A security administrator is reissuing a former employee's laptop. Which of the following is the best combination of data handling activities for the administrator to perform? (Choose two.)
Reissue doesn't mean to the same employee. It could be to another employee in Shipping department. So why not destroy and sanitize account department laptop before reissuing.
Destruction would make the device not usable again. Certification might make sense here if a third party was being used to sanitize the drive but usually third parties are used to destroy drives and certification is given for destruction.
I think Data retention and Sanitization makes the most sense. You want to make sure you save any critical data before you erase the drive.
To ensure the security of the data, the administrator should:
Destruction: Physically destroy any storage media that cannot be sanitized.
Sanitization: Thoroughly erase or overwrite all data on the storage media to prevent data recovery.
The other options are not relevant to the scenario:
Data retention: This involves keeping data for a specific period. It's not applicable in this case as the data needs to be removed.
Certification: This is a process of verifying that a system or process meets specific standards. It's not relevant to data handling in this context.
Classification: This involves assigning security labels to data based on its sensitivity. It's not necessary in this case as the data is being removed.
Enumeration: This involves identifying and cataloging assets. It's not relevant to data handling in this context.
C. Destruction > ensures physical media is rendered unrecoverable
E. Sanitization > removes and overwrites sensitive data to prevent unauthorized access.
Both used to protect data security when repurposing hardware.
Its Destruction and Sanitation. This is because the laptop is been reissued and because they question did not say reissued to the "same employee" then we have to assume is been intended to be reissued for a new or another employee. therefore D&E is the answer
C. Destruction
E. Sanitization
Explanation:
1. Destruction: This involves permanently destroying any sensitive data on the laptop that is no longer needed. This ensures that no residual data from the previous user remains on the device, reducing the risk of unauthorized data access.
2. Sanitization: This involves securely wiping the laptop’s storage to remove all data and ensure that it cannot be recovered. Sanitization is critical when reissuing devices to prevent accidental disclosure of sensitive information.
The best combination of data handling activities for the administrator to perform when reissuing a former employee's laptop are:
C. Destruction and E. Sanitization
Destruction: Ensures that any sensitive or personal data from the previous user is permanently removed and cannot be recovered.
Sanitization: Refers to thoroughly cleaning the device by securely wiping the data to prevent unauthorized access. This prepares the laptop for safe reissue to a new user.
These two activities are critical for preventing any sensitive data leakage from the former employee while ensuring that the device is clean and secure for the next user.
Retention and Sanitize.
Think about it. An employee leaves - you backup any pertinent company data (Retention) and reimage the computer (Sanitize).
- You would not Certify it, because that's only if the drive needed to be destroyed.
- You would not Destroy it because that's really only important for sensitive things, not Judy the Customer Service agent.
- You would not Enumerate it (gathering info for vulnerabilities)
- Classification is typically more important for data rather than devices.
No, it doesn't mean that at all. If it did, sanitizing after "destroying the data" would be useless.
Destruction refers to destroying the drive, which you do when you actually dispose of the machine, not when you reissue it.
You need to sanitize the drive and certify that you did.
A and E
Sanitization refers to the process of removing or cleaning data from a device to ensure that it cannot be recovered by unauthorized individuals. This typically includes methods such as wiping or formatting the storage media
While decommissioning and disposal are important, organizations often have to retain data or systems as well. Retention may be required for legal purposes with set retention periods determined by law, or retention may be associated with a legal case due to a legal hold
A. Data retention
• retain data
B. Certification
• Audit log of either Sanitization, Disposal or Destruction
C. Destruction
•Destruction is goes beyond Sanitization ensures physical devices is unusable. It means you destroy it in pieces.
D. Classification
• Base on value and sensitivity of the data.
E. Sanitization
• Sanitization is thorough process to ensure the data is inaccessible and irretrievable, however, it can be reuse.
F. Enumeration
•
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cf83993
Highly Voted 5 months agoMikelMiguel
1 month, 3 weeks agoTh3irdEye
Highly Voted 7 months, 3 weeks ago0ca8ee9
Most Recent 3 weeks, 6 days agoProudFather
1 month agoAndyK2
1 month, 1 week agoMikelMiguel
1 month, 3 weeks ago3dk1
1 month, 3 weeks agoEmmyrajj
1 month, 3 weeks agonillie
3 months agoETQ
2 months, 2 weeks agoTy13
3 months, 1 week agoImpactTek
3 months, 2 weeks agoETQ
2 months, 2 weeks agokoala_lay
3 months, 3 weeks agobaronvon
4 months, 2 weeks agotamdod
4 months, 2 weeks agoHayder81
4 months, 2 weeks agoa4e15bd
4 months, 2 weeks agopedrwc7
4 months, 4 weeks ago