Exam CAS-005 topic 1 question 74 discussion

❌ Why the other options are incorrect: A. The employee's password was changed, and the new password needs to be used This would not make the data unreadable unless full-disk encryption was involved — and we’re told BitLocker was not configured. B. The PKI certificate was revoked, and a new one must be installed PKI issues would impact encrypted emails, VPNs, or certain authentication, not raw file readability on a hard drive. D. The technician is using the incorrect cipher to read the data There's no indication that the technician is using any specific decryption tools. If standard tools show the data but it's unreadable, it's likely due to data being wiped/encrypted without key recovery — consistent with crypto-shredding.

✅ Explanation: Given the scenario: The laptop was reported stolen, then recovered. BitLocker was not configured, so OS-level encryption is not protecting the data. The hard drive has no hardware failure, and data is present but illegible. This implies the data was deliberately rendered unreadable, not corrupted or encrypted in transit. C. Crypto-shredding: Crypto-shredding is a secure data destruction technique where encryption keys are destroyed, making the encrypted data permanently inaccessible, even though it still exists on the drive. It’s commonly used by remote wipe or anti-theft tools, which some laptops perform automatically when flagged as lost or stolen. Since the laptop was reported stolen, it’s highly likely some anti-theft or endpoint protection triggered crypto-shredding to protect the data.