CISSP PRACTICE QUESTIONS – 20210502

Effective CISSP Questions

A batch of computers will be retired and sold to employees. Which of the following is the best sanitization method to avoid data remanence on hard drives? (Wentz QOTD)
A. Conduct low-level format using the command-line interface (CLI).
B. Disintegrate the hard drives.
C. Reset the system to factory settings.
D. Use the sanitize command in the ATA or SCSI standards to overwrite internal media.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Use the sanitize command in the ATA or SCSI standards to overwrite internal media.

NIST introduced three sanitization methods: clear, purge, and destroy. Media cleared or purged can be reused, but destroyed media can’t.

ATA or SCSI standards define “sanitize” commands specifically for purging media. For example, ATA provides three “sanitize” operation commands, CRYPTO SCRAMBLE EXT, BLOCK ERASE EXT, and OVERWRITE EXT, as the following screenshot shows:

ATA Sanitize Operations
ATA Sanitize Operations

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

一批計算機將被淘汰並出售給員工。 下列哪種清潔(sanitization)方法是最好的清除硬盤上數據殘留的方法? (Wentz QOTD)
A. 使用命令行介面(CLI)進行低級格式化。
B. 分解硬盤驅動器。
C. 將系統重置為出廠設置。
D. 使用ATA或SCSI標準中的sanitize命令覆蓋內部介質。

2 thoughts on “CISSP PRACTICE QUESTIONS – 20210502

  1. In most international companies, they sell or gift laptop without HDD to employee. ALL taken out HDD should be handled by qualified vendor with SLA.

Leave a Reply