nerdexam
ExamsCAS-001Questions#23
CompTIA

CAS-001 · Question #23

CAS-001 Question #23: Real Exam Question with Answer & Explanation

The correct answer is D: Update the hardware decommissioning procedures.. Sensitive data was recoverable from a discarded printer's hard drive, indicating that the organization's hardware disposal process failed to include proper data sanitization before physical disposal.

Question

An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible. Which of the following should the Warehouse Manager do to remediate the security issue?

Options

  • ARevise the hardware and software maintenance contract.
  • BDegauss the printer hard drive to delete data.
  • CImplement a new change control process.
  • DUpdate the hardware decommissioning procedures.

Explanation

Sensitive data was recoverable from a discarded printer's hard drive, indicating that the organization's hardware disposal process failed to include proper data sanitization before physical disposal.

Common mistakes.

  • A. A hardware and software maintenance contract governs ongoing support and repairs, not end-of-life data sanitization practices during disposal.
  • B. Degaussing the printer hard drive after the fact is a reactive remediation of one device, not a systemic fix that prevents the same issue with future hardware disposals.
  • C. A change control process governs modifications to systems and configurations, not the secure decommissioning and disposal of retired hardware assets.

Concept tested. Secure hardware decommissioning and data sanitization

Reference. https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice