DDoS attacks are divided into two categories: reflected and direct. Reflected attacks use a third-party

system to amplify the attack traffic and send it to the target. For example, an attacker can send a

spoofed request to a DNS server, which will reply with a large amount of data to the target’s IP

address. Direct attacks send the attack traffic directly from the attacker’s system or a botnet to the

target. For example, an attacker can send a large number of SYN packets to the target’s port,

exhausting its resources. Reference := Cisco Cybersecurity Operations Fundamentals, Module 1:

Security Concepts, Lesson 1.3: Common Network Application Operations and Attacks, Topic 1.3.4:

Denial-of-Service Attacks

IP data stands for Intellectual Property data, which is any data that represents the creations of the

mind, such as inventions, patents, designs, or artistic works. IP data is protected by law and has

commercial value for its owners. In this case, the automotive company has a database of IP data for

their engines and technical information, which customers can access after they register and identify

themselves. Reference := Cisco Cybersecurity Operations Fundamentals, Module 1: Security

Concepts, Lesson 1.2: Data Protection, Topic 1.2.1: Data Types

Attacking a vulnerability is categorized as exploitation, which is the third phase of the cyberattack

lifecycle. Exploitation is the process of taking advantage of a vulnerability in a system, application, or

network to gain access, escalate privileges, or execute commands. Action on objectives, delivery, and

installation are other phases of the cyberattack lifecycle, but they do not involve attacking a

vulnerability. Action on objectives is the final phase, where the attacker achieves their goal, such as

stealing data, disrupting services, or destroying assets. Delivery is the second phase, where the

attacker delivers the malicious payload, such as malware, phishing email, or malicious link, to the

target. Installation is the fourth phase, where the attacker installs the malicious payload on the

compromised system or network to maintain persistence or spread laterally. Reference: What is a

Cyberattack? | IBM, Recognizing the seven stages of a cyber-attack - DNV

ARP cache poisoning is a type of attack that intercepts traffic on a switched network by sending

spoofed ARP messages to associate the attacker’s MAC address with the IP address of a legitimate

host or gateway. This way, the attacker can redirect the traffic intended for the legitimate host or

gateway to his own device and perform a man-in-the-middle attack. Reference := Cisco Cybersecurity

Operations Fundamentals

The attack vector score in the Common Vulnerability Scoring System (CVSS) reflects how a

vulnerability can be exploited. A higher score is given when the attack can be conducted remotely,

making it easier for an attacker to exploit the vulnerability without physical access to the vulnerable

component3. Reference: The CVSS specification document provides a detailed explanation of how

the attack vector score is determined, emphasizing the impact of the ease of exploitation on the

score

Data encapsulation is a process in networking where the protocol stack of the sending host adds

headers (and sometimes trailers) to the data.

Each layer of the OSI or TCP/IP model adds its own header to the data as it passes down the layers,

preparing it for transmission over the network.

For example, in the TCP/IP model, data starts at the application layer and is encapsulated at each

subsequent layer (Transport, Internet, and Network Access) before being transmitted.

This encapsulation ensures that the data is correctly formatted and routed to its destination, where

the headers are stripped off in reverse order by the receiving host.

Reference

Networking Fundamentals by Cisco

OSI Model and Data Encapsulation Process

Understanding TCP/IP Encapsulation

Agent-based protection is a type of endpoint security that uses software agents installed on the

devices to monitor and protect them. Agent-based protection can collect and detect all traffic locally,

which means it can operate without relying on a network connection or a centralized server. Agent-

based protection can also provide more granular and comprehensive visibility and control over the

devices. Reference: https://learningnetworkstore.cisco.com/on-demand-e-learning/understandingcisco-cybersecurity-operations-fundamentals-cbrops-v1.0/CSCU-LP-CBROPS-V1-028093.html

(Module 2: Security Concepts, Lesson 2.3: Endpoint Security)

Digital certificates are essential for decrypting ingress and egress perimeter traffic, as they provide

the necessary encryption keys for secure communications. By using digital certificates, network

security devices can inspect the decrypted traffic to detect any malicious outbound communications

that may indicate command-and-control activity.

A threat represents a potential danger that could exploit a weakness in a system while risk is

associated with the potential impact or loss that could occur if a threat exploits a vulnerability in the

system. So, option A which states “Threat represents a potential danger that could take advantage of

a weakness in a system” is correct. Reference := Cisco Certified CyberOps Associate Overview

A man-in-the-middle attack occurs when a third party intercepts and potentially alters the

communication between two parties (in this case, two IP phones) without them knowing. This type

of attack can lead to eavesdropping, where the attacker can gain unauthorized access to sensitive

data being communicated between the two parties. Reference := Cisco Cybersecurity Operations

Fundamentals - Module 5: Endpoint Threat Analysis and Computer Forensics