A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Choose two.)
Reissue doesn't mean to the same employee. It could be to another employee in Shipping department. So why not destroy and sanitize account department laptop before reissuing.
Destruction would make the device not usable again. Certification might make sense here if a third party was being used to sanitize the drive but usually third parties are used to destroy drives and certification is given for destruction.
I think Data retention and Sanitization makes the most sense. You want to make sure you save any critical data before you erase the drive.
Since the question does not refer a third-party but to the "internal" administrator and following the CompTIA theoretical questions it's A & E.
E. Sanitization. This is clear.
A. Data retention.
The CompTIA Student Guide and WBT refer to the "Data retention" in the "Secure Data Destruction" chapter.
B. Certification is used by CompTIA only for third-party "Asset Disposal". But a third-party is not mentioned in the question.
"certification - An asset disposal technique that relies on a third party to use sanitization or destruction methods for data remnant removal, and provides documentary evidence that the process is complete and successful."
C. Destruction - CompTIA defines this as "Physical destruction methods include shredding, crushing ..." This is also not the case for this question.
Destruction renders the device unusable does it no? And you only need a certification after destruction from a third-party? So in reality, you would just want to back up the data and then make sure to overwrite the hard drive a couple times so that, that data can’t be recovered. 🫶🏻
To safely reissue the laptop, the administrator should sanitize the device to remove all data securely. If sanitization isn’t sufficient for highly sensitive data, destruction of the storage medium may be required.
Data destruction involves securely deleting sensitive information so it cannot be recovered. Before reissuing a laptop, it is critical to ensure that any residual data from the previous user is permanently removed to prevent unauthorized access to sensitive information.
To ensure the security of the data, the administrator should:
Destruction: Physically destroy any storage media that cannot be sanitized.
Sanitization: Thoroughly erase or overwrite all data on the storage media to prevent data recovery.
The other options are not relevant to the scenario:
Data retention: This involves keeping data for a specific period. It's not applicable in this case as the data needs to be removed.
Certification: This is a process of verifying that a system or process meets specific standards. It's not relevant to data handling in this context.
Classification: This involves assigning security labels to data based on its sensitivity. It's not necessary in this case as the data is being removed.
Enumeration: This involves identifying and cataloging assets. It's not relevant to data handling in this context.
C. Destruction > ensures physical media is rendered unrecoverable
E. Sanitization > removes and overwrites sensitive data to prevent unauthorized access.
Both used to protect data security when repurposing hardware.
Its Destruction and Sanitation. This is because the laptop is been reissued and because they question did not say reissued to the "same employee" then we have to assume is been intended to be reissued for a new or another employee. therefore D&E is the answer
C. Destruction
E. Sanitization
Explanation:
1. Destruction: This involves permanently destroying any sensitive data on the laptop that is no longer needed. This ensures that no residual data from the previous user remains on the device, reducing the risk of unauthorized data access.
2. Sanitization: This involves securely wiping the laptop’s storage to remove all data and ensure that it cannot be recovered. Sanitization is critical when reissuing devices to prevent accidental disclosure of sensitive information.
The best combination of data handling activities for the administrator to perform when reissuing a former employee's laptop are:
C. Destruction and E. Sanitization
Destruction: Ensures that any sensitive or personal data from the previous user is permanently removed and cannot be recovered.
Sanitization: Refers to thoroughly cleaning the device by securely wiping the data to prevent unauthorized access. This prepares the laptop for safe reissue to a new user.
These two activities are critical for preventing any sensitive data leakage from the former employee while ensuring that the device is clean and secure for the next user.
Retention and Sanitize.
Think about it. An employee leaves - you backup any pertinent company data (Retention) and reimage the computer (Sanitize).
- You would not Certify it, because that's only if the drive needed to be destroyed.
- You would not Destroy it because that's really only important for sensitive things, not Judy the Customer Service agent.
- You would not Enumerate it (gathering info for vulnerabilities)
- Classification is typically more important for data rather than devices.
No, it doesn't mean that at all. If it did, sanitizing after "destroying the data" would be useless.
Destruction refers to destroying the drive, which you do when you actually dispose of the machine, not when you reissue it.
You need to sanitize the drive and certify that you did.
A and E
Sanitization refers to the process of removing or cleaning data from a device to ensure that it cannot be recovered by unauthorized individuals. This typically includes methods such as wiping or formatting the storage media
While decommissioning and disposal are important, organizations often have to retain data or systems as well. Retention may be required for legal purposes with set retention periods determined by law, or retention may be associated with a legal case due to a legal hold
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cf83993
Highly Voted 8 months agoMikelMiguel
4 months, 2 weeks agoRussell15
2 weeks agoTh3irdEye
Highly Voted 10 months, 2 weeks agoKonversation
Most Recent 5 days, 14 hours agoadderallpm
6 days, 12 hours agod2087a6
1 month agodbrowndiver
2 months, 1 week ago0ca8ee9
3 months, 3 weeks agoProudFather
3 months, 4 weeks agoAndyK2
4 months agoMikelMiguel
4 months, 2 weeks ago3dk1
4 months, 3 weeks agoEmmyrajj
4 months, 3 weeks agonillie
6 months agoETQ
5 months, 2 weeks agoTy13
6 months, 1 week agoImpactTek
6 months, 1 week agoETQ
5 months, 2 weeks agokoala_lay
6 months, 2 weeks agobaronvon
7 months, 1 week ago