An in-house penetration tester has been asked to evade a new DLP system. The tester plans to exfiltrate data through steganography.Discovery of which of the following would help catch the tester in the act?
A. Abnormally high numbers of outgoing instant messages that contain obfuscated text
B. Large-capacity USB drives on the tester's desk with encrypted zip files
C. Outgoing emails containing unusually large image files
D. Unusual SFTP connections to a consumer IP address
Answer: C. Outgoing emails containing unusually large image files
You might also like to view...
An ________typically starts with a user reporting an issue and ends with a help desk technician closing it after the issue is resolved
Fill in the blank(s) with correct word
Provide steps on how to review the logs.
After the attack, the user analyst no longer has access to the file named confidential.txt. Now you will review the logs to determine how the file was compromised. Note: If this was a production network, it would be desirable for the users analyst and root to change the pass- word and comply with the current security policy.