CompTIA CASP+ (CAS-003) — Question 174

A security engineer has been hired to design a device that will enable the exfiltration of data from within a well-defended network perimeter during an authorized test. The device must bypass all firewalls and NIDS in place, as well as allow for the upload of commands from a centralized command and control server . The total cost of the device must be kept to a minimum in case the device is discovered during an assessment.
Which of the following tools should the engineer load onto the device being designed?

Answer options

• A. Custom firmware with rotating key generation
• B. Automatic MITM proxy
• C. TCP beacon broadcast software
• D. Reverse shell endpoint listener

Correct answer: B

Explanation

The correct answer is B, as an Automatic MITM proxy can effectively intercept and manipulate traffic, allowing for data exfiltration while bypassing defenses. Options A and D are not specifically designed for the task of evading security measures during exfiltration. Option C, while useful for network communication, does not provide the necessary capabilities for stealthy data extraction.