nerdexam
ExamsCAS-002Questions#272
CompTIA

CAS-002 · Question #272

CAS-002 Question #272: Real Exam Question with Answer & Explanation

The correct answer is B: Delay the donation until all storage media on the computers can be sanitized.. When donating computers that may contain proprietary data and no sanitization policy exists, the security administrator must ensure storage media is sanitized before the transfer occurs.

Question

Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research. The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy. Which of the following is the BEST course of action for the security administrator to take?

Options

  • ADelay the donation until a new policy is approved by the Chief Information Officer (CIO),
  • BDelay the donation until all storage media on the computers can be sanitized.
  • CReload the machines with an open source operating system and then donate the machines.
  • DMove forward with the donation, but remove all software license keys from the machines.

Explanation

When donating computers that may contain proprietary data and no sanitization policy exists, the security administrator must ensure storage media is sanitized before the transfer occurs.

Common mistakes.

  • A. Waiting for CIO approval of a new policy introduces indefinite delay without actually sanitizing the media, and policy approval alone does not remove data from the drives.
  • C. Reloading an operating system does not overwrite or sanitize the underlying storage media, leaving previous data recoverable with standard forensic tools.
  • D. Removing software license keys addresses licensing compliance only and has no effect on sensitive research data stored on the machines.

Concept tested. Data sanitization before hardware disposal or donation

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice