CompTIA SecurityX (CAS-005) — Question 68

A help desk technician is troubleshooting an issue with an employee's laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following:
The laptop operating system was not configured with BitLocker.
The hard drive has no hardware failures.
Data is present and readable on the hard drive, although it appears to be illegible.
Which of the following is the most likely reason the technician is unable to retrieve legible data from the hard drive?

Answer options

• A. The employee's password was changed, and the new password needs to be used.
• B. The PKI certificate was revoked, and a new one must be installed.
• C. The hard drive experienced crypto-shredding.
• D. The technician is using the incorrect cipher to read the data.

Correct answer: C

Explanation

The correct answer is C, as crypto-shredding permanently destroys data through encryption, rendering it illegible. Options A and B are incorrect because they relate to authentication and certificate issues, which are not applicable here. Option D is also wrong, as the issue is not about using the wrong cipher, but rather the data being unrecoverable due to crypto-shredding.