CCST – Cisco Certified Support Technician

Cisco Just Announced Brand New Entry-Level Networking and Security Certs!

CCST Networking

CCST Cybersecurity


With a focus on entry-level job seekers, the new CCST Networking and/or CCST Cybersecurity certs might be a perfect fit for you.  These new certs would be a great resume builder to get your foot in the door and start your tech career.  


From Cisco’s official blog:


  • The Cisco Certified Support Technician (CCST) Cybersecurity certification validates entry-level Cybersecurity knowledge and skills to support and assist with tasks including security principles, network security and endpoint security concepts, vulnerability assessment and risk management, and incident handling.
  • The Cisco Certified Support Technician (CCST) Networking certification ensures successful candidates have the foundational knowledge and skills necessary to demonstrate how networks operate, including the devices, media, and protocols that enable network communication.

The Need For Entry Level Cisco Certifications:

Having the new option for entry level certifications provides “stepping stones” for those who want to achieve higher level certs in the future. For example, you could pass the CCST Networking exam and use that as a building block on the way to the highly respected associate level CCNA (Cisco Certified Network Associate) certification.   

Ever since Cisco retired the entry level CCENT Certification, we had a hunch that we would see something similar come back as an option at some point.  If you recall, there used to be an option for CCNA where you could take it as a two part exam instead of one big exam.  This was ICND1 and ICND2.  Once you passed the ICND1 exam, which was the first, more “fundamental” part of the CCNA exam, you would achieve the CCENT certification.  This is not the exact same case because the CCST certification does not count as “half” of the CCNA for testing purposes (Yet? Maybe in the future).  However, it does allow you to achieve a milestone that you can get on your resume quicker and also get a real world feel for what the full CCNA will look like when it comes time to sit that higher level cert.

Entry level security was something that Cisco has needed in their certification tree for a while now.  So, this is an especially exciting update to see!  The CCNA Security Certification was retired and replaced with badges / Network Security 1.0 a little while ago.  CCNP Security is available, but let’s be honest in that a professional level certification is a far way away from entry level and still a leap from associate level.  You need the foundation and building blocks!  The answer to this has been to pair up CCNA with the still very valid CCNA Security curriculum to develop essential network security skills.  Once you have those fundamental skills you’ll be equipped to move into a security career and continue to develop the more advanced skills.  We still highly recommend that path to learning.  The new CCST Cybersecurity certification is a great way to re-introduce an obtainable certification for candidates working on their cybersecurity and networking skills using their home lab.


What Is Covered?  The Best Way To Prepare.

So, let’s talk about the content.  It looks like Cisco will have a lot of free training resources available through their Skills For All Program.  That is great and will be an excellent resource.  If you want to really prepare and understand the concepts, studying CCNA and CCNA Security / Network 1.0 is also a great way to tackle this.  You will get a much more detailed understanding of the concepts to get through CCST and also be prepping for the associate level exams at the same time.  With the amount of overlap between the entry level and associate level curriculums, it wouldn’t be a bad idea to study the associate level curriculum and apply that to the specific topics on the CCST exams.  This is similar to the strategy we have suggested to many of our customers over the years concerning Comptia Network+ and/or Security+.  For example, once you pass the CCNA, while everything is fresh in your mind, it is a great idea to almost immediately go for Comptia Network+ because the exams are extremely similar.  Network+ has many of the same topics as CCNA and is much easier, so it is a breeze after completing CCNA.  (Heck, now you could knock out both CCST Networking and Net+ on your path to CCNA)

There is very minimal, fundamental configuration (lab work) on these exams.  So, you won’t see many lab style questions and the ones you do see won’t be the fuller and more complex scenarios that you will see on CCNA.  For example, on CCST Networking, expect to see basic things like using show commands, ping, traceroute, wireshark, etc.  You will see questions on things like routing protocols.  Even though those questions will likely be theory based (multiple choice, drag and drop, etc.), if you really want to understand a question on a routing protocol like OSPF, then running a lab on your home equipment is what is really going to give you that edge to fully understand the topic and increase your best chances for success.  

This will be very similar on the CCST Cybersecurity exam, but there will be more complex concepts over the CCST Networking exam.  A good foundation in networking first is only going to make understanding security topics and passing this exam much easier.  This is once again similar to how passing Comptia Network+ before Comptia Security+ makes your life a whole lot easier because you understand the core of what the security topics are built on.  We would still recommend running labs past the immediate requirements and getting as much information as you can on things like networking protocols, VLANs, etc. so you can really understand the content for this exam.  You may also see lab style questions based on the posted curriculum under categories such as, “Implement Secure Access Technologies – ACL, Firewall, VPN, NAC”.  So, hopping on your home lab and doing some ACL labs (found in our CertificationKits CCNA and Security lab eWorkbooks) where you are actually going through the commands and gaining the experience of creating a working ACL would be highly beneficial to fully prepare you!


Labbing paired with theory is always going to be the best path to success, no matter what level the exam is.  Working on an entry level lab kit such as one of our Base CCNA Lab Kits (2 router and 2 switch) or one of our entry level (economy or standard) CCNA Recommended (3 router and 3 switch) Lab Kits would be an excellent way to learn the full concepts and also gain hands on, real world experience!  On top of that, when you go in for that interview, you’ll be able to tell them that you have experience using real equipment and you’re not a paper tiger!  


We’re here to help with fast and friendly service!  We’ve been building lab kits of all sizes and for all levels of Cisco Certifications for over 20 years now!  Please send us an email at, use our Contact Form or give us a call at 866-950-2478 if we can help get you started with real equipment on your path to success.


Read the official Cisco Blog

Here is a list of the exam topics from Cisco on both of the new CCST exams:


  • CCST (Cisco Certified Support Technician) Networking 

1.0 Standards and Concepts

  • 1.1. Identify the fundamental conceptual building blocks of networks.
    • TCP/IP model, OSI model, frames and packets, addressing
  • 1.2. Differentiate between bandwidth and throughput.
    • Latency, delay, speed test vs. Iperf
  • 1.3. Differentiate between LAN, WAN, MAN, CAN, PAN, and WLAN.
    • Identify and illustrate common physical and logical network topologies.
  • 1.4. Compare and contrast cloud and on-premises applications and services.
    • Public, private, hybrid, SaaS, PaaS, IaaS, remote work/hybrid work
  • 1.5. Describe common network applications and protocols.
    • TCP vs. UDP (connection-oriented vs. connectionless), FTP, SFTP, TFTP, HTTP, HTTPS, DHCP, DNS, ICMP, NTP


2.0 Addressing and Subnet Formats

  • 2.1. Compare and contrast private addresses and public addresses.
    • Address classes, NAT concepts
  • 2.2. Identify IPv4 addresses and subnet formats.
    • Subnet concepts, Subnet Calculator, slash notation, and subnet mask; broadcast domain
  • 2.3. Identify IPv6 addresses and prefix formats.
    • Types of addresses, prefix concepts


3.0 Endpoints and Media Types

  • 3.1. Identify cables and connectors commonly used in local area networks.
    • Cable types: fiber, copper, twisted pair; Connector types: coax, RJ-45, RJ-11, fiber connector types
  • 3.2. Differentiate between Wi-Fi, cellular, and wired network technologies.
    • Copper, including sources of interference; fiber; wireless, including 802.11 (unlicensed, 2.4GHz, 5GHz, 6GHz), cellular (licensed), sources of interference
  • 3.3. Describe endpoint devices.
    • Internet of Things (IoT) devices, computers, mobile devices, IP Phone, printer, server
  • 3.4. Demonstrate how to set up and check network connectivity on Windows, Linux, Mac OS, Android, and Apple iOS.
    • Networking utilities on Windows, Linux, Android, and Apple operating systems; how to run troubleshooting commands; wireless client settings (SSID, authentication, WPA mode)

4.0 Infrastructure

  • 4.1. Identify the status lights on a Cisco device when given instruction by an engineer.
    • Link light color and status (blinking or solid)
  • 4.2. Use a network diagram provided by an engineer to attach the appropriate cables.
    • Patch cables, switches and routers, small topologies, power, rack layout
  • 4.3. Identify the various ports on network devices.
    • Console port, serial port, fiber port, Ethernet ports, SFPs, USB port, PoE
  • 4.4. Explain basic routing concepts.
    • Default gateway, layer 2 vs. layer 3 switches, local network vs. remote network
  • 4.5. Explain basic switching concepts.
    • MAC address tables, MAC address filtering, VLAN

5.0 Diagnosing Problems

  • 5.1. Demonstrate effective troubleshooting methodologies and help desk best practices, including ticketing, documentation, and information gathering.
    • Policies and procedures, accurate and complete documentation, prioritization
  • 5.2. Perform a packet capture with Wireshark and save it to a file.
    • Purpose of using a packet analyzer, saving and opening a .pcap file
  • 5.3. Run basic diagnostic commands and interpret the results.
    • ping, ipconfig/ifconfig/ip, tracert/traceroute, nslookup; recognize how firewalls can influence the result
  • 5.4. Differentiate between different ways to access and collect data about network devices.
    • Remote access (RDP, SSH, telnet), VPN, terminal emulators, Console, Network Management Systems, cloud-managed network (Meraki), scripts
  • 5.5. Run basic show commands on a Cisco network device.
    • show run, show cdp neighbors, show ip interface brief, show ip route, show version, show inventory, show switch, show mac address-table, show interface, show interface x, show interface status; privilege levels; command help and auto-complete

6.0 Security

  • 6.1. Describe how firewalls operate to filter traffic.
    • Firewalls (blocked ports and protocols); rules deny or permit access
  • 6.2. Describe foundational security concepts.
    • Confidentiality, integrity, and availability (CIA); authentication, authorization, and accounting (AAA); Multifactor Authentication (MFA); encryption, certificates, and password complexity; identity stores/databases (Active Directory); threats and vulnerabilities; spam, phishing, malware, and denial of service
  • 6.3. Configure basic wireless security on a home router (WPAx).
    • WPA, WPA2, WPA3; choosing between Personal and Enterprise; wireless security concepts


CCST (Cisco Certified Support Technician) Cybersecurity


1.0  Essential Security Principles

  • 1.1. Define essential security principles
    • Vulnerabilities, threats, exploits, and risks; attack vectors; hardening; defense-in-depth; confidentiality, integrity, and availability (CIA); types of attackers; reasons for attacks; code of ethics
  • 1.2. Explain common threats and vulnerabilities
    • Malware, ransomware, denial of service, botnets, social engineering attacks (tailgating, spear phishing, phishing, vishing, smishing, etc.), physical attacks, man in the middle, IoT vulnerabilities, insider threats, Advanced Persistent Threat (APT)
  • 1.3. Explain access management principles
    • Authentication, authorization, and accounting (AAA); RADIUS; multifactor authentication (MFA); password policies
  • 1.4. Explain encryption methods and applications
    • Types of encryption, hashing, certificates, public key infrastructure (PKI); strong vs. weak encryption algorithms; states of data and appropriate encryption (data in transit, data at rest, data in use); protocols that use encryption

2.0 Basic Network Security Concepts

  • 2.1. Describe TCP/IP protocol vulnerabilities
  • 2.2. Explain how network addresses impact network security
    • IPv4 and IPv6 addresses, MAC addresses, network segmentation, CIDR notation, NAT, public vs. private networks
  • 2.3. Describe network infrastructure and technologies
    • Network security architecture, DMZ, virtualization, cloud, honeypot, proxy server, IDS, IPS
  • 2.4. Set up a secure wireless SoHo network
    • MAC address filtering, encryption standards and protocols, SSID
  • 2.5. Implement secure access technologies
    • ACL, firewall, VPN, NAC

3.0 Endpoint Security Concepts

  • 3.1. Describe operating system security concepts
    • Windows, macOS, and Linux; security features, including Windows Defender and host-based firewalls; CLI and PowerShell; file and directory permissions; privilege escalation
  • 3.2. Demonstrate familiarity with appropriate endpoint tools that gather security assessment information
    • netstat, nslookup, tcpdump
  • 3.3. Verify that endpoint systems meet security policies and standards
    • Hardware inventory (asset management), software inventory, program deployment, data backups, regulatory compliance (PCI DSS, HIPAA, GDPR), BYOD (device management, data encryption, app distribution, configuration management)
  • 3.4. Implement software and hardware updates
    • Windows Update, application updates, device drivers, firmware, patching
  • 3.5. Interpret system logs
    • Event Viewer, audit logs, system and application logs, syslog, identification of anomalies
  • 3.6. Demonstrate familiarity with malware removal
    • Scanning systems, reviewing scan logs, malware remediation

4.0 Vulnerability Assessment and Risk Management

  • 4.1. Explain vulnerability management
    • Vulnerability identification, management, and mitigation; active and passive reconnaissance; testing (port scanning, automation)
  • 4.2. Use threat intelligence techniques to identify potential network vulnerabilities
    • Uses and limitations of vulnerability databases; industry-standard tools used to assess vulnerabilities and make recommendations, policies, and reports; Common Vulnerabilities and Exposures (CVEs), cybersecurity reports, cybersecurity news, subscription services, and collective intelligence; ad hoc and automated threat intelligence; the importance of updating documentation and other forms of communication proactively before, during, and after cybersecurity incidents; how to secure, share and update documentation
  • 4.3. Explain risk management
    • Vulnerability vs. risk, ranking risks, approaches to risk management, risk mitigation strategies, levels of risk (low, medium, high, extremely high), risks associated with specific types of data and data classifications, security assessments of IT systems (information security, change management, computer operations, information assurance)
  • 4.4. Explain the importance of disaster recovery and business continuity planning
    • Natural and human-caused disasters, features of disaster recovery plans (DRP) and business continuity plans (BCP), backup, disaster recovery controls (detective, preventive, and corrective)

5.0 Incident Handling

  • 5.1. Monitor security events and know when escalation is required
    • Role of SIEM and SOAR, monitoring network data to identify security incidents (packet captures, various log file entries, etc.), identifying suspicious events as they occur
  • 5.2. Explain digital forensics and attack attribution processes
    • Cyber Kill Chain, MITRE ATT&CK Matrix, and Diamond Model; Tactics, Techniques, and Procedures (TTP); sources of evidence (artifacts); evidence handling (preserving digital evidence, chain of custody)
  • 5.3. Explain the impact of compliance frameworks on incident handling
    • Compliance frameworks (GDPR, HIPAA, PCI-DSS, FERPA, FISMA), reporting and notification requirements
  • 5.4. Describe the elements of cybersecurity incident response
    • Policy, plan, and procedure elements; incident response lifecycle stages (NIST Special Publication 800-61 sections 2.3, 3.1-3.4