CCST Cheat Sheet 2026
The 30 highest-yield CCST facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
46 questions
50 min time limit
75% to pass
- What is DNS poisoning and what risk does it pose? → Inserting false DNS records to redirect users to malicious websites
- What is the role of an incident response playbook? → To provide step-by-step procedures for handling specific types of security incidents
- What is the purpose of the IPv6 loopback address ::1? → To test the local TCP/IP stack without sending traffic on the network
- Identify which of the services below uses both TCP and UDP ports. → DNS
- What type of IPv6 address begins with fe80::/10 and is used for single-segment communication? → Link-local
- What is the CIDR prefix length for the subnet mask 255.255.252.0? → /22
- A network for connecting personal devices, like Bluetooth. → PAN (Personal Area Network)
- Which of the following security controls is primarily used to enforce the principle of confidentiality? → AES encryption
- Which protocol replaced ARP in IPv6 for address resolution? → NDP (Neighbor Discovery Protocol)
- Which class of IPv4 addresses uses the default subnet mask of 255.255.0.0? → Class B
- Which well-known port does the SMTP protocol use to send outgoing email between mail servers? → 25
- Which Ethernet switching method would you use if low latency is of utmost importance? → Cut-through
- Which Cisco IOS command can a support technician use to verify the IP configuration on a router interface? → show ip interface brief
- What is the purpose of 802.1X in WPA2-Enterprise? → To provide individual user authentication through a RADIUS server
- What is the main weakness of WPA2-Personal that WPA3 addresses? → The PSK four-way handshake is vulnerable to offline dictionary attacks
- What is the wildcard mask corresponding to the subnet mask 255.255.255.240? → 0.0.0.15
- A technician needs to transfer a router's IOS image using a lightweight protocol that requires no authentication and uses UDP. Which protocol should they use? → TFTP
- What does a Layer 2 switch use to make forwarding decisions? → MAC addresses
- Which tool would a technician use to test whether a specific TCP port (e.g., port 443) is open on a remote server? → telnet or Netcat (nc)
- What distinguishes a crossover cable from a straight-through cable? → Crossover cables swap transmit and receive pairs at one end for connecting similar devices
- Which Network Layer protocol handles error reporting and diagnostics? → ICMP
- Which command can a technician use on a Cisco IOS device to verify current active connections and listening TCP ports? → show ip sockets
- Which PDU is associated with the Transport Layer? → Segments
- Which statement about NTP is true? → NTP authentication is disabled by default.
- What is Power over Ethernet (PoE) and which cable category is recommended? → Power alongside data over copper Ethernet; Cat 6a recommended for high-power applications
- How many subnets can be created by borrowing 3 bits from the host portion of a subnet? → 8
- What is the function of a host-based intrusion detection system (HIDS)? → To monitor system activities and file changes to detect intrusion or policy violations
- Each operating system has built-in tools for configuring and troubleshooting network connectivity. → Networking utilities
- What is the administrative distance of a directly connected route? → 0
- What does CIDR stand for in networking? → Classless Inter-Domain Routing
Turn these facts into recall: