Data Exfiltration — CompTIA PenTest+ (PT0-002) Practice Questions

Data exfiltration in a penetration testing engagement refers to the simulation of techniques an attacker would use to move sensitive data out of a compromised environment without detection. PT0-002 covers exfiltration methods including encoding data within allowed protocols, using cloud storage staging points, and leveraging encrypted channels to bypass data loss prevention controls. Candidates must understand how to demonstrate exfiltration risk in a controlled, authorized manner and how to document evidence such as file hashes and transfer logs for the final report. This concept sits within the post-exploitation phase and is often central to demonstrating the real-world business impact of a compromise.

Free questions on data exfiltration

More data exfiltration questions in the full bank

• How can attackers abuse AWS S3 bucket policies for data exfiltration? Unlock answer & explanation →