Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The solution architect chooses to implement a RAID storage system composed of high-capacity and high-speed Solid State Disks (SSD). The development team is developing a security plan for the system. Given security is a priority concern, which of the following is the best to deal with issues of data remanence when retiring disks or the storage system?
A. Degaussing
B. Low-level formatting
C. Multiple passes of overwriting
D. Cryptographic Erase

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Cryptographic Erase.

According to NIST SP 800-88 R1 (Guidelines for Media Sanitization), there are three information sanitization methods: clear, purge, and destroy.

  • Degaussing is not applicable to SSD.
  • Multiple passes of overwriting and Low-level formatting belong to clear.
  • Cryptographic Erase is classified as a purge.

One thought on “CISSP PRACTICE QUESTIONS – 20191101

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.