CISSP · Question #653
Data remanence is the biggest threat in which of the following scenarios?
The correct answer is D. A flash drive has been overwritten and released to a third party for destruction.. Data remanence refers to residual data remaining on storage media after sanitization attempts. Flash/SSD media is particularly vulnerable because overwrite methods are less reliable due to wear-leveling and block remapping.
Question
Data remanence is the biggest threat in which of the following scenarios?
Options
- AA physical disk drive has been overwritten and reused within a datacenter.
- BA physical disk drive has been degaussed, verified, and released to a third party for dest.......
- CA flash drive has been overwritten, verified, and reused within a datacenter.
- DA flash drive has been overwritten and released to a third party for destruction.
How the community answered
(22 responses)- A5% (1)
- B9% (2)
- C14% (3)
- D73% (16)
Why each option
Data remanence refers to residual data remaining on storage media after sanitization attempts. Flash/SSD media is particularly vulnerable because overwrite methods are less reliable due to wear-leveling and block remapping.
Magnetic disk drives can be reliably sanitized through multiple overwrite passes, and reuse within a controlled datacenter environment limits exposure risk even if minor remanence exists.
Degaussing a magnetic disk drive destroys the magnetic domains that store data, making it the most effective sanitization method for HDDs, and third-party destruction under verified conditions further reduces any remanence risk to near zero.
While flash media is susceptible to remanence, reuse within a controlled datacenter environment limits the exposure risk because the data remains under organizational control rather than being released externally.
Flash drives use wear-leveling algorithms and reserved memory blocks that prevent overwrite commands from reaching all physical storage cells, meaning data may persist even after a verified overwrite. Releasing such media to a third party for destruction without physical destruction (e.g., shredding) maximizes the risk of residual data exposure. Unlike degaussing for magnetic media, there is no equivalent single-step verification method that guarantees complete sanitization of NAND flash storage.
Concept tested: Data remanence risks in flash storage media sanitization
Source: https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
Topics
Community Discussion
No community discussion yet for this question.