CISSP Question #1094: Real Exam Question with Answer & Explanation

Question

Which of the following poses the GREATEST privacy risk to personally identifiable information (PII) when disposing of an office printer or copier?

Options

• AThe device could contain a document with PII on the platen glass
• BOrganizational network configuration information could still be present within the device
• CA hard disk drive (HDD) in the device could contain PII
• DThe device transfer roller could contain imprints of PII

Explanation

Modern office printers and copiers often contain internal hard disk drives that store copies of every document printed, scanned, or copied, representing the greatest privacy risk for PII upon disposal. Failing to sanitize or destroy this HDD before disposal can expose large volumes of sensitive data.

Common mistakes.

• A. A document left on the platen glass is a transient, physical risk limited to a single document and is easily mitigated by a visual inspection before disposal, making it far less significant than persistent stored data.
• B. Network configuration information (e.g., Wi-Fi credentials, IP settings) is an organizational security risk but does not directly constitute PII and therefore does not represent the greatest privacy risk to personally identifiable information.
• D. While transfer rollers can retain faint toner impressions of recently printed pages, the imprints are typically fragile, degraded, and limited to the last few pages processed, making this a minimal and impractical risk compared to a searchable HDD full of stored documents.

Concept tested. Secure disposal of devices with persistent PII storage

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf

No community discussion yet for this question.