CompTIA CySA+ Practice Test

What is the correct procedure to sanitize hard drives containing sensitive corporate data before returning them to a supplier?

• A. Clear, validate, and document the sanitization of the drives
• B. Clear the drives
• C. Purge, validate, and document the sanitization of the drives
• D. The drives must be destroyed to ensure no data loss

The correct answer is: Purge, validate, and document the sanitization of the drives

The correct procedure for sanitizing hard drives containing sensitive corporate data involves multiple steps that are critical to ensuring that data cannot be retrieved after the devices are returned. Choosing to purge, validate, and document the sanitization process reflects a comprehensive and thorough method for handling sensitive information. To begin with, 'purge' indicates the application of methods that are effective in removing data beyond recovery. This could involve overwriting the data multiple times or applying specialized technologies that adhere to established sanitization standards, making any residual data unrecoverable. Following the purging process, 'validate' emphasizes the importance of confirming that the sanitization has been effective. This step typically involves using software and tools to verify that all data has indeed been erased and that the drives are free of sensitive information. Lastly, 'document' serves a critical function by creating a formal record of the sanitization process. This documentation can provide proof of compliance with corporate policies or regulatory requirements and serves as an audit trail should any questions arise in the future. In contrast, simply clearing the drives or only focusing on destruction without proper validation and documentation may not guarantee that all sensitive data is irretrievable or that there is a formal record of that process. Therefore, the multi-step approach of purging,