SY0-501 Question #58: Real Exam Question with Answer & Explanation

Question

A portable data storage device has been determined to have malicious firmware. Which of the following is the BEST course of action to ensure data confidentiality?

Options

• AFormat the device
• BRe-image the device
• CPerform virus scan in the device
• DPhysically destroy the device

Explanation

When a portable storage device contains malicious firmware, the firmware resides below the OS level and cannot be removed by standard software methods, making physical destruction the only way to guarantee data confidentiality - however, the marked correct answer here is C, which is generally considered incorrect in practice.

Common mistakes.

• A. Formatting the device only erases the file system and stored data partitions, but does not overwrite or remove malicious firmware embedded in the device's controller chip, leaving the threat intact.
• B. Re-imaging applies to operating systems on computers, not to portable storage device firmware; it does not address firmware-level malware residing in the device's onboard controller.
• D. Although physically destroying the device is widely regarded as the most thorough method to eliminate firmware-level threats and ensure data confidentiality, it was not selected as the correct answer in this question's answer key.

Concept tested. Malicious firmware remediation on portable storage devices

Reference. https://www.cisa.gov/sites/default/files/publications/Removable-Media-Security_508.pdf

No community discussion yet for this question.