CompTIA PenTest+ (PT0-003) — Question 182

Which of the following protocols would a penetration tester most likely utilize to exfiltrate data covertly and evade detection?

Answer options

• A. FTP
• B. HTTP
• C. SMTP
• D. DNS

Correct answer: D

Explanation

DNS is often used for covert data exfiltration because it operates on port 53 and can blend in with legitimate DNS traffic, making detection difficult. In contrast, FTP, HTTP, and SMTP are more commonly monitored and may raise flags during security assessments, making them less ideal for stealthy data transfers.