CompTIA CASP+ (CAS-003) — Question 371

A penetration tester is on an active engagement and has access to a remote system. The penetration tester wants to bypass the DLP, which is blocking emails that are encrypted or contain sensitive company information. Which of the following cryptographic techniques should the penetration tester use?

Answer options

• A. GNU Privacy Guard
• B. UUencoding
• C. DNSCrypt
• D. Steganography

Correct answer: D

Explanation

Steganography is the correct answer because it allows the penetration tester to hide sensitive information within other non-sensitive data, effectively bypassing DLP filters. GNU Privacy Guard, UUencoding, and DNSCrypt do not conceal data in the same manner, and may still trigger DLP alerts due to their detectable nature.