Cisco Updated 350-701 Exam Questions and Answers by tamara

Cisco Firepower impact flags are indicators that help you evaluate the impact an intrusion has on your network by correlating intrusion data, network discovery data, and vulnerability information1. Impact flags are assigned to intrusion events based on the following criteria:

The operating system and application protocol of the target host

The exploitability of the target host by the attacker

The relevance of the intrusion rule to the target host

The severity of the intrusion rule Impact flags can have four values: unknown, neutral, affected, or vulnerable. Unknown means that the system does not have enough information to assess the impact. Neutral means that the system knows the target host is not affected by the intrusion. Affected means that the system knows the target host is affected by the intrusion, but not necessarily exploitable. Vulnerable means that the system knows the target host is exploitable by the intrusion1. Impact flags can help you prioritize your response to intrusion events, as well as generate reports and alerts based on the impact level. You can also use impact flags to filter and search for intrusion events in the Firepower Management Center1. References: 1: Firepower Management Center Configuration Guide, Version 6.1 - External Alerting with Alert Responses.

MFA, or multi-factor authentication, is a method of verifying a user’s identity by requiring two or more factors, such as something the user knows (e.g. password), something the user has (e.g. phone), or something the user is (e.g. fingerprint). MFA is an effective deterrent for phishing attacks, which are attempts to trick users into revealing their credentials or other sensitive information by sending them fraudulent emails or websites that impersonate legitimate entities. MFA can prevent phishing attacks by adding an extra layer of security that is not easily compromised by the attackers, even if they manage to obtain the user’s password. For example, if the user receives a phishing email that asks them to log in to their bank account, and they enter their password on the fake website, the attacker will not be able to access the account unless they also have the user’s phone or fingerprint. MFA can also alert the user of a phishing attempt if they receive an unexpected authentication request on their phone or other device. References:

What Type of Attacks Does MFA Prevent? | OneLogin

Multi-Factor Authentication and Cyberattacks - NYU

Explanation

The term ‘rootkit’ originally comes from the Unix world, where the word ‘root’ is used to describe a user with the

highest possible level of access privileges, similar to an ‘Administrator’ in Windows. The word ‘kit’ refers to the

software that grants root-level access to the machine. Put the two together and you get ‘rootkit’, a program that

gives someone – with legitimate or malicious intentions – privileged access to a computer.

There are four main types of rootkits: Kernel rootkits, User mode rootkits, Bootloader rootkits, Memory rootkits