CompTIA PenTest+ (PT0-003) — Question 132

During a testing engagement, a penetration tester compromises a host and locates data for exfiltration. Which of the following are the best options to move the data without triggering a data loss prevention tool? (Choose two.)

Answer options

• A. Move the data using a USB flash drive.
• B. Compress and encrypt the data.
• C. Rename the file name extensions.
• D. Use FTP for exfiltration.
• E. Encode the data as Base64.
• F. Send the data to a commonly trusted service.

Correct answer: B, F

Explanation

The correct answers are B and F because compressing and encrypting data helps to obscure its contents, making it less likely to be flagged by DLP tools, while sending data to a commonly trusted service can bypass scrutiny. Options A, C, D, and E are less effective as they either involve direct physical transfer, simple obfuscation, or commonly monitored protocols which could trigger alerts.