Barracuda internship UPDATED ACTUAL
Exam Questions and CORRECT Answers
13 threats type - CORRECT ANSWER - spam, malware, data exfiltration, URL phishing,
scamming, spear phishing, domain impersonation, brand impersonation, extortion, business
email compromise, conversational highjacking, lateral phishing, account takeover
Spam - CORRECT ANSWER - unsolicited, unwanted commercial email messages
also known as junk email
-lowers productivity by flooding inboxes w junk mail and impacts server traffic to process
messages.
-can be used to distribute malware and large scale phishing attacks
-modern gateways are very effective to block spam; inline deployment of spam filters helps stop
it before it hits the inbox
volumetric malware - CORRECT ANSWER - takes advantage of older unpatched systems
using common vulnerabilities
Zero-day malware - CORRECT ANSWER - A vulnerability that is discovered or exploited
before the vendor can issue a patch to fix it
-haven't been seen before and don't match any known malware signatures
URL attacks - CORRECT ANSWER - urls that point to malicious websites or payloads
that are intended to trick users into clicking to download malware
Ransomware attack - CORRECT ANSWER - Blocking access to systems/files/data by the
means of encryption unless ransom is paid. Sometimes combined with the threat to publish the
data.
Data Exfiltration - CORRECT ANSWER - The unauthorized transfer of data. A more basic
definition is data theft.
,-can lead to financial losses and have a long-lasting impact on an organizations reputation
URL Phishing - CORRECT ANSWER - when cybercriminals use emails to direct their
victims to insert sensitive information on a fake website that looks legit.
scamming - CORRECT ANSWER - cybercriminals use fraudulent schemes to defraud
victims or steal their identity by tricking them into disclosing personal information
-organizations need to deploy both spam filters at the email gateway and API-based inbox
defense for effective protection against scamming
spear phishing - CORRECT ANSWER - a highly targeted attack in which emails that
appear to be sent from a legitimate source are customized for specific persons. An attacker
researches the interests of the target in order to create an email that tricks that specific person.
-API inbox defense to historical emails
domain impersonation - CORRECT ANSWER - attackers attempt to impersonate a
domain by using techniques such as typo-squatting, replacing one or more letters in a legitimate
email domain with a similar letter or adding a hard-to notice letter to the legitimate email
domain.
Brand Impersonation - CORRECT ANSWER - designed to impersonate a company or a
brand to trick their victims into responding and disclosing personal or otherwise sensitive
information
common types of brand impersonation - CORRECT ANSWER - service impersonation- a
phishing attack designed to impersonate a well-known company or commonly used business
application
brand highjacking- occurs when an attacker appears to use a company's domain to impersonate a
company or one of its employees
extortion - CORRECT ANSWER - the practice of obtaining something, especially money,
through force or threats
, Business Email Compromise (BEC) - CORRECT ANSWER - An impersonation attack in
which the attacker gains control of an employee's account and uses it to convince other
employees to perform fraudulent actions.
-defraud the company, its employees, customers, or partners
Conversation Hijacker - CORRECT ANSWER - cybercriminals insert themselves into
existing business conversations or initiate new conversations based on info they've gathered from
compromised email accounts to steal money or personal info
lateral phishing - CORRECT ANSWER - attackers use recently highjacked accounts to
send phishing emails to unsuspecting recipients.
account takeover - CORRECT ANSWER - A type of fraud in which a hacker gains access
to a users credentials.
Email Gateway defense - CORRECT ANSWER - Monitors emails being sent into a
network and being sent outbound from that network
Inbound can prevent spam, which will help weed out malware before it enters the network
Outbound can provide DLP, preventing the loss of sensitive data
Sandboxing - CORRECT ANSWER - Using a virtual machine to run a suspicious program
to determine if it is malware.
API-based CASB - CORRECT ANSWER - Solutions that do not interact directly with a
user but rather interact directly with the cloud provider through the providers API.
Cloud to Cloud Backup - CORRECT ANSWER -
Email Security - CORRECT ANSWER - • Spam - Unsolicited email messages
Exam Questions and CORRECT Answers
13 threats type - CORRECT ANSWER - spam, malware, data exfiltration, URL phishing,
scamming, spear phishing, domain impersonation, brand impersonation, extortion, business
email compromise, conversational highjacking, lateral phishing, account takeover
Spam - CORRECT ANSWER - unsolicited, unwanted commercial email messages
also known as junk email
-lowers productivity by flooding inboxes w junk mail and impacts server traffic to process
messages.
-can be used to distribute malware and large scale phishing attacks
-modern gateways are very effective to block spam; inline deployment of spam filters helps stop
it before it hits the inbox
volumetric malware - CORRECT ANSWER - takes advantage of older unpatched systems
using common vulnerabilities
Zero-day malware - CORRECT ANSWER - A vulnerability that is discovered or exploited
before the vendor can issue a patch to fix it
-haven't been seen before and don't match any known malware signatures
URL attacks - CORRECT ANSWER - urls that point to malicious websites or payloads
that are intended to trick users into clicking to download malware
Ransomware attack - CORRECT ANSWER - Blocking access to systems/files/data by the
means of encryption unless ransom is paid. Sometimes combined with the threat to publish the
data.
Data Exfiltration - CORRECT ANSWER - The unauthorized transfer of data. A more basic
definition is data theft.
,-can lead to financial losses and have a long-lasting impact on an organizations reputation
URL Phishing - CORRECT ANSWER - when cybercriminals use emails to direct their
victims to insert sensitive information on a fake website that looks legit.
scamming - CORRECT ANSWER - cybercriminals use fraudulent schemes to defraud
victims or steal their identity by tricking them into disclosing personal information
-organizations need to deploy both spam filters at the email gateway and API-based inbox
defense for effective protection against scamming
spear phishing - CORRECT ANSWER - a highly targeted attack in which emails that
appear to be sent from a legitimate source are customized for specific persons. An attacker
researches the interests of the target in order to create an email that tricks that specific person.
-API inbox defense to historical emails
domain impersonation - CORRECT ANSWER - attackers attempt to impersonate a
domain by using techniques such as typo-squatting, replacing one or more letters in a legitimate
email domain with a similar letter or adding a hard-to notice letter to the legitimate email
domain.
Brand Impersonation - CORRECT ANSWER - designed to impersonate a company or a
brand to trick their victims into responding and disclosing personal or otherwise sensitive
information
common types of brand impersonation - CORRECT ANSWER - service impersonation- a
phishing attack designed to impersonate a well-known company or commonly used business
application
brand highjacking- occurs when an attacker appears to use a company's domain to impersonate a
company or one of its employees
extortion - CORRECT ANSWER - the practice of obtaining something, especially money,
through force or threats
, Business Email Compromise (BEC) - CORRECT ANSWER - An impersonation attack in
which the attacker gains control of an employee's account and uses it to convince other
employees to perform fraudulent actions.
-defraud the company, its employees, customers, or partners
Conversation Hijacker - CORRECT ANSWER - cybercriminals insert themselves into
existing business conversations or initiate new conversations based on info they've gathered from
compromised email accounts to steal money or personal info
lateral phishing - CORRECT ANSWER - attackers use recently highjacked accounts to
send phishing emails to unsuspecting recipients.
account takeover - CORRECT ANSWER - A type of fraud in which a hacker gains access
to a users credentials.
Email Gateway defense - CORRECT ANSWER - Monitors emails being sent into a
network and being sent outbound from that network
Inbound can prevent spam, which will help weed out malware before it enters the network
Outbound can provide DLP, preventing the loss of sensitive data
Sandboxing - CORRECT ANSWER - Using a virtual machine to run a suspicious program
to determine if it is malware.
API-based CASB - CORRECT ANSWER - Solutions that do not interact directly with a
user but rather interact directly with the cloud provider through the providers API.
Cloud to Cloud Backup - CORRECT ANSWER -
Email Security - CORRECT ANSWER - • Spam - Unsolicited email messages
