CompTIA Security+ (SY0-501) — Question 259

An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography.
Discovery of which of the following would help catch the tester in the act?

Answer options

• A. Abnormally high numbers of outgoing instant messages that contain obfuscated text
• B. Large-capacity USB drives on the tester's desk with encrypted zip files
• C. Outgoing emails containing unusually large image files
• D. Unusual SFTP connections to a consumer IP address

Correct answer: C

Explanation

The correct answer is C because outgoing emails with unusually large image files might indicate the presence of steganography, where data is hidden within images. Options A and D involve communication methods that could be normal in some contexts, while option B indicates potential data storage but does not directly relate to the act of exfiltration.