nerdexam
(ISC)2

CISSP · Question #653

Data remanence is the biggest threat in which of the following scenarios?

The correct answer is D. A flash drive has been overwritten and released to a third party for destruction.. Data remanence refers to residual data remaining on storage media after sanitization attempts. Flash/SSD media is particularly vulnerable because overwrite methods are less reliable due to wear-leveling and block remapping.

Submitted by neha2k· Mar 5, 2026Asset Security

Question

Data remanence is the biggest threat in which of the following scenarios?

Options

  • AA physical disk drive has been overwritten and reused within a datacenter.
  • BA physical disk drive has been degaussed, verified, and released to a third party for dest.......
  • CA flash drive has been overwritten, verified, and reused within a datacenter.
  • DA flash drive has been overwritten and released to a third party for destruction.

How the community answered

(22 responses)
  • A
    5% (1)
  • B
    9% (2)
  • C
    14% (3)
  • D
    73% (16)

Why each option

Data remanence refers to residual data remaining on storage media after sanitization attempts. Flash/SSD media is particularly vulnerable because overwrite methods are less reliable due to wear-leveling and block remapping.

AA physical disk drive has been overwritten and reused within a datacenter.

Magnetic disk drives can be reliably sanitized through multiple overwrite passes, and reuse within a controlled datacenter environment limits exposure risk even if minor remanence exists.

BA physical disk drive has been degaussed, verified, and released to a third party for dest.......

Degaussing a magnetic disk drive destroys the magnetic domains that store data, making it the most effective sanitization method for HDDs, and third-party destruction under verified conditions further reduces any remanence risk to near zero.

CA flash drive has been overwritten, verified, and reused within a datacenter.

While flash media is susceptible to remanence, reuse within a controlled datacenter environment limits the exposure risk because the data remains under organizational control rather than being released externally.

DA flash drive has been overwritten and released to a third party for destruction.Correct

Flash drives use wear-leveling algorithms and reserved memory blocks that prevent overwrite commands from reaching all physical storage cells, meaning data may persist even after a verified overwrite. Releasing such media to a third party for destruction without physical destruction (e.g., shredding) maximizes the risk of residual data exposure. Unlike degaussing for magnetic media, there is no equivalent single-step verification method that guarantees complete sanitization of NAND flash storage.

Concept tested: Data remanence risks in flash storage media sanitization

Source: https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final

Topics

#data remanence#data destruction#secure disposal

Community Discussion

No community discussion yet for this question.

Full CISSP Practice