Exam 350-701 topic 1 question 80 discussion

A is correct and also there is another question that what is specific to ASA NSEL, it is the capability to delay events, as it is noisy. both are in below .https://www.cisco.com/c/en/us/td/docs/security/asa/special/netflow/asa_netflow.html#delaysending

A is correct

A. It tracks flow-create, flow-teardown, and flow-denied events. Cisco ASA NetFlow v9 Secure Event Logging is a feature that allows the ASA to export detailed information about network traffic flow and security events to a NetFlow collector for analysis. The exported information includes information about flow-create, flow-teardown and flow-denied events, which provide insight into the behavior of the traffic passing through the firewall. This feature also allows for the collection of detailed information about the traffic passing through the firewall which can be used for security incident investigations, capacity planning and troubleshooting. It does not provide stateless IP flow tracking that exports all records of a specific flow (B) or tracks the flow continuously and provides updates every 10 seconds (C) and also it does not match all traffic classes in parallel (D)

A is correct. In stateful flow tracking, tracked flows go through a series of state changes. NSEL events are used to export data about flow status and are triggered by the event that caused the state change. The significant events that are tracked include flow-create, flow-teardown, and flow-denied (excluding those flows that are denied by EtherType ACLs). In addition, the ASA and ASASM implementation of NSEL generates periodic NSEL events, flow-update events, to provide periodic byte counters over the duration of the flow. These events are usually time-driven, which makes them more in line with traditional NetFlow; however, they may also be triggered by state changes in the flow.

This is Correct