Question 5 - WGU Managing-Cloud-Security Real Exam Questions [Jan 2026 Update]

Q: 5

Which data destruction technique involves encrypting the data, followed by encrypting the resulting keys with a different engine, and then destroying the keys resulting from the second encryption round?

Options

Correct Answer:

Explanation

Cryptographic erasure, also known as crypto-shredding, is a data sanitization technique where data is first encrypted, and then the cryptographic keys required to decrypt that data are securely and deliberately destroyed. By eliminating the keys, the encrypted data (ciphertext) is rendered unrecoverable, effectively destroying the information. The process described in the question—encrypting data and then destroying the keys used for that encryption—is the precise definition of cryptographic erasure. This method is particularly prevalent and recommended in cloud environments where the customer does not have physical control over the storage media.

Why Incorrect

A. One-way hashing: This process creates a non-reversible, fixed-length digest of data for integrity verification, not for data destruction or sanitization.

B. Degaussing: This is a physical sanitization method that uses a strong magnetic field to destroy data on magnetic media; it does not involve encryption.

C. Overwriting: This technique involves writing new patterns of data over the original data to make it unrecoverable; it is a different method from key destruction.

References

1. National Institute of Standards and Technology (NIST) Special Publication 800-88 Revision 1

Guidelines for Media Sanitization.

Section 2.5

"Cryptographic Erase (CE)": "Cryptographic Erase (CE) is a method of sanitization where the media is sanitized by erasing the cryptographic key that was used to encrypt the data

leaving only the ciphertext." (Page 8).

Appendix A

"Sanitization and Disposition Decision Flow": Describes CE as a valid sanitization method for devices that support it

such as Self-Encrypting Drives (SEDs).

2. Cloud Security Alliance (CSA)

Security Guidance for Critical Areas of Focus in Cloud Computing v4.0.

Domain 11: Data Security & Encryption

"Data Destruction" section: "Cryptographic erasure (or crypto-shredding) is a viable option for rendering data unrecoverable. With this method

data is encrypted by a key

and the key is destroyed to make the data unrecoverable." (Page 128).

3. ISO/IEC 27040:2015

Information technology — Security techniques — Storage security.

Section 7.5.6

"Cryptographic erase": This standard defines cryptographic erase as a method that can be used to sanitize data on storage media by sanitizing the media encryption keys

which renders the encrypted data unreadable. It notes this is often the only feasible option for sanitizing certain technologies.

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

📖 About this Domain

🎓 What You Will Learn

🛠️ Skills You Will Build

💡 Top Tips to Prepare

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE