A 1 TB SSD is encrypted with LUKS2 and must be sanitized before it leaves the secure facility. The compliance policy specifies cryptographic destruction and stresses that the process must finish as quickly as possible-overwriting the entire drive is not acceptable. Which single Linux command best satisfies this requirement?
cryptsetup luksErase (or the shorthand cryptsetup erase) deletes every keyslot in the LUKS header. Destroying the encryption keys renders all ciphertext on the drive permanently unreadable, yet the operation takes only seconds because it touches just the header area. shred, dd with /dev/urandom, and badblocks perform full-media overwrites that are slow, while wipefs only removes filesystem signatures and leaves both the encrypted data and its keys intact, so it does not meet cryptographic-destruction requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is 'cryptographic destruction' in the context of data sanitization?
Open an interactive chat with Bash
What is stored in the LUKS header, and why is it critical to data encryption?
Open an interactive chat with Bash
Why is overwriting the entire SSD (e.g., using dd or shred) not as efficient as `cryptsetup luksErase`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access