← Concepts
Security OperationsSY0-701 · Task 4.2

Data sanitization and destruction — SY0-701

Master the Clear–Purge–Destroy sanitization hierarchy for CompTIA Security+ SY0-701, grounded in NIST definitions, and avoid the most common exam trap.

WHAT IT IS

Sanitization is the "process to render access to target data on the media infeasible for a given level of effort" (CNSSI 4009-2015, via NIST glossary). Media sanitization specifically refers to "the actions taken to render data written on media unrecoverable by both logical and state-of-the-art laboratory techniques" (NIST SP 800-88r2, via NIST glossary). Destruction is the sanitization method that renders target data recovery infeasible using state-of-the-art laboratory techniques and subsequently makes the media itself unable to store data (CNSSI 4009-2015, NIST SP 800-88r2, via NIST glossary).

Together these concepts define the full lifecycle of removing sensitive data from storage media before reuse, transfer, or disposal.

Mental model

Think of three gates, each one harder to reverse than the last. You pick the gate based on how sensitive the data is and what happens to the media next.

Gate labels are grounded in NIST SP 800-88r2 / CNSSI 4009-2015 definitions.

When to use it

MethodNIST Definition (source)What it defeatsMedia afterward
Clear"Applies logical techniques to sanitize data in all user-addressable storage locations for protection against simple, non-invasive data recovery techniques" (NIST SP 800-88r2)Ordinary, non-invasive recoveryRemains functional; can be reused
Purge"Applies physical or logical techniques that render target data recovery infeasible using state-of-the-art laboratory techniques" (NIST SP 800-88r2)Lab-grade forensic recoveryTypically remains functional; ready for release
Cryptographic Erase"A method of sanitization in which the media encryption key (MEK) for the encrypted target data is sanitized, making recovery of the decrypted target data infeasible" (CNSSI 4009-2015; classified as a Purge technique in NIST SP 800-88r2)Decryption of remaining ciphertextMedia remains functional
Destroy"A sanitization method that renders target data recovery infeasible using state-of-the-art laboratory techniques, resulting in the subsequent inability to use the media for data storage" (CNSSI 4009-2015, NIST SP 800-88r2)Any recovery by any meansMedia is permanently unusable

Choose a higher gate whenever data sensitivity or the media's next destination demands it; you cannot move backward once a method is applied.

COMMON MISCONCEPTION

Deleting a file or formatting a drive is not sanitization.

The NIST glossary definition of sanitization requires that access to target data be rendered "infeasible." A standard operating-system delete or a quick format does not overwrite the underlying storage — it only removes directory pointers. The raw data remains physically present and is recoverable by non-invasive means, which means it does not even meet the threshold for Clear, the least-stringent NIST sanitization method. Candidates who treat "delete" and "clear" as synonyms will choose the wrong answer.

A related trap: Cryptographic Erase destroys the encryption key, not the ciphertext — the encrypted data may still be present on the media. Its effectiveness depends entirely on the underlying data having been encrypted before the erase. Applying Cryptographic Erase to plaintext data provides no protection.

How it shows up on the exam

The cognitive target is analysis: given a scenario describing the data's sensitivity, the media type, and the media's intended next use, select the appropriate sanitization method.

Signal phrases to recognize:

  • "The organization is donating old hard drives" → the media is leaving the organization; candidates should consider whether Clear alone is sufficient or whether Purge-level techniques are needed.
  • "The SSD will be reused internally" → media stays within the trust boundary; Clear may be appropriate, but candidates often confuse this with simple deletion.
  • "The drive is self-encrypting" or "full-disk encryption was enabled" → Cryptographic Erase is the technique grounded in NIST as a Purge method; candidates may confuse it with physical destruction or with standard overwriting.
  • "The media is damaged and cannot be wiped" → Destroy is the grounded path when media cannot be sanitized by logical means.

A common misconception candidates bring in is that any kind of data removal equals sanitization. Questions exploit this by including "delete all files" or "reformat the drive" among the options — neither satisfies the NIST definition of Clear, Purge, or Destroy.

Related concepts

  • Asset Management — tracking what media exists is a prerequisite for knowing what must be sanitized.
  • Acquisition and Procurement — sanitization requirements often originate in procurement contracts and end-of-life agreements.
  • Secure Baselines — baseline configurations may specify sanitization standards that apply to decommissioned assets.

Sources

Every claim on this page traces to the public exam blueprint and official documentation:

CutScore is an independent study tool and is not affiliated with, authorized by, endorsed by, or sponsored by Amazon Web Services. “AWS” and “AWS Certified AI Practitioner” are trademarks of Amazon.com, Inc. or its affiliates. All content is independently authored from the public exam blueprint and official documentation — no real exam content is used.

The exam-readiness instrument. Know if you’re ready before you book.

Product
PricingConceptsBlog
Legal
PrivacyTermsRefund policy
Company
Contact
© 2026 The Plain Works Co.AWS and AWS Certified AI Practitioner are trademarks of Amazon.com, Inc. or its affiliates. CutScore is independent and not affiliated with, endorsed by, or sponsored by Amazon Web Services.