Free Cisco 200-201 Practice Exam with Questions & Answers | Set: 14

 In NetFlow log sessions within TCP connections; ACK flag is used for acknowledging that data has been successfully received while RST flag is used when there’s an error or when closing a connection spontaneously without following standard procedures. References := Cisco Cybersecurity source documents or study guide

 The category of the Cyber Kill Chain model that this event belongs to is weaponization. This stage occurs after reconnaissance has taken place and the attacker has discovered all necessary information about potential targets, such as vulnerabilities. In the weaponization stage, the attacker’s preparatory work culminates in the creation of malware to be used against an identified target, which in this case is a specific worm tailored to exploit a software flaw and extract saved passwords. References: The Cyber Kill Chain framework, developed by Lockheed Martin, explains the weaponization stage as the process where attackers create or modify cyber weapons based on the intelligence gathered during reconnaissance

 Cyber attribution identifies the threat actors of an attack in an investigation. Threat actors are the individuals, groups, organizations, or states that are responsible for conducting or sponsoring a cyberattack. Threat actors can have different motives, such as financial gain, espionage, sabotage, activism, or warfare. Cyber attribution can help investigators to determine the identity, location, affiliation, and motivation of the threat actors, as well as to hold them accountable and impose sanctions or legal actions. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 5: Security Policies and Procedures, Lesson 5.2: Incident Response, Topic 5.2.3: Cyber Attribution, page 5-14.

Encryption is an evasion technique that is a function of ransomware, which is a type of malware that encrypts the victim’s files or system and demands a ransom for the decryption key. Encryption is used by ransomware to prevent the victim from accessing their data and to avoid detection by antivirus or other security tools. Encryption can also be used by other types of malware to hide their communication, configuration, or payload from analysis. References:

Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) v1.0, Module 3: Network Intrusion Analysis, Lesson 3.4: Malware

Cisco Certified CyberOps Associate Overview, Exam Topics, 3.4 Compare and contrast types of malware

False-positive alerts are alerts that are triggered by benign or normal network traffic and are mistakenly identified as malicious. False positives can have a negative impact on business as they may consume the resources and time of the security team that need to analyze and verify them. True-positive alerts are alerts that correctly identify malicious traffic or activity and require proper incident response procedures. True positives can help the security team to quickly detect and mitigate threats and minimize the damage to the organization. References := Understanding Cisco Cybersecurity Operations Fundamentals (CBROPS) - Cisco, page 92; [Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide], page 98

Cisco Application Visibility and Control (AVC) provides features like metrics collection and exporting (D) for visibility on TCP bandwidth usage, response time, and latency. Application recognition (E) combined with deep packet inspection helps in identifying unknown software by its network traffic flow. References := Cisco CyberOps Associate - Module 2: Security Concepts

NAT (Network Address Translation) and PAT (Port Address Translation) are technologies that modify the IP address information in packet headers as they pass through a router or firewall, making it difficult to trace the communication back to the originating end-device.