CAS-003 Question #775: Real Exam Question with Answer & Explanation

The correct answer is D: Steganography. Steganography is the technique of hiding data within other innocent-looking data (e.g., embedding text inside an image file). Unlike encryption, steganography does not produce output that looks suspicious - the carrier file appears normal to DLP systems. GPG (A) encrypts data but

Question

A penetration tester is on an active engagement and has access to a remote system. The penetration tester wants to bypass the DLP, which is blocking emails that are encrypted or contain sensitive company information. Which of the following cryptographic techniques should the penetration tester use?

Options

AGNU Privacy Guard
BUUencoding
CDNSCrypt
DSteganography

Explanation

Steganography is the technique of hiding data within other innocent-looking data (e.g., embedding text inside an image file). Unlike encryption, steganography does not produce output that looks suspicious - the carrier file appears normal to DLP systems. GPG (A) encrypts data but produces obviously encrypted output that DLP would flag. UUencoding (B) is an encoding scheme that transforms binary to ASCII but does not hide content from DLP inspection. DNSCrypt (C) encrypts DNS queries and is irrelevant to email exfiltration. Because steganography hides the very existence of the embedded data, a DLP solution that inspects email content for encryption markers or sensitive keywords would not detect it, making it the correct bypass technique here.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice