69 The Host-to-Host or Transport Layer Protocols 69 Transmission Control Protocol (TCP) 70 User Datagram Protocol (UDP) 72 Key Concepts of Host-to-Host Protocols 74 Port Numbers 74 The Internet Layer Protocols 78 Internet Protocol (IP) 79 Internet Control Message Protocol (ICMP) 82 Address Resolution Protocol (ARP) 85 IP Addressing 86 IP Terminology 86 The Hierarchical IP Addressing Scheme 87 Network Addressing 88 Class A Addresses 90 Class B Addresses 91 Class C Addresses 92 Private IP Addresses (RFC 1918) 92 IPv4 Address Types 93 Layer 2 Broadcasts 94 Layer 3 Broadcasts 94 Unicast Address 94 Multicast Address 95 When Do We Use NAT? 96 Types of Network Address Translation 98 NAT Names 99 How NAT Works 100 Why Do We Need IPv6? 101 IPv6 Addressing and Expressions 102 Shortened Expression 103 Address Types 104 Special Addresses 105 Summary 106 Exam Essentials 107 Review Questions 110 Chapter 4 Network Device Access 115 Local Authentication 116 AAA Model 118 Authentication 119 Multifactor Authentication 119 Multifactor Authentication Methods 121 IPsec Transforms 165 Security Protocols 165 Encryption 167 GRE Tunnels 168 GRE over IPsec 169 Cisco DMVPN (Cisco Proprietary) 169 Cisco IPsec VTI 169 Public Key Infrastructure 170 Certification Authorities 170 Certificate Templates 172 Certificates 173 Summary 174 Exam Essentials 175 Review Questions 176 Chapter 6 OS Basics and Security 179 Operating System Security 180 Windows 180 Windows Defender Firewall 180 Scripting 184 Security Considerations 190 NTFS vs. Share Permissions 191 Shared Files and Folders 195 User Account Control 198 Windows Update 202 Application Patching 203 Device Drivers 204 macOS/Linux 204 System Updates/App Store 206 Patch Management 206 Firewall 207 Permissions 211 Driver/Firmware Updates 213 Operating Systems Life Cycle 214 System Logs 214 Event Viewer 214 Audit Logs 215 Syslog 216 Syslog Collector 216 Syslog Messages 217 Logging Levels/Severity Levels 218 Identifying Anomalies 218 SIEM 220 Summary 221 Exam Essentials 221 Review Questions 223 Chapter 7 Endpoint Security 225 Endpoint Tools 226 Command-Line Tools 226 netstat 227 nslookup 227 dig 228 ping 229 tracert 229 tcpdump 230 nmap 231 gpresult 232 Software Tools 232 Port Scanner 232 iPerf 233 IP Scanner 234 Endpoint Security and Compliance 234 Hardware Inventory 235 Asset Management Systems 235 Asset Tags 236 Software Inventory 236 Remediation 237 Considerations 238 Destruction and Disposal 238 Low-Level Format vs. Standard Format 239 Hard Drive Sanitation and Sanitation Methods 239 Overwrite 240 Drive Wipe 240 Physical Destruction 241 Data Backups 241 Regulatory Compliance 243 BYOD vs. Organization-Owned 243 Mobile Device Management (MDM) 244 Configuration Management 244 App Distribution 245 Data Encryption 245 Endpoint Recovery 248 Endpoint Protection 248 Cloud-Based Protection 250 Reviewing Scan Logs 250 Malware Remediation 254 Identify and Verify Malware Symptoms 254 Quarantine Infected Systems 254 Disable System Restore in Windows 255 Remediate Infected Systems 256 Schedule Scans and Run Updates 258 Enable System Restore and Create a Restore Point in Windows 260 Educate the End User 261 Summary 261 Exam Essentials 261 Review Questions 263 Chapter 8 Risk Management 265 Risk Management 266 Elements of Risk 267 Vulnerabilities 269 Threats 270 Exploits 270 Assets 270 Risk Analysis 271 Risk Levels 272 Risk Matrix 272 Risk Prioritization 274 Data Classifications 275 Risk Mitigation 277 Introduction 278 Strategic Response 279 Action Plan 279 Implementation and Tracking 280 Security Assessments 281 Vulnerability Assessment 281 Penetration Testing 282 Posture Assessment 282 Change Management Best Practices 283 Documented Business Processes 284 Change Rollback Plan (Backout Plan) 284 Sandbox Testing 284 Responsible Staff Member 285 Request Forms 285 Purpose of Change 286 Scope of Change 286 Risk Review 287 Plan for Change 287 Change Board 288 User Acceptance 289 Summary 289 Exam Essentials 290 Review Questions 291 Chapter 9 Vulnerability Management 293 Vulnerabilities 294 Vulnerability Identification 294 Management 295 Mitigation 297 Active and Passive Reconnaissance 298 Port Scanning 298 Vulnerability Scanning 299 Packet Sniffing/Network Traffic Analysis 300 Brute-Force Attacks 301 Open-Source Intelligence (OSINT) 302 DNS Enumeration 302 Social Engineering 303 Testing 304 Port Scanning 304 Automation 304 Threat Intelligence 305 Vulnerability Databases 308 Limitations 309 Assessment Tools 310 Recommendations 312 Reports 314 Security Reports 314 Cybersecurity News 314 Subscription-based 315 Documentation 316 Updating Documentation 316 Security Incident Documentation 317 Documenting the Incident 318 Following the Right Chain of Custody 319 Securing and Sharing of Documentation 319 Reporting the Incident 320 Recovering from the Incident 321 Documenting the Incident 321 Reviewing the Incident 321 Documentation Best Practices for Incident Response 322 Summary 322 Exam Essentials 323 Review Questions 324 Chapter 10 Disaster Recovery 327 Disaster Prevention and Recovery 328 Data Loss 329 File Level Backups 329 Image-Based Backups 332 Critical Applications 332 Network Device Backup/Restore 332 Data Restoration Characteristics 333 Backup Media 333 Backup Methods 335 Backup Testing 336 Account Recovery Options 336 Online Accounts 336 Local Accounts 336 Domain Accounts 337 Facilities and Infrastructure Support 338 Battery Backup/UPS 338 Power Generators 339 Surge Protection 339 HVAC 340 Fire Suppression 342 Redundancy and High Availability Concepts 343 Switch Clustering 343 Routers 344 Firewalls 345 Servers 345 Disaster Recovery Sites 345 Cold Site 345 Warm Site 346 Hot Site 346 Cloud Site 346 Active/Active vs. Active/Passive 346 Multiple Internet Service Providers/Diverse Paths 347 Testing 348 Tabletop Exercises 349 Validation Tests 349 Disaster Recovery Plan 350 Business Continuity Plan 352 Summary 352 Exam Essentials 353 Review Questions 354 Chapter 11 Incident Handling 357 Security Monitoring 358 Security Information and Event Management (SIEM) 359 Hosting Model 359 Detection Methods 359 Integration 360 Cost 360 Security Orchestration, Automation, and Response (SOAR) 361 Orchestration vs. Automation 362 Regulations and Compliance 362 Common Regulations 363 Data locality 363 Family Educational Rights and Privacy Act (FERPA) 364 Federal Information Security Modernization Act (FISMA) 365 Gramm-Leach-Bliley Act 366 General Data Protection Regulation (GDPR) 368 Health Insurance Portability and Accountability Act 369 Payment Card Industry Data Security Standards (PCI-DSS) 370 Reporting 371 Notifications 372 Summary 372 Exam Essentials 373 Review Questions 374 Chapter 12 Digital Forensics 377 Introduction 378 Forensic Incident Response 378 Attack Attribution 379 Cyber Kill Chain 380 MITRE ATT&CK Matrix 381 Diamond Model 382 Tactics, Techniques, and Procedures 383 Artifacts and Sources of Evidence 383 Evidence Handling 384 Preserving Digital Evidence 384 Chain of Custody 385 Summary 385 Exam Essentials 387 Review Questions 388 Chapter 13 Incident Response 391 Incident Handling 392 What Are Security Incidents? 393 Ransomware 393 Social Engineering 393 Phishing 393 DDoS Attacks 394 Supply Chain Attacks 394 Insider Threats 394 Incident Response Planning 394 Incident Response Plans 394 Incident Response Frameworks 395 Incident Preparation 396 Risk Assessments 397 Detection and Analysis 397 Containment 397 Eradication 397 Recovery 398 Post-incident Review 398 Lessons Learned 398 Creating an Incident Response Policy 399 Document How You Plan to Share Information with Outside Parties 400 Interfacing with Law Enforcement 401 Incident Reporting Organizations 401 Handling an Incident 401 Preparation 401 Preventing Incidents 403 Detection and Analysis 404 Attack Vectors 404 Signs of an Incident 405 Precursors and Indicators Sources 406 Containment, Eradication, and Recovery 406 Choosing a Containment Strategy 406 Evidence Gathering and Handling 407 Attack Sources 409 Eradication and Recovery 409 Post-incident Activity 410 Using Collected Incident Data 411 Evidence Retention 412 Summary 412 Exam Essentials 412 Review Questions 414 Appendix A Answers to Review Questions 417 Chapter 1: Security Concepts 418 Chapter 2: Network Security Devices 419 Chapter 3: IP, IPv6, and NAT 420 Chapter 4: Network Device Access 422 Chapter 5: Secure Access Technology 424 Chapter 6: OS Basics and Security 425 Chapter 7: Endpoint Security 426 Chapter 8: Risk Management 428 Chapter 9: Vulnerability Management 429 Chapter 10: Disaster Recovery 431 Chapter 11: Incident Handling 432 Chapter 12: Digital Forensics 434 Chapter 13: Incident Response 435 Glossary 439 Index 497
