
無料2026年最新の100-160問題集で100%合格保証には最新の サンプル
準備100-160問題解答無料更新には100%試験合格保証 [2026]
Cisco 100-160 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
質問 # 158
Which of the following is a characteristic of cloud-based applications in the context of cybersecurity?
- A. They are typically more susceptible to cyber attacks compared to traditional on-premises applications.
- B. They require physical installation and maintenance, limiting their accessibility.
- C. They are not widely used and are considered a less secure option.
- D. They provide enhanced flexibility and scalability for organizations.
正解:D
解説:
Cloud-based applications offer numerous benefits, one of which is enhanced flexibility and scalability. These applications allow organizations to easily adjust their usage and storage needs without the need for physical hardware upgrades. This flexibility often contributes to improved productivity and cost-effectiveness. However, it's important to note that the cybersecurity of cloud-based applications depends on the implementation and security measures taken by the provider and user.
質問 # 159
Which regulation is aimed at protecting the privacy and security of personally identifiable information (PII) within the European Union?
- A. GDPR
- B. HIPAA
- C. BYOD
- D. PCI DSS
正解:A
解説:
The General Data Protection Regulation (GDPR) is a regulation that aims to protect the privacy and security of personally identifiable information (PII) of individuals within the European Union (EU). It provides guidelines and requirements for data processing, consent, transparency, and breach notification, among other aspects.
質問 # 160
Which Windows app is a command-line interface that includes a sophisticated scripting language used to automate Windows tasks?
- A. Microsoft Management Console
- B. Vim
- C. MS-DOS
- D. PowerShell
正解:D
解説:
The CCST Cybersecurity course identifies Windows PowerShell as both a command-line interface (CLI) and a robust scripting environment. It is used by system administrators for automation, configuration, and task scheduling.
"PowerShell is a Windows command-line shell and scripting language built on the .NET framework. It allows administrators to automate administrative tasks, manage system configurations, and execute complex scripts for system management." (CCST Cybersecurity, Endpoint Security Concepts, System Administration Tools section, Cisco Networking Academy) A is correct: PowerShell provides both interactive command execution and scripting capabilities.
B (MMC) is a GUI-based management console, not a CLI.
C (Vim) is a text editor, not a Windows-native CLI.
D (MS-DOS) is a legacy command shell with no advanced scripting features comparable to PowerShell.
質問 # 161
What is the primary purpose of a VPN (Virtual Private Network)?
- A. To encrypt email communications
- B. To establish a secure remote connection over a public network
- C. To secure wireless network connections
- D. To protect against malware attacks
正解:B
解説:
A VPN is designed to provide secure, encrypted communication over a public network such as the internet. Its primary purpose is to establish a secure and private connection between two endpoints, allowing remote users to access resources on a private network as if they were directly connected to it. This helps protect sensitive data and communications from interception by unauthorized individuals.
質問 # 162
Which of the following is a characteristic of a network-based firewall?
- A. Inspects and filters traffic at the application layer
- B. Operates at the data link layer
- C. Requires software installed on client devices
- D. Provides protection against external threats only
正解:D
解説:
Option 1: Incorrect. A network-based firewall inspects and filters traffic at the network layer, not the application layer.
Option 2: Incorrect. A network-based firewall operates at the network layer, not the data link layer.
Option 3: Correct. A network-based firewall provides protection against both external and internal threats.
Option 4: Incorrect. A network-based firewall does not require software installed on client devices.
質問 # 163
Which compliance framework is primarily concerned with securing payment card data and ensuring it is protected against unauthorized access?
- A. HIPAA
- B. FERPA
- C. PCI-DSS
- D. GDPR
正解:C
解説:
The Payment Card Industry Data Security Standard (PCI-DSS) is a compliance framework developed by the major credit card companies to safeguard payment card data and prevent fraud. It provides guidelines, requirements, and best practices for organizations that handle cardholder information, ensuring that it is stored, processed, and transmitted securely.
質問 # 164
Which malicious activity is NOT typically associated with cyber attacks?
- A. Data encryption
- B. Denial of Service (DoS)
- C. Malware
- D. Phishing
正解:A
解説:
Data encryption is a security measure used to protect data from unauthorized access. While encryption can be utilized by cyber attackers to make stolen data unreadable, it is not typically considered a malicious activity in itself. Instead, cyber attackers may employ techniques like phishing, denial of service attacks, or distributing malware to carry out their malicious intentions.
質問 # 165
Which state of data is appropriate for encrypting sensitive information stored in a database?
- A. Data in motion
- B. Data in transit
- C. Data at rest
- D. Data in use
正解:C
解説:
Data at rest refers to data that is stored on storage devices such as hard drives, databases, or backups. Encrypting sensitive information in a database while it is at rest ensures that even if the database is compromised, the data remains protected, and unauthorized access or theft of the data becomes more challenging.
質問 # 166
What should be done when a user forgets their password and requests a reset?
- A. Escalate the request to the user's supervisor for approval.
- B. Reset the password immediately without any further action.
- C. Verify the user's identity and follow the organization's password reset process.
- D. Inform the user that password resets are not allowed for security reasons.
正解:C
解説:
When a user forgets their password and requests a reset, it is necessary to verify the user's identity and follow the organization's established password reset process. Password resets may involve sensitive information and can lead to unauthorized access if not handled appropriately. Therefore, following the organization's procedures helps ensure the security and integrity of the password reset process.
質問 # 167
What is the purpose of a Virtual Private Network (VPN)?
- A. To monitor and analyze network traffic for potential security threats.
- B. To provide secure and encrypted remote access to a private network over a public network, such as the internet.
- C. To secure wireless networks from unauthorized access.
- D. To protect against viruses and malware.
正解:B
解説:
A Virtual Private Network (VPN) is a network technology that allows users to securely connect to a private network from a remote location over a public network, such as the internet. It establishes a secure tunnel between the user's device and the private network, encrypting the data and ensuring confidentiality and integrity.
質問 # 168
What is the primary characteristic of an Advanced Persistent Threat (APT) compared to traditional attacks?
- A. APTs are easily detectable by conventional security measures
- B. APTs are random and indiscriminate in their targets
- C. APTs involve persistent and prolonged attacks on specific targets
- D. APTs are primarily aimed at causing immediate damage to systems
正解:C
解説:
The primary characteristic of an APT is its persistent and prolonged nature. Unlike traditional attacks, which may be brief and target multiple entities, APTs specifically focus on a particular target for an extended period of time. This allows the attackers to gather more information and potentially cause significant damage.
質問 # 169
Which of the following is a preventive control that can help in reducing the risk of future incidents?
- A. Implementing strong access controls and authentication mechanisms
- B. Regularly updating antivirus signatures
- C. Conducting periodic employee training on incident response
- D. Creating secure backups of critical data
正解:A
解説:
Implementing strong access controls and authentication mechanisms is a preventive control that can help reduce the risk of future incidents. By ensuring that only authorized individuals have access to systems and data, the likelihood of unauthorized access or malicious activity is minimized. While regularly updating antivirus signatures, conducting employee training, and creating secure backups are also important preventive measures, the focus here is on access controls and authentication mechanisms.
質問 # 170
What type of security technique involves setting up a decoy system or network to lure and trap potential attackers?
- A. Proxy
- B. Virtualization
- C. Honeypot
- D. DMZ
正解:C
解説:
A honeypot is a security technique that involves setting up a decoy system or network to attract potential attackers. The purpose of a honeypot is to gather information about attackers' tactics, techniques, and intentions, allowing organizations to learn more about the threats they face and improve their defenses.
By monitoring the activities within a honeypot, organizations can gain valuable insights into emerging attack methods and enhance their overall cybersecurity strategy.
質問 # 171
Which of the following is a key requirement for conducting a security compliance audit?
- A. A certified auditor with expertise in security compliance
- B. A comprehensive understanding of security compliance standards and regulations
- C. Compliance monitoring tools and systems
- D. A detailed audit plan and checklist
正解:B
解説:
Option 1: Correct. A certified auditor with expertise in security compliance is a key requirement for conducting a security compliance audit. The auditor should have a deep understanding of security compliance standards and regulations to ensure that the audit is performed effectively.
Option 2: Incorrect.
While having a comprehensive understanding of security compliance standards and regulations is important, it is not a key requirement for conducting a security compliance audit. The main requirement is a certified auditor with expertise in security compliance.
Option 3: Incorrect.
Compliance monitoring tools and systems can be helpful during a security compliance audit, but they are not a key requirement. The main requirement is a certified auditor with expertise in security compliance.
Option 4: Incorrect. While having a detailed audit plan and checklist is important, it is not a key requirement for conducting a security compliance audit. The main requirement is a certified auditor with expertise in security compliance.
質問 # 172
What is the primary goal of a threat actor in a cyber attack?
- A. To cause damage or disruption to a target
- B. To gain unauthorized access to a network
- C. To identify and mitigate security risks
- D. To exploit vulnerabilities in a system
正解:A
解説:
The primary goal of a threat actor in a cyber attack is typically to cause damage, disruption, or gain some form of unauthorized advantage. They may aim to steal sensitive data, encrypt files for ransom, disrupt services, or compromise the integrity of a system. Understanding the motivations of threat actors helps in building effective defense strategies.
質問 # 173
Which of the following is true about security policies and procedures?
- A. They should be kept confidential and not shared with employees.
- B. They should only be accessible to the IT department.
- C. They should be documented once and never changed.
- D. They should be regularly reviewed and updated to reflect changing threats and technologies
正解:D
解説:
Option 1: Correct: Security policies and procedures should be regularly reviewed and updated to ensure they align with changing threats and technologies. This helps to maintain the effectiveness of the policies and processes.
Option 2: Incorrect: Security policies and procedures should be accessible to relevant employees and stakeholders, not restricted only to the IT department. It is important for everyone to understand and adhere to the policies and procedures.
Option 3: Incorrect: Security policies and procedures should be regularly updated as needed, not documented once and never changed. The changing threat landscape and evolving technologies necessitate the periodic review and update of security policies and procedures.
Option 4: Incorrect: Security policies and procedures should be communicated and shared with employees to ensure everyone understands and follows them. Keeping them confidential and not sharing them would hinder their effectiveness.
質問 # 174
What is an attack vector in cybersecurity?
- A. The method used by an attacker to gain unauthorized access
- B. A vulnerability in a system that can be exploited
- C. The path or means through which an attacker can exploit vulnerabilities
- D. The likelihood of a cyber attack taking place
正解:C
解説:
An attack vector refers to the pathway or means by which an attacker can carry out a successful exploit or gain unauthorized access to a system. It can be a network protocol, software vulnerability, social engineering technique, malicious email attachment, or any other method that allows an attacker to exploit vulnerabilities. Understanding attack vectors is crucial for implementing effective defenses and mitigating risks.
質問 # 175
What is one of the main objectives of documenting cybersecurity incidents?
- A. To minimize the impact of cyber attacks
- B. To divert attention from the incident
- C. To create a historical record of incidents for legal purposes
- D. To assign blame to individuals responsible for the incident
正解:A
解説:
Documenting cybersecurity incidents helps organizations understand the nature, extent, and impact of the incident. By documenting incidents, organizations can analyze trends, develop strategies to prevent future incidents, and minimize the impact of cyber attacks.
質問 # 176
Which component of network security architecture is designed to separate the internal network from the external network?
- A. Proxy
- B. Virtualization
- C. Cloud
- D. DMZ
正解:D
解説:
A DMZ, or demilitarized zone, is a network segment that is used to separate the internal network from the external network. It acts as a buffer zone between the organization's network and the internet, providing an additional layer of security. By placing servers, such as web servers or email servers, in the DMZ, organizations can ensure that external traffic is filtered and scrutinized before reaching the internal network.
質問 # 177
What is the purpose of a Virtual Private Network (VPN) in cybersecurity?
- A. To filter network traffic based on predefined rules
- B. To encrypt traffic between two networks
- C. To authenticate users before granting them access
- D. To monitor network traffic for potential security threats
正解:B
解説:
A Virtual Private Network (VPN) is a secure connection established over a public network, such as the internet. Its primary purpose is to encrypt traffic between two networks or between an individual user and a network. By using encryption protocols, VPNs ensure that data transmitted over the network remains confidential and secure, protecting it from unauthorized access or interception.
質問 # 178
Which of the following features help to secure a wireless SoHo network from unauthorized access?
- A. SSID broadcast
- B. Weak encryption
- C. Default admin credentials
- D. MAC filtering
正解:D
質問 # 179
Which security measure can prevent unauthorized devices from automatically connecting to a corporate network through unused switch ports?
- A. VLAN trunking
- B. VPN
- C. Port security
- D. NAT
正解:C
解説:
The CCST Cybersecurity Study Guide explains that port security on switches can be configured to limit the number of MAC addresses allowed on a port, or to restrict it to specific devices.
"Port security can prevent unauthorized access by limiting or specifying the MAC addresses allowed to connect through a given switch port. This mitigates risks from rogue devices connecting to the network." (CCST Cybersecurity, Basic Network Security Concepts, Switch Security section, Cisco Networking Academy)
質問 # 180
What regulation is specifically designed to ensure the security of payment card data processed by organizations?
- A. PCI DSS
- B. HIPAA
- C. BYOD
- D. GDPR
正解:A
解説:
The Payment Card Industry Data Security Standard (PCI DSS) is a regulation that focuses on ensuring the security of payment card data processed by organizations. It provides a set of security requirements that organizations handling payment card data must follow to protect against fraud and data breaches.
質問 # 181
How can cybersecurity reports contribute to incident response procedures?
- A. By suggesting countermeasures.
- B. By establishing communication channels with law enforcement agencies.
- C. By providing real-time threat intelligence.
- D. By identifying potential attack vectors.
正解:C
解説:
Cybersecurity reports can contribute to incident response procedures by providing real-time threat intelligence. These reports analyze and share information about emerging threats, attack trends, and new vulnerabilities. By incorporating the findings from these reports into their incident response plans, organizations can stay ahead of attackers and improve their ability to detect, mitigate, and respond to potential incidents effectively.
質問 # 182
What is the main purpose of risk management in the context of cybersecurity?
- A. To transfer all cybersecurity risks to a third-party vendor.
- B. To identify and prioritize potential cybersecurity risks for effective mitigation.
- C. To ignore potential cybersecurity risks to minimize costs.
- D. To eliminate all possible risks to an organization's cybersecurity.
正解:B
解説:
The main purpose of risk management in the context of cybersecurity is to identify and prioritize potential risks associated with a system, network, or application. By understanding the risks, organizations can develop effective mitigation strategies and allocate resources accordingly. Risk management involves assessing the likelihood and impact of potential risks, determining their significance to the organization, and implementing appropriate controls to mitigate or reduce those risks to an acceptable level.
質問 # 183
......
リアル問題集Cisco 100-160試験問題 [更新されたのは2026年]:https://www.goshiken.com/Cisco/100-160-mondaishu.html
無料100-160試験問題集合格させるお手軽に試験合格:https://drive.google.com/open?id=1PrNzbcoh8tDBG2lWbIbaoee1n9wg4Yh4