The CCST Cybersecurity Study Guide defines common attacker types:

Cyber criminal –

"An individual or group engaging in illegal activities for financial gain, such as selling stolen data or running spam campaigns."

State-sponsored attacker –

"Operates with the support or direction of a nation-state, often for espionage or political objectives."

Insider threat –

"A person within the organization, such as an employee or contractor, who misuses access to cause harm or steal data."

Hacktivist –

"Uses hacking techniques to promote political, social, or ideological causes."

(CCST Cybersecurity, Essential Security Principles , Threat Actor Types section, Cisco Networking Academy)

The CCST Cybersecurity material explains that MAC address filtering is a wireless security measure that allows only devices with approved hardware addresses to connect. If the laptop’s MAC address is not on the allow list, the connection will be blocked even if the SSID is correct.

"Wireless access points can be configured with MAC address filters to limit network access to authorized devices. If a device's MAC address is not on the permitted list, the connection will fail regardless of credentials."

(CCST Cybersecurity, Basic Network Security Concepts , Wireless Security section, Cisco Networking Academy)

A is unlikely because non-broadcast SSIDs can still be manually connected to.

B is correct: MAC address filtering would block an unregistered device.

C would cause IP issues after association, not prevent initial connection.

D (open authentication) would allow connection, so it’s not the cause here.

According to the CCST Cybersecurity course, anti-malware solutions with real-time protection scan files as they are downloaded or opened, blocking malicious code before it runs.

"Real-time protection automatically inspects files, applications, and scripts as they are accessed or downloaded, preventing execution of malicious code."

(CCST Cybersecurity, Endpoint Security Concepts , Malware Protection section, Cisco Networking Academy)

The CCST Cybersecurity course describes that risk scoring for vulnerabilities often involves likelihood and impact — similar to the CVSS (Common Vulnerability Scoring System) model.

"When prioritizing vulnerabilities, assess both the likelihood of exploitation and the potential impact to the organization. Likelihood measures how easy or probable it is for an adversary to exploit the weakness, while impact measures the consequences to confidentiality, integrity, and availability if exploitation occurs."

(CCST Cybersecurity, Vulnerability Assessment and Risk Management , Risk Assessment and Prioritization section, Cisco Networking Academy)

A is correct: Likelihood is a fundamental part of severity assessment.

B is correct: Impact determines how damaging an exploit would be.

C is incorrect: Time to choose replacement software is an operational consideration, not a severity metric.

D is incorrect: Hardware age may influence performance but does not directly define vulnerability severity.

The CCST Cybersecurity course teaches that vulnerability scan results should be reviewed for misconfigurations and exposures that can be exploited by attackers.

"Disabled firewalls expose systems to direct network attacks and should be treated as critical findings. Open ports can indicate unnecessary or unsecured services running, which may provide entry points for attackers. These findings should be escalated for remediation or further security hardening."

(CCST Cybersecurity, Vulnerability Assessment and Risk Management , Analyzing and Responding to Scan Results section, Cisco Networking Academy)

Encrypted passwords (A) are good practice, not a vulnerability.

Disabled firewalls (B) leave systems defenseless against incoming attacks.

Open ports (C) can be exploited if the services they expose are vulnerable or misconfigured.

SSH packets (D) are normal in secure remote administration and are not inherently a vulnerability.

The CCST Cybersecurity Study Guide explains that port security on switches can be configured to limit the number of MAC addresses allowed on a port, or to restrict it to specific devices.

"Port security can prevent unauthorized access by limiting or specifying the MAC addresses allowed to connect through a given switch port. This mitigates risks from rogue devices connecting to the network."

(CCST Cybersecurity, Basic Network Security Concepts , Switch Security section, Cisco Networking Academy)

The CCST Cybersecurity Study Guide highlights FileVault as the macOS full-disk encryption tool.

"FileVault is macOS’s built-in full-disk encryption feature. It encrypts the contents of the entire startup disk to help prevent unauthorized access to the information stored on the drive, even if the device is lost or stolen."

(CCST Cybersecurity, Endpoint Security Concepts , Disk Encryption section, Cisco Networking Academy)

A is correct: FileVault provides complete volume encryption.

B (Gatekeeper) controls app installation by verifying code signatures.

C (System Integrity Protection) protects system files from modification.

D (XProtect) is macOS’s built-in malware detection system.

The CCST Cybersecurity Study Guide explains that sandboxing is a security technique that executes suspicious programs in a controlled and isolated environment, preventing them from affecting production systems while enabling behavior analysis.

"Sandboxing isolates a suspected application in a secure, controlled environment where it can be executed and analyzed without risking damage to the host system or network."

(CCST Cybersecurity, Endpoint Security Concepts , Malware Analysis Techniques section, Cisco Networking Academy)

The CCST Cybersecurity Study Guide highlights that SSH (Secure Shell) provides encrypted communication for secure remote access and file transfer (using SCP or SFTP) over unsecured networks. This ensures confidentiality and integrity of the files in transit.

"SSH encrypts all data exchanged between client and server, protecting credentials and file contents from interception. It is the preferred protocol for secure device management and file transfers across untrusted networks."

(CCST Cybersecurity, Basic Network Security Concepts , Secure Remote Management section, Cisco Networking Academy)

A (Telnet) transmits data in plaintext.

B (HTTP) is unencrypted web traffic.

C (TFTP) is a simple, insecure file transfer protocol without encryption.

D is correct: SSH secures configuration file transfers across insecure networks.

The CCST Cybersecurity Study Guide explains that an insider threat is any threat to an organization that comes from people within the organization—employees, contractors, or business partners—who have inside information concerning the organization's security practices, data, and systems. Insider threats may be intentional or unintentional.

"An insider threat can be malicious or accidental. Employees may unintentionally cause data breaches by mishandling sensitive information, such as sending it to the wrong recipient."

(CCST Cybersecurity, Essential Security Principles , Threat Actor Types section, Cisco Networking Academy)

A (Logic bomb) is malicious code triggered by conditions.

B (Malware) is malicious software, unrelated to accidental email leaks.

C (Phishing) is an external social engineering attack.

D is correct: This is an unintentional insider threat .