CAS-003 · Question #820
CAS-003 Question #820: Real Exam Question with Answer & Explanation
The correct answer is B: The asset reuse policy should be revised to include drive wiping.. Simply deleting user profiles does not securely erase data. (B) The asset reuse policy should require full drive wiping (e.g., DoD 5220.22-M standard or cryptographic erasure) before any device is donated. Deleted profiles leave data recoverable with forensic tools, exposing sens
Question
Options
- ADonated laptops may still have machine rights on the network that were not cleared.
- BThe asset reuse policy should be revised to include drive wiping.
- CUsers may not be able to recover their files after their laptops are donated.
- DLicenses on the laptops may not be transferable to a third-party organization.
- EThe laptops' OS may not be compatible with the non-profit network.
- FThere are still internal applications that have not been removed from the laptops.
Explanation
Simply deleting user profiles does not securely erase data. (B) The asset reuse policy should require full drive wiping (e.g., DoD 5220.22-M standard or cryptographic erasure) before any device is donated. Deleted profiles leave data recoverable with forensic tools, exposing sensitive company or employee information to the non-profit or subsequent users. (F) Internal applications remaining on the donated laptops are a security risk because these apps may contain hardcoded credentials, connect to internal APIs, expose proprietary business logic, or provide attack vectors against company infrastructure if the application is reverse-engineered. Machine rights (A) and license transferability (D) are valid administrative concerns but are not primary security concerns. User file recovery (C) is a user-convenience issue, not a security one. OS compatibility (E) is an operational concern for the non-profit, not a security concern for the donating company.
Community Discussion
No community discussion yet for this question.