CCST Cheat Sheet 2026

The 30 highest-yield CCST facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

46 questions
50 min time limit
75% to pass
  1. What is DNS poisoning and what risk does it pose? Inserting false DNS records to redirect users to malicious websites
  2. What is the role of an incident response playbook? To provide step-by-step procedures for handling specific types of security incidents
  3. What is the purpose of the IPv6 loopback address ::1? To test the local TCP/IP stack without sending traffic on the network
  4. Identify which of the services below uses both TCP and UDP ports. DNS
  5. What type of IPv6 address begins with fe80::/10 and is used for single-segment communication? Link-local
  6. What is the CIDR prefix length for the subnet mask 255.255.252.0? /22
  7. A network for connecting personal devices, like Bluetooth. PAN (Personal Area Network)
  8. Which of the following security controls is primarily used to enforce the principle of confidentiality? AES encryption
  9. Which protocol replaced ARP in IPv6 for address resolution? NDP (Neighbor Discovery Protocol)
  10. Which class of IPv4 addresses uses the default subnet mask of 255.255.0.0? Class B
  11. Which well-known port does the SMTP protocol use to send outgoing email between mail servers? 25
  12. Which Ethernet switching method would you use if low latency is of utmost importance? Cut-through
  13. Which Cisco IOS command can a support technician use to verify the IP configuration on a router interface? show ip interface brief
  14. What is the purpose of 802.1X in WPA2-Enterprise? To provide individual user authentication through a RADIUS server
  15. What is the main weakness of WPA2-Personal that WPA3 addresses? The PSK four-way handshake is vulnerable to offline dictionary attacks
  16. What is the wildcard mask corresponding to the subnet mask 255.255.255.240? 0.0.0.15
  17. A technician needs to transfer a router's IOS image using a lightweight protocol that requires no authentication and uses UDP. Which protocol should they use? TFTP
  18. What does a Layer 2 switch use to make forwarding decisions? MAC addresses
  19. Which tool would a technician use to test whether a specific TCP port (e.g., port 443) is open on a remote server? telnet or Netcat (nc)
  20. What distinguishes a crossover cable from a straight-through cable? Crossover cables swap transmit and receive pairs at one end for connecting similar devices
  21. Which Network Layer protocol handles error reporting and diagnostics? ICMP
  22. Which command can a technician use on a Cisco IOS device to verify current active connections and listening TCP ports? show ip sockets
  23. Which PDU is associated with the Transport Layer? Segments
  24. Which statement about NTP is true? NTP authentication is disabled by default.
  25. What is Power over Ethernet (PoE) and which cable category is recommended? Power alongside data over copper Ethernet; Cat 6a recommended for high-power applications
  26. How many subnets can be created by borrowing 3 bits from the host portion of a subnet? 8
  27. What is the function of a host-based intrusion detection system (HIDS)? To monitor system activities and file changes to detect intrusion or policy violations
  28. Each operating system has built-in tools for configuring and troubleshooting network connectivity. Networking utilities
  29. What is the administrative distance of a directly connected route? 0
  30. What does CIDR stand for in networking? Classless Inter-Domain Routing
Turn these facts into recall: