Exam 350-701 topic 1 question 259 discussion

Its A, A brute force or a man-in-the-middle attack also happen inside an organization

I believe the key here is it being used inside a network to authenticate east-to-west traffic. When inside an if you are being man-in-the-middle your security has failed to the point where MFA won't protect you. While MFA could help detect a brute force attack you have standard lock out protocols as well. I think the best answer is B because a user can fall for a phishing scheme which may try to use there internal credentials unintentionally. Thus this answer is adding the most increase in security.

I'm going to go with B on this one, simply because it's definitely the most realistically probable vector of attack that companies nowadays face in compromised credentials. But honestly A and D are valid answers too, again another incredibly bad Cisco question in an exam that every single question is incredibly important for the final score...

https://blogs.cisco.com/security/akira-ransomware-targeting-vpns-without-multi-factor-authentication

Cisco WTF, this is crazy But what types of cyberattacks does MFA protect against? Phishing Spear phishing Keyloggers Credential stuffing Brute force and reverse brute force attacks Man-in-the-middle (MITM) attacks You can pick the one you like forever

I strongly believe that MFA should not be the primary tool to stop brute force attack. This should be handled by a perimeter device

The question is focused on attacks from INSIDE the organisation, I believe D Man In Middle attacks is the more relevant answer While implementing Multi-Factor Authentication (MFA) offers several security benefits, the primary reason for its implementation is to prevent man-in-the-middle (MitM) attacks. A MitM attack occurs when an attacker intercepts the communication between two parties and can potentially eavesdrop, modify, or manipulate the information exchanged. By implementing MFA, organizations add an extra layer of security to the authentication process. MFA requires users to provide multiple factors of authentication, typically something they know (such as a password), something they have (such as a physical token or mobile device), or something they are (such as a fingerprint or biometric scan). This significantly reduces the risk of an attacker successfully impersonating a legitimate user and carrying out a MitM attack.

Vote for B Multifactor authentication (MFA) is a useful security feature, providing an additional security barrier that can slow down hackers, who use techniques, such as social engineering, phishing attacks, and other tactics to steal data and identities.

https://duo.com/solutions/phishing-prevention

B in my opinion. To prevent Phishing attacks from being successful. Cheers

A is the most correct, it could also help with B and D

Brute force attacks target getting user credentials by sending authentication requests overwhelmingly. If no password failure policies are implemented this can result in credential theft. MFA is used to protect user credentials following the principle of what you have (MFA token) complemented by what you know (password). Brute force attack cannot be successful if MFA is enabled

It looks A. https://www.cisco.com/c/en/us/solutions/collateral/enterprise/design-zone-security/breach-defense-design-guide.html Cisco Breach Defense Design Guide Multi-Factor Authentication (MFA) and Posture Assessment Integrating MFA (M1032) as part of *organizational policy can greatly reduce the risk of an adversary gaining control of valid credentials that may be used for additional tactics such as initial access, lateral movement, and collecting information. MFA can also be used to restrict access to cloud resources and APIs. If a password is hacked, guessed, or even phished, that’s no longer enough to give an intruder access. Without approval at the second factor, a password alone is useless. Secure Access by Duo provides modern, effective MFA that helps eliminate the problem of *brute force attacks (T1110)

The answer is A. Most of the people voting for B are assuming that the only purpose of Phishing is to harvest credentials. The definition of Phishing includes things like giving up personal information. This could be credit cards, SSN, or wire transfers. MFA has nothing to do with that. From the official cert guide page 33 under the Credential Brute Force Attacks and Password Cracking section: "The strength of user and application credentials has a direct effect on the success of brute-force attacks. Weak credentials are one of the major causes of credential compromise. The more complex and the longer a password (credential), the better. An even better approach is to use multifactor authentication (MFA). The use of MFA significantly reduces the probability of success for these types of attacks."

Its B. MFA is the best solution against phishing attacks. In order to prevent brute force attacks you have to have password policies in place like timed lock outs. If someone knows your password because of a successful phishing attack, they will be able to use this password unless you have some sort of MFA.

I prefer A

Its B in the documents of cisco all the time its motioned this about phishing