CompTIA PenTest+ (PT0-003) — Question 153

A penetration tester discovers data to stage and exfiltrate. The client has authorized movement to the tester’s attacking hosts only. Which of the following would be most appropriate to avoid alerting the SOC?

Answer options

• A. Apply UTF-8 to the data and send over a tunnel to TCP port 25.
• B. Apply Base64 to the data and send over a tunnel to TCP port 80.
• C. Apply 3DES to the data and send over a tunnel UDP port 53.
• D. Apply AES-256 to the data and send over a tunnel to TCP port 443.

Correct answer: D

Explanation

The correct answer is D because AES-256 is a strong encryption method, and TCP port 443 is commonly used for secure HTTPS traffic, making it less likely to raise red flags. The other options either use weaker encryption methods (like Base64 and 3DES) or non-standard ports that could attract attention from the SOC.