SY0-301 · Question #914
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior t
The correct answer is B. The user is using steganography.. Hiding sensitive data inside ordinary image files and sending them via email is steganography - a covert data exfiltration technique that exploits the visual innocuousness of the carrier files.
Question
A security audit identifies a number of large email messages being sent by a specific user from their company email account to another address external to the company. These messages were sent prior to a company data breach, which prompted the security audit. The user was one of a few people who had access to the leaked data. Review of the suspect's emails show they consist mostly of pictures of the user at various locations during a recent vacation. No suspicious activities from other users who have access to the data were discovered. Which of the following is occurring?
Options
- AThe user is encrypting the data in the outgoing messages.
- BThe user is using steganography.
- CThe user is spamming to obfuscate the activity.
- DThe user is using hashing to embed data in the emails.
How the community answered
(42 responses)- A5% (2)
- B71% (30)
- C7% (3)
- D17% (7)
Why each option
Hiding sensitive data inside ordinary image files and sending them via email is steganography - a covert data exfiltration technique that exploits the visual innocuousness of the carrier files.
If the messages were encrypted, reviewers would have seen ciphertext or encrypted attachments rather than normal-looking vacation photos; encryption changes the apparent format of data, while steganography does not.
Steganography is the practice of concealing data within another non-suspicious file - such as a JPEG image - in a way that is invisible to casual inspection, making the carrier file appear completely normal. In this scenario, the user embedded proprietary data within vacation photos and emailed them externally before the breach, a classic insider threat exfiltration method. Unlike encryption, steganography hides the very existence of the secret data rather than just making it unreadable.
Spamming refers to sending large volumes of unsolicited messages to many recipients, which is unrelated to hiding data inside image files sent to a specific external address.
Hashing is a one-way mathematical function used for integrity verification and cannot be used to embed or retrieve hidden data within an image file.
Concept tested: Steganography as a covert data exfiltration technique
Source: https://csrc.nist.gov/glossary/term/steganography
Topics
Community Discussion
No community discussion yet for this question.