According to theCCST Cybersecuritycourse, anti-malware solutions withreal-time protectionscan files as they are downloaded or opened, blocking malicious code before it runs.

"Real-time protection automatically inspects files, applications, and scripts as they are accessed or downloaded, preventing execution of malicious code."

(CCST Cybersecurity,Endpoint Security Concepts, Malware Protection section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidestates that vulnerability scanning is an automated process used to identify known security weaknesses in systems, software, and network devices. These scans compare system configurations and software versions against databases of known vulnerabilities, such as the Common Vulnerabilities and Exposures (CVE) list.

"A vulnerability scan is an automated test that checks systems and networks for known weaknesses by matching them against a database of vulnerabilities such as CVEs. This allows administrators to identify exploitable conditions before they are leveraged by attackers."

(CCST Cybersecurity,Vulnerability Assessment and Risk Management, Vulnerability Scanning section, Cisco Networking Academy)

Ais asset discovery, not vulnerability scanning.

Bmay be part of remediation planning but is not the primary purpose.

Cis correct: Scans detect if systems have vulnerabilities associated with CVEs.

Ddescribes SIEM (Security Information and Event Management) log correlation, not vulnerability scanning.

TheCCST Cybersecuritymaterial states that aVirtual Private Network (VPN)provides secure communication over an untrusted network, typically by ensuring:

Authentication→ verifying the identity of the user/device

Confidentiality→ encrypting the data so it cannot be read by unauthorized parties

Integrity→ ensuring that transmitted data has not been altered in transit

"VPNs secure remote access by authenticating users, encrypting data for confidentiality, and ensuring integrity through cryptographic checks."

(CCST Cybersecurity,Basic Network Security Concepts, VPNs section, Cisco Networking Academy)

Ais incorrect: WAN management is a network administration function, not a VPN feature.

Bis incorrect: Authorization is related but not a primary VPN security function.

Cis correct: Integrity is preserved through cryptographic hashing.

Dis correct: Authentication verifies user identity.

Eis correct: Confidentiality is provided via encryption.

Fis incorrect: Password management is separate from VPN functions.

TheCCST Cybersecurity Study Guideexplains thatWPA3is the most current and secure Wi-Fi Protected Access protocol, offering stronger encryption and better protection against brute-force attacks compared to earlier versions.

"WPA3 improves wireless security by using more robust encryption methods and protections against offline password guessing, making it the recommended protocol for securing modern Wi-Fi networks."

(CCST Cybersecurity,Basic Network Security Concepts, Wireless Security Protocols section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guidedescribes theDiamond Model of Intrusion Analysisas a framework to map the relationships between four core features of an intrusion:

Adversary– The threat actor or group conducting the attack.

Example: Ransomware Group

Capability– The tools, techniques, or malware the adversary uses.

Example: Phishing Email, Malware

Infrastructure– The physical or logical communication and delivery systems the adversary uses.

Example: Email Server, Domain Name

Victim– The target of the attack, such as systems, organizations, or individuals.

Example: Customer and Product Databases

"The Diamond Model helps analysts connect the attacker, the tools they use, the infrastructure supporting the attack, and the victim, providing a holistic view of the intrusion event."

(CCST Cybersecurity,Incident Handling, Threat Modeling section, Cisco Networking Academy)

TheCCST Cybersecurity Study Guideexplains that aninsider threatis any threat to an organization that comes from people within the organization—employees, contractors, or business partners—who have inside information concerning the organization's security practices, data, and systems. Insider threats may be intentional or unintentional.

"An insider threat can be malicious or accidental. Employees may unintentionally cause data breaches by mishandling sensitive information, such as sending it to the wrong recipient."

(CCST Cybersecurity,Essential Security Principles, Threat Actor Types section, Cisco Networking Academy)

A(Logic bomb) is malicious code triggered by conditions.

B(Malware) is malicious software, unrelated to accidental email leaks.

C(Phishing) is an external social engineering attack.

Dis correct: This is anunintentional insider threat.

TheCCST Cybersecuritycourse notes that isolation is a key part of thecontainment phaseof incident response. The goal is to prevent the compromised system from communicating with the attacker or spreading malware, while preserving it for analysis.

"Containment often involves removing an affected system from the production network and connecting it to a controlled forensic environment to preserve evidence and prevent further compromise."

(CCST Cybersecurity,Incident Handling, Containment Procedures section, Cisco Networking Academy)