🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
100-160
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
100-160 Cisco Systems Coming Soon

CCST Cybersecurity

Participants learn essential security principles, basic network security, endpoint protection, vulnerability assessment, risk management, and incident handling, preparing them to support Cisco security solutions and respond effectively to threats.

50
Minutes
$125
Exam Cost

Who Should Take This

The certification targets entry‑level IT professionals, help technicians, and recent graduates who have a basic grasp of cybersecurity concepts and up to six months of hands‑on exposure. It equips them to identify common threats, apply standard security controls, and assist in incident response, advancing their career toward specialized security roles.

What's Covered

1 All domains in the Cisco Certified Support Technician Cybersecurity (100-160) exam: Essential Security Principles
2 , Basic Network Security Concepts
3 , Endpoint Security Concepts
4 , Vulnerability Assessment and Risk Management
5 , and Incident Handling

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

61 learning goals
1 Domain 1: Essential Security Principles
4 topics

Define the CIA triad and fundamental security concepts

  • Define the CIA triad (confidentiality, integrity, availability) and describe how each principle applies to protecting information systems, data, and services from unauthorized access and disruption.
  • Describe the concepts of non-repudiation and accountability in information security and explain how audit trails, digital signatures, and logging mechanisms support these principles.
  • Identify the principle of least privilege and describe how it limits user and system permissions to the minimum necessary for performing authorized tasks, reducing the attack surface.
  • Describe defense-in-depth strategy and explain how layered security controls (physical, technical, administrative) work together to protect assets when any single layer is compromised.

Understand authentication, authorization, and access control

  • Differentiate between authentication, authorization, and accounting (AAA) and describe how each function contributes to verifying identity, granting permissions, and tracking user activity.
  • Identify multi-factor authentication (MFA) categories including something you know, something you have, and something you are, and describe how combining factors strengthens identity verification.
  • Compare discretionary access control (DAC), mandatory access control (MAC), and role-based access control (RBAC) models and explain how each model governs resource access decisions.

Understand cryptography fundamentals

  • Differentiate between symmetric and asymmetric encryption by comparing key management, computational overhead, common algorithms (AES, DES, RSA, ECC), and typical use cases for each approach.
  • Describe hashing algorithms including MD5, SHA-1, and SHA-256 and explain how hash functions provide data integrity verification through fixed-length message digests and collision resistance.
  • Describe the purpose of digital certificates and public key infrastructure (PKI) including certificate authorities, certificate signing requests, certificate revocation, and how TLS/SSL uses certificates for secure web communications.

Understand security governance basics

  • Describe the purpose of security governance including organizational security policies, acceptable use policies, data classification schemes, and the role of security awareness programs.
  • Describe physical security controls including badge access systems, biometric authentication, security cameras, mantrap entries, and environmental controls for protecting data center and server room assets.
2 Domain 2: Basic Network Security Concepts
3 topics

Identify network attack types and threat actors

  • Identify common network attack categories including reconnaissance, denial-of-service (DoS/DDoS), man-in-the-middle, spoofing, and session hijacking and describe the objective and basic mechanism of each.
  • Identify social engineering attack techniques including phishing, spear phishing, vishing, smishing, pretexting, and tailgating and describe how each technique exploits human trust.
  • Identify threat actor categories including script kiddies, hacktivists, organized crime groups, nation-state actors, and insider threats and describe their typical motivations, capabilities, and targets.
  • Analyze a network attack scenario to identify the attack type, the targeted CIA triad principle, and recommend appropriate detection or prevention mechanisms.
  • Describe common password attack techniques including brute force, dictionary attacks, credential stuffing, password spraying, and rainbow table attacks and identify mitigation strategies such as MFA and account lockout.

Understand network security devices and technologies

  • Describe the functions and placement of network firewalls including packet filtering, stateful inspection, and next-generation firewall capabilities for controlling traffic flow between network zones.
  • Differentiate between intrusion detection systems (IDS) and intrusion prevention systems (IPS) by comparing passive monitoring versus inline blocking, signature-based versus anomaly-based detection methods.
  • Describe VPN types including site-to-site and remote access VPNs and explain how IPsec and SSL/TLS tunneling protocols provide confidentiality, integrity, and authentication for data in transit.
  • Describe the purpose of web security appliances, email security gateways, and proxy servers for filtering malicious content, blocking spam, and enforcing acceptable use policies.

Understand network security protocols and access control

  • Describe the purpose of 802.1X port-based network access control and explain how supplicants, authenticators, and authentication servers (RADIUS) work together to secure wired and wireless network access.
  • Describe the purpose of network segmentation using VLANs, DMZs, and zones to isolate sensitive assets, contain lateral movement, and enforce security policies between network segments.
  • Identify wireless security protocols including WPA2-Enterprise and WPA3 and describe how they use encryption and authentication mechanisms to protect wireless network communications.
3 Domain 3: Endpoint Security Concepts
4 topics

Identify malware types and endpoint threats

  • Identify common malware types including viruses, worms, trojans, ransomware, spyware, adware, rootkits, and fileless malware and describe the propagation method and impact of each type.
  • Describe common application-level attack vectors including SQL injection, cross-site scripting (XSS), buffer overflow, and cross-site request forgery (CSRF) and their impact on endpoint and web application security.
  • Analyze indicators of compromise (IoCs) including unusual network traffic, unexpected process execution, registry modifications, and file integrity changes to determine whether an endpoint has been compromised.

Understand endpoint protection technologies

  • Describe antivirus and antimalware solutions including signature-based detection, heuristic analysis, and behavioral analysis and explain how each method identifies known and unknown threats.
  • Describe endpoint detection and response (EDR) capabilities including continuous monitoring, threat detection, automated response, and forensic investigation support for advanced endpoint security.
  • Describe host-based firewalls, application whitelisting, and data loss prevention (DLP) tools as endpoint security controls and explain how each protects against unauthorized access and data exfiltration.

Understand operating system and endpoint hardening

  • Describe OS hardening techniques including disabling unnecessary services, removing default accounts, applying security patches, configuring host-based firewalls, and enabling audit logging.
  • Describe the importance of patch management processes including vulnerability identification, patch testing, deployment scheduling, and rollback procedures for maintaining endpoint security posture.
  • Describe mobile device security controls including MDM enrollment, screen lock policies, remote wipe capabilities, app sandboxing, and BYOD security considerations.
  • Compare full-disk encryption and file-level encryption approaches for protecting data at rest on endpoints, describing use cases, key management considerations, and performance implications.

Understand identity and access management for endpoints

  • Describe single sign-on (SSO) and federated identity concepts including SAML, OAuth, and OpenID Connect and explain how they simplify user authentication across multiple applications.
  • Describe privileged access management concepts including credential vaulting, just-in-time access, session recording, and the principle of least privilege for administrator account security.
4 Domain 4: Vulnerability Assessment and Risk Management
3 topics

Understand vulnerability assessment concepts

  • Describe the vulnerability management lifecycle including discovery, assessment, prioritization, remediation, and verification phases and explain the role of continuous scanning in maintaining security posture.
  • Identify common vulnerability scanning tools and databases including Nessus, OpenVAS, CVE, CVSS, and NVD and describe how they are used to identify, classify, and score security vulnerabilities.
  • Differentiate between vulnerability scans and penetration tests by comparing scope, methodology, authorization requirements, and the type of findings each produces.
  • Apply CVSS scoring to prioritize vulnerability remediation by interpreting base, temporal, and environmental score components and determining criticality relative to the organization's risk tolerance.

Understand risk management concepts

  • Define risk management terminology including threat, vulnerability, exploit, risk, asset, impact, and likelihood and describe how these elements relate in a risk assessment framework.
  • Identify the four risk response strategies (accept, avoid, mitigate, transfer) and describe when each strategy is appropriate based on the risk level and organizational context.
  • Differentiate between qualitative and quantitative risk assessment methods and explain how each approach evaluates the likelihood and impact of security threats to organizational assets.

Understand security policies and compliance

  • Identify common security policy types including acceptable use policies, password policies, data classification policies, incident response policies, and remote access policies.
  • Identify major regulatory and compliance frameworks including GDPR, HIPAA, PCI DSS, SOX, and NIST and describe their primary purpose and the types of organizations they apply to.
  • Describe the relationship between security policies, standards, procedures, and guidelines within an organization's governance framework and explain how they form a hierarchy of security documentation.
  • Describe the purpose of security awareness training programs and explain how employee education on phishing recognition, password hygiene, and social engineering reduces organizational risk.
5 Domain 5: Incident Handling
4 topics

Understand incident response processes

  • Describe the incident response lifecycle phases including preparation, identification, containment, eradication, recovery, and lessons learned as defined by NIST SP 800-61.
  • Describe the roles and responsibilities within an incident response team including incident handler, forensic analyst, communications lead, and management liaison.
  • Apply the incident classification and severity framework to categorize security events by type, scope, and business impact and determine the appropriate escalation path.
  • Differentiate between containment strategies including short-term containment (network isolation, account disabling) and long-term containment (system reimaging, patch application) based on incident severity.

Understand security monitoring and SIEM

  • Describe the purpose and capabilities of Security Information and Event Management (SIEM) systems including log aggregation, correlation, alerting, and dashboard visualization for security operations.
  • Identify common log sources for security monitoring including firewall logs, IDS/IPS alerts, system event logs, authentication logs, and network flow data and describe what each log source reveals.
  • Describe threat intelligence concepts including indicators of compromise (IoCs), tactics techniques and procedures (TTPs), and the MITRE ATT&CK framework for understanding adversary behavior.
  • Describe the purpose of security orchestration, automation, and response (SOAR) platforms in automating repetitive SOC tasks, playbook execution, and reducing mean time to respond to security incidents.

Understand digital forensics and evidence handling

  • Describe the order of volatility for digital evidence (registers, cache, RAM, disk, removable media, logs) and explain why evidence must be collected from most volatile to least volatile sources.
  • Describe chain of custody procedures including evidence documentation, secure storage, access logging, and integrity verification using hashing to maintain evidentiary value.
  • Describe the purpose of post-incident activities including root cause analysis, lessons learned documentation, control improvement recommendations, and updating incident response plans.
  • Analyze a security incident scenario to identify the appropriate response phase, recommend containment actions, and determine which evidence sources should be preserved for investigation.

Understand business continuity and disaster recovery

  • Define business continuity and disaster recovery concepts including RTO, RPO, MTTR, MTBF, and BIA and explain how these metrics guide recovery planning decisions.
  • Describe backup strategies including full, incremental, and differential backups and explain how backup rotation schemes, offsite storage, and testing procedures support data recovery objectives.

Scope

Included Topics

  • All domains in the Cisco Certified Support Technician Cybersecurity (100-160) exam: Essential Security Principles (20%), Basic Network Security Concepts (20%), Endpoint Security Concepts (20%), Vulnerability Assessment and Risk Management (20%), and Incident Handling (20%).
  • Foundational cybersecurity knowledge including the CIA triad, authentication and authorization mechanisms, encryption fundamentals, common attack types, vulnerability scanning, risk assessment, and incident response procedures.
  • Key security technologies and concepts including firewalls, IDS/IPS, VPNs, antimalware, endpoint detection and response, SIEM, security policies, access controls, PKI, and digital certificates.
  • Basic security monitoring, log analysis, threat intelligence sources, compliance frameworks, and security operations fundamentals aligned to entry-level cybersecurity support roles.

Not Covered

  • Advanced penetration testing methodologies, exploit development, and red team operations beyond entry-level awareness.
  • Enterprise SIEM deployment and configuration, advanced threat hunting, and SOC Tier 2/3 analyst-level investigation techniques.
  • Detailed cryptographic algorithm implementation, key exchange protocol internals, and certificate authority infrastructure design.
  • Cloud-native security architectures, container security, and DevSecOps pipeline integration beyond basic awareness.
  • Advanced malware reverse engineering, forensic disk imaging, and chain-of-custody evidence handling procedures.

Official Exam Page

Learn more at Cisco Systems

Visit

100-160 is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Cisco®, CCNA®, CCNP®, CCIE®, and related marks are registered trademarks of Cisco Technology, Inc. Cisco does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.