I think both, That’s why the answer is C

Hi Mike - I tried replying to your note a couple of times, but am not seeing either response. Are you seeing on your end?

@@louhablas3146 No, do not see it.

@@mikekorsak373 OK - trying one more time. This is my 4th attempt to reply - not sure why YT has seemingly chewed up the other attempts. To your question, yes, SSD media is included. One thing that's very important to note with SSD is that data is NOT stored magnetically as with spinning platters. So, your best means of ensuring no data remanence is through physical destruction - incineration/shredding or similar. Degaussing will not work, due to the aforementioned fact that data is not stored magnetically. You can use cryptoshredding, but the encrypted data *will* still remain on the media and could be recovered if the encryption algorithm is broken or the key is not disposed of in a secure manner. Does this help?

@@louhablas3146 Very helpful, thank you!

Hi Yash...please accept my apology for the delayed reply. To your question, crypto shredding does not necessarily remove data from the disk - it simply encrypts it. However, depending upon the process used, the disk space is typically going to *appear* as free, because file/folder directory pointers will be removed and the space occupied by encrypted data could then be overwritten/utilized. Does this help/make sense?

According to NIST standard, purge provides higher lever of media sanitization than clear

The best definition is that purging ensures data is NOT recoverable. Clearing means data MAY be recoverable. Purging is definitely better if you want to ensure the data is not recoverable. Destruction of the media that the data was stored on (E.g. melting the hard drive) is the BEST way to ensure data is not recoverable

Hi Mayur. Have you seen Rob's MindMap videos here: kzbin.info/aero/PLZKdGEfEyJhKWyryIvx_jm1jn6ZMTi7gW These videos cover ALL 8 Domains covered by the CISSP exam, and they reflect the CISSP Exam Outline published by (ISC)2. They are not sufficient by themselves to prepare a student to pass the exam, but if coupled with other resources - including things like the Official Study Guide (OSG) and Official Practice Tests books - a student should be able to sufficiently prepare to pass it.

Hi Yusuf - Degaussing is considered a type of Destruction as well as a type of Purging, because data *may* remain on the media after the process. In most cases, degaussing *will* sufficiently destroy all data, but there's also a chance that *some* of the media could be recovered. Physical destruction of a drive is always the best method to ensure that no data can be recovered. Thus, Degauss straddles Destruction/Purging Encryption - cryptoshredding - is a popular and very effective purging technique, as using a very strong encryption algorithm to encrypt data and then "throwing" away the key should render the data unrecoverable; BUT, notice that's a BIG but, the data - the encrypted data *is* still on the media. If the encryption algorithm used to encrypt the data was ever broken, or if someone inadvertently stumbled across a copy of the key, etc. the data could then be recovered. Thus, Encryption straddles Purging and Clearing. As a security professional, this is good knowledge to have, as it will allow you to be more effective in your role; as a CISSP candidate, knowing these differences might help you navigate an exam question correctly. Please drop me a note at lou at destcert dot com if you'd like to discuss further or have other questions.

I agree. This stuff is all over the place.

This question doesn’t say it holds sensitive data though