A company is preparing to decommission an offline, non-networked root certificate server. Before
sending the server’s drives to be destroyed by a contracted company, the Chief Security Officer (CSO)
wants to be certain that the data will not be accessed. Which of the following, if implemented, would
BEST reassure the CSO? (Select TWO).

A.
Disk hashing procedures

B.
Full disk encryption

C.
Data retention policies

D.
Disk wiping procedures

E.
Removable media encryption

Explanation:
B: Full disk encryption is when the entire volume is encrypted; the data is not accessible to someone who
might boot another operating system in an attempt to bypass the computer’s security. Full disk
encryption is sometimes referred to as hard drive encryption.
D: Disk wiping is the process of overwriting data on the repeatedly, or using a magnet to alter the
magnetic structure of the disks. This renders the data unreadable.
Incorrect Answers:
A: Hashing is used to protect the integrity of data as it will indicate whether the data was altered or not. It
does not protect against unauthorized access.
C: Data Retention policies refer to the period that that should be kept and will thus not be helpful to the
SCO to make sure that data will not be accessed.
E: The Server’s drives are not removable media – thus data can still be accessed.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 290, 386
https://wiki.archlinux.org/index.php/Securely_wipe_disk