CERTIFIED-IN-CYBERSECURITY Question #381: Real Exam Question with Answer & Explanation

Question

To protect sensitive information, when is sanitization or destruction required?

Options

• AWhen new software is upgraded to the system
• BWhen elements of the system are to be removed and replaced
• CWhen elements of the system are to be added
• DWhen new data is added to the system

Explanation

Sanitization or destruction of sensitive information is required when system elements are to be removed and replaced (see ISC2 Study Guide, Chapter 5, Module 1). This ensures that sensitive information does not fall into the wrong hands. For example, before disposing of an old hard drive, it should be properly sanitized or destroyed to prevent unauthorized access to the data it once held. The other options do not accurately describe when sanitization or destruction of sensitive information is required. If new software is upgraded to the system, this does not directly involve sanitizing or destroying data. Instead, it may require a backup of existing data to prevent data loss during the upgrade process. Adding elements to the system does not imply that existing data should be sanitized or destroyed. Instead, it may require a review of the system's security measures to ensure that they are sufficient to protect the additional elements. Adding new data to the system does not require sanitization or destruction of existing data. Instead, it requires proper data handling and storage procedures to ensure the security and integrity of the new data.

No community discussion yet for this question.