Which of the following is not a method of purging that uses dedicated, standardized device sanitize commands that apply media-specific techniques to bypass the abstraction inherent in typical read and write command? (Wentz QOTD)
A. Overwrite
B. Block erase
C. Degaussing
D. Cryptographic Erase

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Degaussing.

The sanitization method, purge, will make data recovery infeasible, but the media is reusable. Degaussing will render the media permanently unusable.

Degaussing, also called demagnetizing, means “to reduce the magnetic flux to virtual zero by applying a reverse magnetizing field. Degaussing any current generation hard disk (including but not limited to IDE, EIDE, ATA, SCSI and Jaz) will render the drive permanently unusable since these drives store track location information on the hard drive.”

Source: NIST SP 800-88 R1

ATA sanitization commands are designed to purge data; they apply media-specific techniques to bypass the abstraction inherent in typical read and write commands. The following are ATA sanitization I/O commands:

• CRYPTO SCRAMBLE EXT (D. Change the internal encryption keys that are used for user data)
• OVERWRITE EXT (C. Overwrite the internal media with a constant value)
• BLOCK ERASE EXT (A. Use the block erase method)

Reference

• CISSP PRACTICE QUESTIONS – 20200209
• Data Remanence and Sanitization

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

• It is available on Amazon.
• Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.

以下哪一項不是使用專用的標準化設備清除(sanitize)命令來清除(purge)數據的方法，該命令應用了特定於媒體的技術來繞過典型的讀寫命令中固有的抽象？(Wentz QOTD)
A. Overwrite
B. Block erase
C. Degaussing
D. Cryptographic Erase