CCNA Data Destruction and Disposal Questions

30 questions · Data Destruction and Disposal · All types, answers revealed

1
MCQhard

A company is decommissioning a data center and must destroy 1000 HDDs and 200 SSDs. The policy mandates that all data be destroyed on-site and that the drives be rendered physically unusable. Which combination of methods is most efficient?

A.Degauss all drives and then recycle them.
B.Use a hard drive shredder to shred all drives.
C.Overwrite all drives with a three-pass wipe.
D.Use a degausser for HDDs and a secure erase for SSDs.
AnswerB

A shredder physically destroys both HDDs and SSDs, meeting the requirement for on-site physical destruction efficiently.

Why this answer

Option B is correct because shredding physically destroys both HDDs and SSDs in a single pass, meeting the policy requirement for on-site destruction and rendering drives physically unusable. Degaussing is ineffective for SSDs due to their flash memory, and overwriting is too slow for 1000 drives and also ineffective for SSDs with TRIM or wear-leveling. Shredding is the most efficient method for mixed media at scale.

Exam trap

CompTIA A+ often tests the misconception that degaussing is a universal solution for all drive types, but candidates must remember that SSDs are immune to magnetic fields and require physical destruction or specialized methods like encryption key destruction.

How to eliminate wrong answers

Option A is wrong because degaussing only works on magnetic media like HDDs; SSDs use NAND flash memory and are not affected by magnetic fields, so they would remain intact and data could be recoverable. Option C is wrong because overwriting with a three-pass wipe is extremely time-consuming for 1000 drives and does not guarantee data destruction on SSDs due to over-provisioning, wear-leveling, and TRIM commands that prevent overwriting all cells. Option D is wrong because while degaussing HDDs is effective, using a secure erase for SSDs is not a physical destruction method and does not render the drives physically unusable as mandated; additionally, secure erase can fail on some SSDs or leave data recoverable if not verified.

2
MCQmedium

A technician is tasked with decommissioning a RAID array of SSDs that stored proprietary source code. The company policy requires that the drives be reused in another department. Which method ensures data is securely removed while preserving the SSDs?

A.Run a full format on each SSD.
B.Use the drive manufacturer's secure erase utility.
C.Degauss the SSDs.
D.Overwrite the drives with zeros three times.
AnswerB

Manufacturer secure erase sends a command that resets all NAND cells, making data unrecoverable while allowing the SSD to be reused.

Why this answer

The drive manufacturer's secure erase utility (e.g., ATA Secure Erase) issues a hardware-level command that triggers the SSD's internal controller to cryptographically erase all data by resetting the encryption key, which is instantaneous and preserves the drive's health. This method is specifically designed for SSDs because traditional overwriting (like zero-filling) is ineffective on SSDs due to wear-leveling and garbage collection, which can leave data remnants in over-provisioned or reallocated sectors.

Exam trap

Candidates often mistakenly believe that multiple overwrites (like the DoD 5220.22-M standard) are universally effective, but SSDs require a different approach due to their internal architecture. Degaussing is destructive for magnetic drives and not applicable to flash-based storage.

How to eliminate wrong answers

Option A is wrong because a full format on an SSD does not securely erase data; it only marks the file system as empty and may trigger a TRIM command, but data remains recoverable until overwritten by new writes. Option C is wrong because degaussing an SSD destroys the magnetic storage medium (NAND flash is not magnetic), rendering the drive completely inoperable and unusable for reuse, which violates the policy to preserve the drives. Option D is wrong because overwriting SSDs with zeros three times is ineffective due to wear-leveling and the SSD's inability to guarantee that all logical blocks map to the same physical cells, leaving data potentially recoverable from over-provisioned or retired blocks.

3
MCQmedium

A non-profit organization is upgrading its computers and wants to donate the old ones to a local school. The HDDs contain donor information that must be kept confidential. The organization wants the drives to be reusable. Which method should be used?

A.Use a degausser to erase the drives.
B.Physically drill holes through the drive platters.
C.Perform a full overwrite with zeros using disk-wiping software.
D.Delete all files and empty the recycle bin.
AnswerC

A full overwrite ensures data is unrecoverable while keeping the drive fully functional for the school.

Why this answer

Option C is correct because performing a full overwrite with zeros using disk-wiping software ensures that all data on the HDDs is irrecoverably destroyed while leaving the drives functional for reuse. This method meets the organization's need for confidentiality (donor information) and reusability, as it overwrites every sector of the drive, including hidden areas like the HPA and DCO, with a known pattern (e.g., zeros or random data), making data recovery infeasible with standard tools.

Exam trap

A+ often tests the misconception that deleting files or using a degausser is sufficient for data confidentiality while maintaining reusability, but degaussing destroys the drive's functionality and deleting files leaves recoverable data, so candidates must recognize that only a full overwrite balances security and reuse.

How to eliminate wrong answers

Option A is wrong because using a degausser exposes the drives to a strong magnetic field that destroys the servo tracks and low-level formatting, rendering the HDDs completely unusable and non-reusable, which contradicts the requirement for reusability. Option B is wrong because physically drilling holes through the drive platters destroys the platters and makes the drives non-functional, preventing reuse; this method is appropriate only for physical destruction, not for drives that need to be repurposed. Option D is wrong because deleting files and emptying the recycle bin only removes file system pointers, leaving the actual data intact on the platters; the data can be easily recovered using file recovery software, failing to ensure confidentiality.

4
MCQhard

A security auditor discovers that a company's data destruction logs show only a quick format was performed on drives before disposal. The drives contained personally identifiable information (PII). What is the primary risk?

A.The drives may not boot properly after disposal.
B.The drives could be reused without any issues.
C.The PII data is still recoverable from the drives.
D.The drives will no longer hold a magnetic charge.
AnswerC

Quick formatting only removes the file system index; data remains on the drive and can be recovered with data recovery tools.

Why this answer

A quick format only clears the file system metadata (e.g., the Master File Table on NTFS) and marks the drive's sectors as available for new data, but it does not overwrite the actual data stored in those sectors. Because the PII data remains physically on the platters or NAND cells, it can be easily recovered using file recovery tools or forensic software. This makes the data destruction process incomplete and poses a severe compliance and privacy risk.

Exam trap

CompTIA often tests the misconception that a quick format erases all data, when in reality it only removes the file system pointers, leaving the actual data intact and recoverable.

How to eliminate wrong answers

Option A is wrong because a quick format does not affect the drive's ability to boot; the drive can still be booted after a quick format if an operating system is installed. Option B is wrong because while the drive can be reused, the underlying PII data remains recoverable, so reuse without proper sanitization does not eliminate the risk of data exposure. Option D is wrong because a quick format does not alter the magnetic charge of the drive's platters; the data is still magnetically stored and recoverable until overwritten.

5
MCQeasy

A small business is retiring 20 old desktop PCs that contain sensitive customer data. The IT manager wants to ensure the data is unrecoverable before donating the computers to a local school. Which method should be used?

A.Perform a standard format of each hard drive.
B.Use a degausser on each hard drive.
C.Delete all files and empty the Recycle Bin.
D.Run a quick disk cleanup utility.
AnswerB

Degaussing uses a powerful magnetic field to scramble the magnetic domains on the platters, rendering data permanently unrecoverable.

Why this answer

A degausser generates a strong magnetic field that disrupts the magnetic domains on a hard drive's platters, rendering all stored data permanently unrecoverable. This is the only method listed that meets the requirement for complete data destruction before donating the computers, as it physically alters the storage medium.

Exam trap

CompTIA often tests the misconception that a standard format or file deletion permanently removes data, when in fact these methods only alter file system pointers and leave the raw data recoverable with simple software tools.

How to eliminate wrong answers

Option A is wrong because a standard format only rewrites the file system metadata and does not overwrite the actual data sectors, leaving data recoverable with forensic tools. Option C is wrong because deleting files and emptying the Recycle Bin only removes file pointers, not the underlying data, which remains intact on the disk until overwritten. Option D is wrong because a quick disk cleanup utility only removes temporary files and cached data, not sensitive customer data, and does not perform any secure erasure.

6
MCQeasy

A client brings in a laptop that was used by an employee who left the company. The manager wants to ensure all data is unrecoverable before recycling the laptop. The laptop has a traditional HDD. Which method should be used?

A.Perform a quick format of the drive.
B.Use a degausser to demagnetize the drive.
C.Run a full overwrite using disk-wiping software.
D.Physically shred the drive with a hard drive shredder.
AnswerC

A full overwrite with zeros or random data ensures data is unrecoverable while allowing the drive to be reused.

Why this answer

Option C is correct because disk-wiping software performs a full overwrite of every sector on the HDD with patterns (e.g., zeros, random data), making the original data unrecoverable even with advanced forensic tools. This method is specifically designed for secure data destruction on functional drives, ensuring compliance with data sanitization standards like NIST SP 800-88.

Exam trap

The A+ exam often tests the misconception that a degausser is the best option for data destruction on HDDs, but candidates forget that degaussing destroys the drive's functionality and is not a secure sanitization method for reuse, whereas disk-wiping software allows the drive to be repurposed while ensuring data is unrecoverable.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., MFT or FAT) and marks sectors as available, leaving the actual data intact and easily recoverable with tools like Recuva or TestDisk. Option B is wrong because a degausser destroys the magnetic field of the platters, rendering the drive unusable, but it does not guarantee data unrecoverability on modern high-coercivity HDDs and may leave residual data that can be recovered with specialized equipment. Option D is wrong because physically shredding the drive destroys the hardware, making data recovery impossible, but it is an overkill for a functional laptop that the manager may want to reuse or donate; the question asks for a method to ensure data is unrecoverable before recycling, and shredding is a disposal method, not a data sanitization method for reuse.

7
MCQmedium

A technician is decommissioning a server that contained encrypted patient health records. The organization's policy requires data to be destroyed beyond recovery, but the server must be returned to the leasing company. Which method should the technician use?

A.Perform a full format of all drives.
B.Use a degausser on the entire server chassis.
C.Remove the hard drives and physically shred them, then return the server without drives.
D.Run a disk cleanup and delete all files.
AnswerC

Physical destruction of the drives ensures data is unrecoverable, and returning the server without drives complies with the leasing agreement.

Why this answer

Option C is correct because physically shredding the hard drives ensures the encrypted patient health records are destroyed beyond any possible recovery, which satisfies the organization's policy. Returning the server without drives complies with the leasing company's requirement to return the server chassis, as the drives are typically owned by the organization or can be removed per lease terms. This method is the only one that guarantees data destruction at the physical media level, bypassing any residual data on the encrypted drives.

Exam trap

The trap here is that candidates may choose degaussing (Option B) because it effectively destroys magnetic data, but they overlook the requirement to return the server to the leasing company, which degaussing would render inoperable by damaging non-storage electronics.

How to eliminate wrong answers

Option A is wrong because a full format of all drives only overwrites file system metadata and may not securely erase all sectors, especially on SSDs where wear-leveling can leave residual data; encrypted data could still be recoverable with forensic tools. Option B is wrong because using a degausser on the entire server chassis would destroy the magnetic media on HDDs but would also damage or destroy other electronic components (e.g., motherboard, RAM, power supply), making the server non-functional and violating the lease return requirement. Option D is wrong because disk cleanup and deleting files only removes file system pointers, leaving the actual data intact on the storage media, which can be easily recovered with undelete utilities or forensic software.

8
MCQmedium

A user reports that after a technician recycled an old computer by simply deleting the user profile, the next user found personal documents in the 'Recycle Bin'. Which step was missed in the data disposal process?

A.The technician should have performed a quick format.
B.The technician should have used a data wiping tool that overwrites the free space.
C.The technician should have removed the hard drive and stored it.
D.The technician should have disabled the Recycle Bin.
AnswerB

A wiping tool overwrites the sectors where deleted files reside, making them unrecoverable. This step was missed.

Why this answer

Deleting a user profile only removes the user's registry and profile folder, but personal documents remain in the Recycle Bin because the Recycle Bin is a system-protected hidden folder that is not cleared by profile deletion. A data wiping tool that overwrites free space is required to securely erase the contents of the Recycle Bin and any other residual data, ensuring that deleted files cannot be recovered.

Exam trap

CompTIA often tests the misconception that deleting a user profile or emptying the Recycle Bin is sufficient for data disposal, when in fact both actions leave recoverable data on the free space that requires overwriting to be secure.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., the MFT or FAT table) and does not overwrite the actual data sectors, leaving the Recycle Bin contents intact and recoverable. Option C is wrong because removing and storing the hard drive is a physical security measure for decommissioning, not a data disposal step for a recycled computer that will be reused by another user. Option D is wrong because disabling the Recycle Bin only prevents future files from being stored there; it does not erase existing files already in the Recycle Bin, so the personal documents would remain.

9
MCQeasy

During a security audit, it is discovered that an old server's hard drives were simply deleted and the server was sold to a recycler. The recycler later reported finding readable files on the drives. Which data disposal standard was violated?

A.NIST SP 800-88
B.PCI DSS
C.HIPAA
D.ISO 27001
AnswerA

NIST SP 800-88 provides guidelines for media sanitization, requiring overwriting or destruction. Deleting files does not meet these standards.

Why this answer

NIST SP 800-88 provides guidelines for media sanitization, including clear, purge, and destroy methods. Simply deleting files only removes directory pointers, leaving data recoverable until overwritten. The recycler's ability to read files indicates that the drives were not sanitized according to NIST SP 800-88 standards, which require overwriting or physical destruction for sensitive data.

Exam trap

CompTIA often tests the distinction between a general security framework (like HIPAA or PCI DSS) and a specific technical disposal standard (NIST SP 800-88), trapping candidates who confuse compliance requirements with the actual sanitization methodology.

How to eliminate wrong answers

Option B (PCI DSS) is wrong because PCI DSS is a security standard for payment card data, not a specific data disposal standard; while it requires secure disposal, it does not define the technical methods like NIST SP 800-88 does. Option C (HIPAA) is wrong because HIPAA governs protected health information (PHI) disposal but does not prescribe the specific sanitization techniques or levels (clear, purge, destroy) that NIST SP 800-88 details. Option D (ISO 27001) is wrong because ISO 27001 is an information security management system (ISMS) standard that requires a disposal policy but does not provide the granular, step-by-step sanitization procedures found in NIST SP 800-88.

10
MCQeasy

A customer reports that their old laptop, which they sold online, still contains personal files that the new owner accessed. The customer had only performed a 'Reset this PC' with the 'Remove everything' option. What should the technician recommend to prevent this in the future?

A.Perform a factory reset from the recovery partition.
B.Use a third-party data wiping tool that overwrites the drive multiple times.
C.Remove the hard drive and physically destroy it.
D.Change the user password before selling.
AnswerB

A wiping tool overwrites all sectors with patterns multiple times, making data recovery infeasible.

Why this answer

The 'Reset this PC' with 'Remove everything' option in Windows performs a quick format or a single-pass overwrite, which leaves data recoverable by file recovery tools. A third-party data wiping tool that overwrites the drive multiple times (e.g., using the DoD 5220.22-M standard) ensures that the data is irrecoverable by overwriting all sectors with patterns, preventing any future access.

Exam trap

The trap here is that candidates assume 'Remove everything' in Windows performs a secure erase, but it only removes file pointers, not the underlying data, making it vulnerable to recovery.

How to eliminate wrong answers

Option A is wrong because a factory reset from the recovery partition typically performs a similar quick format or reinstallation, not a secure wipe, leaving data recoverable. Option C is wrong because physically destroying the hard drive is an extreme measure that is unnecessary for resale; secure wiping is sufficient and allows the drive to be reused. Option D is wrong because changing the user password does not remove or overwrite the existing personal files; the new owner can still access them via a password reset or by booting from external media.

11
MCQeasy

A small office is decommissioning several SSDs from old laptops. The technician needs to ensure data is destroyed securely and the drives can be resold. Which method is most appropriate?

A.Run a multi-pass overwrite with random data.
B.Use the ATA Secure Erase command.
C.Degauss the SSDs to remove magnetic data.
D.Perform a standard delete and empty the recycle bin.
AnswerB

ATA Secure Erase clears all flash cells to an unprogrammed state, ensuring data is gone and the SSD is reusable.

Why this answer

The ATA Secure Erase command is the most appropriate method because it is specifically designed for SSDs, issuing a secure erase command at the firmware level that resets all cells to their unprogrammed state, effectively destroying all data in seconds. This method is reliable, fast, and does not wear out the NAND flash cells like multi-pass overwrites would, making it ideal for decommissioning and reselling SSDs.

Exam trap

CompTIA often tests the misconception that degaussing works on all storage media or that multi-pass overwrites are universally secure, when in fact SSDs require a different approach due to their NAND flash architecture and wear-leveling algorithms.

How to eliminate wrong answers

Option A is wrong because multi-pass overwrites are ineffective on SSDs due to wear leveling and the inability to target specific logical blocks; the drive's controller may remap writes to different physical cells, leaving original data intact. Option C is wrong because degaussing uses a strong magnetic field to erase data on magnetic media (HDDs), but SSDs store data electronically in NAND flash cells and are not affected by magnetic fields, so degaussing would not destroy the data and could damage the drive's controller. Option D is wrong because a standard delete and emptying the recycle bin only removes file system pointers, leaving the actual data recoverable with simple software tools, which is not secure destruction.

12
MCQmedium

A technician is decommissioning a server that contained highly sensitive financial data. The server has multiple HDDs in a RAID array. The company policy requires data destruction to be certified. Which approach is most efficient and secure?

A.Perform a single overwrite on the RAID logical volume.
B.Remove each drive and wipe them individually using a secure erase tool.
C.Degauss the entire server chassis.
D.Reformat the RAID array and reinstall the OS.
AnswerB

Wiping each drive individually ensures all physical sectors are overwritten, regardless of RAID configuration.

Why this answer

Option B is correct because secure erase tools (e.g., ATA Secure Erase) perform a cryptographic or full overwrite at the drive firmware level, ensuring each HDD is individually sanitized and can be certified. In a RAID array, the controller may cache or stripe data, so wiping the logical volume (Option A) or reformatting (Option D) does not guarantee all physical sectors on every drive are overwritten, leaving residual data recoverable. Degaussing (Option C) destroys the drives' magnetic media but is impractical for a full chassis and may not provide certified destruction for mixed media.

Exam trap

CompTIA often tests the misconception that wiping a RAID logical volume is equivalent to wiping each physical drive, but the trap is that RAID controllers abstract the physical layout, so logical operations may miss hidden or spare sectors on individual HDDs.

How to eliminate wrong answers

Option A is wrong because a single overwrite on the RAID logical volume only targets the logical block addresses presented by the RAID controller, not the physical sectors on each drive; RAID striping and spare sectors can leave data intact on individual HDDs. Option C is wrong because degaussing the entire server chassis is not feasible—degaussers require close proximity to each drive's platters, and the chassis itself may contain non-magnetic components (e.g., SSDs) that are not affected, plus it does not provide a verifiable certificate for each drive. Option D is wrong because reformatting the RAID array and reinstalling the OS only overwrites file system metadata and a small portion of the data area, leaving the vast majority of financial data recoverable with forensic tools.

13
MCQmedium

An organization is moving to a cloud-based system and needs to dispose of several tape backup cartridges that contain years of financial data. The tapes are LTO-5 and are still readable. Which destruction method is most appropriate?

A.Overwrite the tapes with a bulk eraser or degausser.
B.Perform a quick format of the tapes using a tape drive.
C.Reuse the tapes for non-sensitive data after deleting the files.
D.Burn the tapes in an industrial incinerator.
AnswerA

A degausser designed for tape will destroy the magnetic data, making recovery impossible, and is a standard method for tape disposal.

Why this answer

A degausser or bulk eraser generates a powerful magnetic field that disrupts the magnetic domains on the LTO-5 tape media, rendering the previously stored data unrecoverable. This method is the most appropriate for LTO-5 tapes because it physically destroys the magnetic encoding without requiring a compatible tape drive, and it is faster and more reliable than attempting to overwrite the entire tape. For secure disposal of magnetic media containing sensitive financial data, degaussing is the industry-standard approach when physical destruction is not mandated.

Exam trap

CompTIA A+ often tests the misconception that a quick format or file deletion is sufficient for secure data destruction on magnetic media, when in fact only degaussing or physical destruction ensures the data is irrecoverable.

How to eliminate wrong answers

Option B is wrong because a quick format only erases the file system index or directory structure, not the underlying data on the tape; the financial data remains recoverable with forensic tools. Option C is wrong because simply deleting files or reusing the tapes after file deletion does not remove the residual magnetic signature of the original data, leaving it vulnerable to recovery using specialized equipment. Option D is wrong because while incineration would physically destroy the tapes, it is unnecessarily extreme, costly, and environmentally hazardous for LTO-5 cartridges; degaussing is the appropriate and sufficient method for magnetic media that does not require physical destruction.

14
MCQmedium

A company is relocating and needs to dispose of 50 old desktop computers with HDDs that contain sensitive client data. The policy requires data destruction to be verifiable and the drives to be physically destroyed. Which method meets these requirements?

A.Use a degausser and then donate the drives to a school.
B.Overwrite each drive with three passes of random data.
C.Send the drives to a certified e-waste recycler for shredding.
D.Reformat each drive and install a fresh OS for reuse.
AnswerC

Shredding physically destroys the drives and a certified recycler can provide a certificate of destruction, satisfying the policy.

Why this answer

Physical destruction methods like shredding or crushing provide verifiable destruction (e.g., through a certificate of destruction) and ensure the drives cannot be reused, meeting strict security policies. Degaussing also destroys data but may not physically destroy the drive.

15
MCQmedium

A customer brings in a laptop that they want to recycle, but they are concerned about personal data. The laptop has a 256GB SSD and the customer wants to keep the laptop functional for resale. Which method should the technician recommend?

A.Remove the SSD and physically destroy it, then sell the laptop without a drive.
B.Use a degausser on the SSD.
C.Perform a standard format and reinstall Windows.
D.Use the 'Reset this PC' option with the 'Remove everything and clean the drive' setting.
AnswerD

This option performs a secure erase that overwrites all sectors, making data recovery difficult while keeping the laptop functional.

Why this answer

The correct answer is to use the built-in 'Reset this PC' with the 'Remove everything and clean the drive' option, which performs a secure wipe on SSDs. This ensures data is overwritten while keeping the laptop usable. Simple deletion or formatting is insufficient, and physical destruction would make the laptop unusable.

16
MCQmedium

A company is migrating to new laptops and needs to dispose of 50 old hard drives securely. The drives contain proprietary software and client data. The IT manager wants a method that is both environmentally friendly and compliant with data protection laws. Which disposal method should be chosen?

A.Donate the drives to a local charity after wiping them with a free tool.
B.Use a certified e-waste recycler that offers secure destruction and recycling.
C.Physically break the drives with a drill and dispose of them in the regular trash.
D.Perform a quick format and sell the drives online.
AnswerB

Certified recyclers follow standards for data destruction (e.g., shredding) and recycle materials, meeting both security and environmental goals.

Why this answer

Option B is correct because certified e-waste recyclers follow strict data destruction standards (e.g., NIST SP 800-88) and environmental regulations (e.g., R2 or e-Stewards certification). This ensures the drives are physically destroyed or degaussed to prevent data recovery, while responsibly recycling materials, meeting both security and compliance requirements.

Exam trap

Candidates often think that physical destruction (e.g., drilling) is sufficient for security, but the trap is that it must be combined with proper disposal (e.g., through a certified recycler) to be both environmentally compliant and legally defensible.

How to eliminate wrong answers

Option A is wrong because free wiping tools may not overwrite data to a secure standard (e.g., only a single pass or not covering hidden areas like HPA/DCO), and donating drives still risks residual data exposure if the tool fails or is misused. Option C is wrong because physically breaking drives with a drill does not guarantee complete destruction of all platters or chips, and disposing of them in regular trash violates environmental laws and can lead to data recovery from remaining fragments. Option D is wrong because a quick format only removes the file system pointers, leaving all data intact and easily recoverable with forensic tools, and selling drives online exposes proprietary software and client data to unauthorized parties.

17
MCQmedium

A user reports that their computer is running slowly and they suspect a virus. After scanning, the technician finds malware that has encrypted several files. The technician decides to wipe the drive and reinstall the OS. What should be done to ensure the malware is completely removed before data destruction?

A.Run a quick format and then reinstall the OS.
B.Use a secure erase utility that overwrites the entire drive including the boot sector.
C.Delete the encrypted files and run a registry cleaner.
D.Use System Restore to revert to a previous state.
AnswerB

Secure erase overwrites all areas, including the boot sector, eliminating persistent malware.

Why this answer

Some malware can persist in the boot sector or firmware. A full wipe of the entire drive (including the boot sector) using a secure erase or low-level format ensures no malware remnants remain. A simple format may leave boot-sector malware intact.

18
MCQmedium

During a security audit, a technician discovers that an employee used a hammer to destroy several old hard drives. The drives are now in pieces, but the organization's policy mandates 'secure data destruction' for compliance. Which additional step should the technician take?

A.Document the destruction and consider it complete.
B.Use a degausser on the remaining pieces.
C.Visually inspect the platters for scratches and breaks, then shred any intact platters.
D.Run a data recovery tool on the pieces to see if data remains.
AnswerC

Visual inspection ensures platters are damaged; shredding any intact ones guarantees data destruction and meets compliance.

Why this answer

The correct answer is to verify the destruction by inspecting the platters for visible damage and ensuring they are not intact. Hammering may leave platters partially readable. This question tests the concept of verification in data destruction, as physical methods must be confirmed effective.

19
MCQmedium

A technician is tasked with disposing of a large batch of optical discs (CD-Rs and DVD-Rs) that contain archived customer records. The company policy requires data to be unrecoverable. Which disposal method is most appropriate?

A.Use a degausser to demagnetize the discs.
B.Overwrite the discs with a disk-wiping tool.
C.Shred the discs using an industrial cross-cut shredder.
D.Perform a quick format on the discs.
AnswerC

Shredding physically breaks the discs into small pieces, making data recovery impossible.

Why this answer

Option C is correct because industrial cross-cut shredding physically destroys the optical discs (CD-Rs and DVD-Rs), rendering the data unrecoverable. Unlike magnetic media, optical discs store data as physical pits in a dye layer, so degaussing or overwriting is ineffective. Shredding ensures compliance with data destruction policies requiring unrecoverable data.

Exam trap

The trap here is that candidates confuse optical discs with magnetic media and assume degaussing or overwriting works, but the CompTIA A+ exam tests the fundamental difference that optical storage is physically permanent and requires physical destruction.

How to eliminate wrong answers

Option A is wrong because degaussers work by disrupting magnetic fields on magnetic media (e.g., hard drives, tapes), but optical discs like CD-Rs and DVD-Rs store data optically, not magnetically, so demagnetization has no effect. Option B is wrong because overwriting with a disk-wiping tool is designed for rewritable media (e.g., CD-RW, DVD-RW) and cannot alter the read-only dye layer of CD-Rs or DVD-Rs; the data remains physically intact. Option D is wrong because a quick format only removes the file system index, leaving the actual data on the disc fully recoverable with forensic tools.

20
MCQeasy

A small business is upgrading its workstations and needs to dispose of 20 old hard drives that contain confidential payroll records. The company wants the lowest-cost method that ensures data cannot be recovered. Which disposal method should be recommended?

A.Use a degausser on each drive.
B.Perform a standard format on each drive.
C.Drill holes through the platters of each drive.
D.Reformat the drives and install a fresh OS.
AnswerC

Drilling physically damages the platters, making data unrecoverable at very low cost. This is a common low-budget disposal method.

Why this answer

Drilling holes through the platters physically destroys the magnetic surfaces, making data recovery impossible without specialized cleanroom equipment. This is the lowest-cost method that guarantees destruction because it directly damages the storage medium beyond repair, unlike degaussing which may not work on modern SSDs or high-coercivity drives.

Exam trap

CompTIA A+ often tests the misconception that a standard format or OS reinstall permanently erases data, when in fact only a secure wipe (e.g., overwriting with zeros multiple times) or physical destruction ensures data is unrecoverable.

How to eliminate wrong answers

Option A is wrong because degaussers are expensive and may not effectively erase data from modern high-coercivity hard drives or SSDs, and they can damage the drive's electronics without guaranteeing complete data destruction. Option B is wrong because a standard format only removes the file system pointers, leaving the actual data intact on the platters, which can be easily recovered with data recovery software. Option D is wrong because reformatting and installing a fresh OS similarly only overwrites the file system metadata, not the underlying data, and does not prevent recovery using forensic tools.

21
MCQhard

A healthcare clinic is disposing of 50 hard drives that contained protected health information (PHI). The compliance officer insists on a method that meets HIPAA requirements and provides a certificate of destruction. Which approach should be taken?

A.Overwrite the drives with zeros and reuse them in non-patient areas.
B.Use a degausser and then recycle the drives as scrap metal.
C.Hire a certified e-waste recycler to physically shred the drives and provide a certificate of destruction.
D.Perform a cryptographic erase if the drives support it.
AnswerC

A certified recycler will shred the drives and issue a certificate, meeting HIPAA requirements and providing audit-proof documentation.

Why this answer

Option C is correct because HIPAA requires that PHI on electronic media be rendered permanently unreadable and unrecoverable, and physical destruction (e.g., shredding) is the only method that guarantees this for hard drives. A certified e-waste recycler provides a certificate of destruction, which serves as the required documentation of compliance. Overwriting, degaussing, or cryptographic erase may not be sufficient or verifiable for all drives, especially if they are being disposed of rather than reused.

Exam trap

The A+ exam often tests the misconception that degaussing or cryptographic erase is sufficient for HIPAA disposal, but the key requirement for a certificate of destruction and the need for physical destruction when drives are not being reused makes shredding the only correct answer.

How to eliminate wrong answers

Option A is wrong because overwriting with zeros does not meet HIPAA requirements for disposal of drives containing PHI; it is a sanitization method for reuse, not destruction, and does not provide a certificate of destruction. Option B is wrong because degaussing destroys the magnetic media but does not physically destroy the drive, and many recyclers will not accept degaussed drives as scrap metal without additional processing; more importantly, degaussing alone does not produce a certificate of destruction from a certified recycler. Option D is wrong because cryptographic erase only renders data inaccessible by destroying the encryption key, but the encrypted data remains on the drive and could potentially be recovered if the key is compromised or if the drive is later analyzed; it does not meet the physical destruction requirement for disposal and does not provide a certificate of destruction.

22
MCQeasy

A customer is returning a leased laptop that contains sensitive client data. The lease agreement requires that the data be irrecoverably destroyed, but the laptop must remain functional for the next lessee. Which method should you use?

A.Perform a quick format of the hard drive.
B.Use a degausser to demagnetize the drive.
C.Run a secure erase utility that overwrites all sectors with zeros.
D.Physically shred the hard drive.
AnswerC

Secure erase overwrites every sector, making data unrecoverable while leaving the drive intact and usable for the next lessee.

Why this answer

Option C is correct because a secure erase utility that overwrites all sectors with zeros (e.g., using ATA Secure Erase or a tool like DBAN) renders the data irrecoverable by standard forensic methods while leaving the drive functional for the next lessee. This satisfies the lease agreement's requirement for data destruction without damaging the hardware. Quick formats only remove file system pointers, leaving data recoverable, while degaussing or physical destruction would render the laptop non-functional.

Exam trap

On the CompTIA A+ exam, candidates often confuse a quick format with a secure erase, assuming it removes data when it only removes the index. The key distinction is that a secure overwrite (e.g., zero-fill) preserves hardware functionality while making data irrecoverable.

How to eliminate wrong answers

Option A is wrong because a quick format only clears the file system metadata (e.g., MFT or FAT) and does not overwrite the actual data sectors, leaving all client data recoverable with simple file recovery tools. Option B is wrong because a degausser uses a strong magnetic field to demagnetize the platters, which destroys the drive's ability to store data permanently, making the laptop non-functional for the next lessee. Option D is wrong because physically shredding the hard drive destroys the hardware entirely, which violates the requirement that the laptop remain functional for the next lessee.

23
MCQhard

A technician is tasked with disposing of a failed SSD that contains encrypted financial records. The SSD is non-functional and cannot be powered on. Which method should the technician use to ensure data is destroyed?

A.Use a degausser on the SSD.
B.Perform a secure erase command via SATA interface.
C.Physically shred the SSD using an industrial shredder.
D.Overwrite the SSD with a data wiping tool on another computer.
AnswerC

Physical destruction ensures the NAND chips are broken into small pieces, making data recovery impossible.

Why this answer

The SSD is non-functional and cannot be powered on, so any software-based method (secure erase, overwriting) is impossible. Physical destruction via an industrial shredder is the only reliable way to ensure the encrypted financial records are unrecoverable from a dead SSD, as it physically breaks the NAND chips beyond repair.

Exam trap

The trap here is that candidates assume a degausser works on all storage devices, but SSDs are not magnetic media and degaussing has no effect on NAND flash memory.

How to eliminate wrong answers

Option A is wrong because degaussers use a strong magnetic field to erase data on magnetic media (HDDs), but SSDs store data electrically in NAND flash cells and are not affected by magnetic fields; degaussing will not destroy the data and may leave the SSD physically intact. Option B is wrong because a secure erase command requires the SSD to be powered on and functional to execute the ATA Secure Erase command via the SATA interface; a non-functional SSD cannot communicate or execute any command. Option D is wrong because overwriting with a data wiping tool requires the SSD to be connected to another computer and powered on to write new data over the existing data; a dead SSD cannot be recognized or written to.

24
MCQeasy

A technician is disposing of a stack of CDs and DVDs that contain backup data from a medical office. The media are labeled with patient information. Which method should the technician use to destroy the data?

A.Use a degausser on each disc.
B.Scratch the surface of each disc with a key.
C.Use a cross-cut shredder that accepts optical discs.
D.Place the discs in a microwave for 10 seconds.
AnswerC

Cross-cut shredding reduces discs to small pieces, ensuring data is physically destroyed and unrecoverable.

Why this answer

Option C is correct because a cross-cut shredder that accepts optical discs physically destroys the media into small pieces, making data recovery impossible. This method is compliant with HIPAA requirements for destroying protected health information (PHI) on CDs and DVDs, as it renders the data irrecoverable through physical destruction.

Exam trap

CompTIA often tests the misconception that degaussing works on all storage media, but the trap here is that optical discs are non-magnetic, so candidates who confuse magnetic media destruction with optical media destruction will incorrectly choose Option A.

How to eliminate wrong answers

Option A is wrong because degaussers use a strong magnetic field to erase data on magnetic media (e.g., hard drives, tapes), but optical discs like CDs and DVDs store data as physical pits and lands on a reflective layer, not magnetically, so a degausser has no effect on them. Option B is wrong because scratching the surface with a key only damages a small portion of the disc; data can still be read from unscratched areas using specialized software, leaving patient information recoverable. Option D is wrong because microwaving discs for 10 seconds may cause physical damage but is unreliable and dangerous—it can create toxic fumes, fire hazards, and may not fully destroy all data layers, especially on dual-layer DVDs, leaving residual data potentially recoverable.

25
MCQhard

An IT manager wants to implement a data destruction policy that meets the U.S. Department of Defense (DoD) 5220.22-M standard for top-secret data. The drives are HDDs and will be reused within the organization. Which method is required?

A.Perform a single overwrite with zeros.
B.Use a degausser and then reformat the drive.
C.Run a three-pass overwrite (zeros, ones, random).
D.Physically destroy the drive with a hammer.
AnswerC

The DoD 5220.22-M standard for top-secret data specifies a three-pass overwrite to ensure data is unrecoverable.

Why this answer

The DoD 5220.22-M standard for top-secret data requires a three-pass overwrite (zeros, ones, and a random character) to ensure that residual magnetic data is unrecoverable. Since the drives are HDDs and will be reused, overwriting is the appropriate method because it sanitizes the media without destroying it. A single overwrite or degaussing would not meet the three-pass requirement, and physical destruction would prevent reuse.

Exam trap

The CompTIA A+ exam often tests the misconception that a single overwrite or degaussing is sufficient for top-secret data, but the DoD 5220.22-M standard explicitly requires three passes for that classification level.

How to eliminate wrong answers

Option A is wrong because a single overwrite with zeros does not meet the DoD 5220.22-M standard, which mandates three passes for top-secret data. Option B is wrong because degaussing renders the drive unusable (it erases the servo tracks), preventing reuse, and the standard requires overwriting, not degaussing, for reusable media. Option D is wrong because physical destruction with a hammer prevents reuse, which contradicts the requirement that the drives will be reused within the organization.

26
MCQmedium

During a routine hardware refresh, a technician finds a box of old USB flash drives that were used to store temporary project files. The drives are to be given to employees for personal use. What is the most practical way to ensure no project data remains?

A.Delete all files and empty the Recycle Bin.
B.Use a diskpart clean all command to overwrite every sector.
C.Microwave the flash drives to destroy the chips.
D.Reformat the drives with a quick format.
AnswerB

The 'clean all' command writes zeros to every sector, making data unrecoverable while preserving the drive's functionality.

Why this answer

Option B is correct because the 'diskpart clean all' command writes zeros or other patterns to every sector of the drive, ensuring that all previously stored data, including temporary project files, is overwritten and cannot be recovered using standard file recovery tools. This is the most practical method for sanitizing USB flash drives before repurposing them for personal use, as it meets the data destruction requirements without physically destroying the media.

Exam trap

CompTIA often tests the misconception that a quick format or file deletion is sufficient for data removal, when in fact these methods leave data recoverable and only the 'clean all' command (or similar overwrite) ensures proper sanitization for repurposed media.

How to eliminate wrong answers

Option A is wrong because simply deleting files and emptying the Recycle Bin only removes the file system pointers, leaving the actual data intact on the flash drive, which can be easily recovered with undelete or forensic tools. Option C is wrong because microwaving flash drives is impractical, dangerous, and may not reliably destroy all data; it can also damage the equipment and pose a fire hazard, making it unsuitable for routine hardware refresh scenarios. Option D is wrong because a quick format only clears the file system metadata (e.g., the master file table) and does not overwrite the underlying data sectors, leaving project data recoverable with specialized software.

27
MCQmedium

A company is decommissioning a server that contained encrypted customer financial data. The IT manager wants to ensure the data is destroyed without damaging the hard drives, as they will be reused in test environments. Which method should be used?

A.Physically shred the drives.
B.Perform a standard format and reinstall the OS.
C.Issue a cryptographic erase command to the drive's self-encrypting feature.
D.Use a degausser on the drives.
AnswerC

Crypto erase changes the encryption key, rendering all data unreadable. The drive remains usable for testing.

Why this answer

Option C is correct because the server's hard drives are self-encrypting drives (SEDs) that support the TCG Opal or IEEE 1667 standard. Issuing a cryptographic erase command (e.g., via hdparm --security-erase or a vendor tool) instantly invalidates the media encryption key, rendering all data on the drive permanently inaccessible without physically damaging the drive. This meets the requirement of destroying the encrypted customer financial data while preserving the drives for reuse in test environments.

Exam trap

A common misconception tested on the CompTIA A+ exam is that a standard format or OS reinstall is sufficient for secure data destruction. However, encrypted data on SEDs remains recoverable unless the encryption key is specifically invalidated via a cryptographic erase command.

How to eliminate wrong answers

Option A is wrong because physically shredding the drives destroys them, contradicting the requirement to reuse them in test environments. Option B is wrong because a standard format and OS reinstall only overwrites file system metadata and does not securely erase the underlying encrypted data; the original media encryption key remains intact, and data could potentially be recovered from the encrypted sectors. Option D is wrong because using a degausser applies a strong magnetic field that destroys the drive's firmware, servo tracks, and the self-encrypting capability, making the drive permanently unusable and violating the reuse requirement.

28
MCQhard

A technician is decommissioning a server that uses a hardware RAID controller. The company policy requires that all data be destroyed, but the drives must be returned to the leasing company. Which method ensures data is unrecoverable while preserving the drives?

A.Remove the drives and use a degausser on each one.
B.Perform a secure erase using a bootable utility like DBAN.
C.Use the RAID controller's built-in 'secure erase' or 'low-level format' command.
D.Physically drill through the drive enclosures.
AnswerC

The controller's utility can access all sectors, ensuring complete data removal while keeping drives functional for return.

Why this answer

Option C is correct because the RAID controller's built-in 'secure erase' or 'low-level format' command issues the ATA Secure Erase command (or SCSI equivalent) directly to each drive, which overwrites all user-accessible data areas and often the hidden RAID metadata, making data unrecoverable. This method preserves the physical drives for return to the leasing company, as required by policy, and is the only option that both destroys data and leaves the drives functional.

Exam trap

The A+ exam often tests the misconception that a software-based overwrite tool like DBAN is sufficient for RAID arrays, but the trap here is that such tools cannot access the controller's hidden metadata or spare sectors, whereas the RAID controller's built-in secure erase command ensures complete data destruction at the physical drive level.

How to eliminate wrong answers

Option A is wrong because degaussing a hard drive destroys the magnetic platters, rendering the drive permanently non-functional and unreturnable to the leasing company. Option B is wrong because DBAN (Darik's Boot and Nuke) performs a software-based overwrite that may not reach the RAID controller's hidden metadata or spare sectors, and it requires the drives to be removed from the RAID controller or the controller to be in pass-through mode, which is often impractical. Option D is wrong because physically drilling through the drive enclosures destroys the drives, making them impossible to return to the leasing company, and violates the policy of preserving the drives.

29
MCQhard

A company is migrating to a new cloud-based system and needs to dispose of old tape backup cartridges that contain years of financial data. The tapes are magnetic media. Which disposal method is most appropriate for this media type?

A.Overwrite the tapes with a bulk eraser.
B.Reformat the tapes using a tape drive.
C.Incinerate the tapes in a certified facility.
D.Delete the files from the tape catalog.
AnswerA

A bulk eraser (degausser) is designed for magnetic tape and will completely erase the data. This is the standard method for tape disposal.

Why this answer

Magnetic tape is best destroyed by degaussing, which disrupts the magnetic domains, or by physical shredding. Degaussing is fast and effective for tape, but it renders the tape unusable. Shredding is also acceptable.

30
MCQhard

A technician is decommissioning a RAID array of 10 hard drives that contained sensitive HR data. The company policy requires that data be destroyed without removing individual drives from the array. Which method is most appropriate?

A.Remove each drive and use a hammer to break the platters.
B.Use a degausser that can accommodate the entire array chassis.
C.Perform a secure erase on each drive via the RAID controller.
D.Reformat the array and reuse it for non-sensitive data.
AnswerB

A degausser can destroy data on all magnetic drives simultaneously without removal, though it may damage the controller—acceptable for decommissioning.

Why this answer

The correct answer is to use a degausser designed for large media, which can destroy data on all drives simultaneously without disassembly. However, this may damage the RAID controller. Alternatively, a bulk eraser could be used.

This question tests understanding of bulk destruction methods for RAID arrays.

Ready to test yourself?

Try a timed practice session using only Data Destruction and Disposal questions.