D is correct

Once the exploitation completes, something needs to be done following the successful exploitation. Adversaries don’t exploit systems just to see if it can be done. Typically, something is delivered through the exploitation process, which leads us to the next step in the kill chain process.

"In deterministic models, the output of the model is fully determined by the parameter values and the initial values, whereas probabilistic (or stochastic) models incorporate randomness in their approach. Consequently, the same set of parameter values and initial conditions will lead to a group of different outputs. "

https://www.preventionweb.net/disaster-risk/concepts/deterministic-probabilistic/

=> A is correct answer.

Traditional IDS and IPS devices also suffer from many evasion attacks. The following are some of the most common evasion techniques against traditional IDS and IPS devices:

Fragmentation: Attackers can evade the IPS box by sending fragmented packets.

Using low-bandwidth attacks: Attackers can use techniques that use low-bandwidth or a very small number of packets to evade the system.

Address spoofing/proxying: Attackers can use spoofed IP addresses or sources, as well as intermediary systems such as proxies to evade inspection.

Pattern change evasion: Attackers may use polymorphic techniques to create unique attack patterns.

Encryption: Attackers can use encryption to hide their communication and information.

=> A is correct answer.

B is correct

Encryption can be challenging to security monitoring because it can be used by threat actors as a method of evasion and obfuscation, and security monitoring tools might not be able to inspect encrypted traffic

The question says "The security specialist reviewed the system logs, found nothing suspicious, and was not able to determine what occurred. The software is up to date; there are no alerts from antivirus and no failed login attempts." which means that a successful login with known credentials would have been ignored as valid system usage, and not dinspected as malicious.

=> B is correct.

"C" is correct.

Threat actors are the individuals (or a group of individuals) who perform an attack or are responsible for a security incident that impacts or has the potential of impacting an organization or individual. There are several types of threat actors:

Script kiddies, Organized crime groups, State sponsors and governments, Hacktivists, Terrorist groups.

Cisco CyberOps Associate CBROPS 200-201 Official Cert Guide

By Omar Santos

A vulnerability refers to a known weakness of an asset (resource) that can be exploited by one or more attackers.

A threat refers to a new or newly discovered incident that has the potential to harm a system or your company overall.

So a threat exploits a vulnerability so A is right

If you are a cybersecurity expert, or even an amateur, you probably already know that when you deploy a firewall or an intrusion prevention system or install antivirus or advanced malware protection on your machine, you cannot assume you are now safe and secure. A layered and cross-boundary “defense-in-depth” strategy is what is needed to protect your network and corporate assets. One of the primary benefits of a defense-in-depth strategy is that even if a single control (such as a firewall or IPS) fails, other controls can still protect your environment and assets.

Keywords:

"individual devices" --> endpoint

"host" --> endpoint

B is correct

In a behavioral model, the focus is on user or application behavior and not on a specific attack pattern. The goal is to distinguish between malicious and nonmalicious behaviors. The promise of such systems is great: Theoretically, this type of solution can deal with all attacks, both known and unknown. Moreover, it promises to free the user from having to keep the system updated, since there is no use of attack signatures.

A signature is actually a fingerprint of a given attack. The signature captures the actions, which are unique to a given attack. This pragmatic approach is focused on specific attacks and is very accurate at lowering the rate of false positives.

ref: https://www.computerworld.com/article/2581345/behavioral-rules-vs--signatures--which-should-you-use-.html