CompTIA 220-1202 Practice Test

Explanation
The key to this question is the specific product name: BitLocker To Go. It is crucial to distinguish it from the standard BitLocker feature for fixed drives.

1. The Function of BitLocker To Go:
BitLocker To Go is a feature of certain versions of Microsoft Windows that provides encryption for removable storage devices, such as USB flash drives, external hard drives, and SD cards.

How it Works:
When a user enables BitLocker To Go on a removable drive, the entire contents of the drive are encrypted. To access the data, a user must provide a password or a smart card when connecting the drive to a computer.

Primary Purpose:
The sole reason for using BitLocker To Go is to protect data on portable media in the event that the device is lost, stolen, or left unattended. Without the password, the data remains encrypted and inaccessible, maintaining confidentiality.

2. In-Depth Analysis of the Other Options

B. To enable Secure Boot and a BIOS-level password to prevent configuration changes (INCORRECT):
Secure Boot and BIOS/UEFI passwords are firmware-level security features. They are configured in the computer's motherboard settings and have absolutely nothing to do with the BitLocker software or removable media encryption.

C. To enforce VPN connectivity to be encrypted by hardware modules (INCORRECT):
A VPN (Virtual Private Network) encrypts network traffic in transit between a device and a network gateway. This is a completely separate technology and function from BitLocker, which encrypts data at rest on a storage device. BitLocker does not manage or affect VPN connections.

D. To configure all laptops to use the TPM as an encryption factor for hard drives (INCORRECT):
This describes the function of the standard BitLocker for fixed drives (like a laptop's internal hard drive). A TPM (Trusted Platform Module) is a hardware chip on a computer's motherboard that works with BitLocker to secure the OS drive. BitLocker To Go is specifically for removable media and does not use or require a TPM; it relies on a user-supplied password or smart card.

Reference to CompTIA A+ Objectives:
This question falls under the Security domain of the CompTIA A+ 220-1202 exam, specifically:

Objective 2.4: Summarize authentication and access control concepts.
This includes understanding the purpose and use of encryption technologies like BitLocker and BitLocker To Go to protect data.

Objective 2.8: Given a scenario, implement data protection policies.
Training users to encrypt removable media is a direct implementation of a data protection policy designed to safeguard corporate information.

Conclusion:
The security administrator is training staff on BitLocker To Go to address the significant risk of data breaches resulting from lost or stolen portable storage. By ensuring all staff use this tool, the organization can confidently allow the use of removable media while maintaining the confidentiality of the data stored on it, fulfilling a critical data protection requirement.

Explanation
The question asks for a Linux command used for administrative purposes. This specifically refers to commands that allow a user to perform actions with elevated privileges, often as the root user.

1. The Function of the su Command:
The su command, which stands for "substitute user" or "switch user," is a fundamental Linux command for administrative tasks.

How it Works:
By default, typing su and pressing Enter prompts for the root user's password. If entered correctly, it launches a new shell session with root-level privileges. It can also be used to switch to any other user account by specifying the username (e.g., su - username).

Administrative Purpose:
This is the classic method in Linux for gaining administrative (root) access to perform tasks such as installing software, changing system configurations, modifying user permissions, and accessing protected files.

2. In-Depth Analysis of the Other Options

A. runas (INCORRECT):
runas is a Windows command, not a Linux command. It serves a similar purpose to su in that it allows a user to run a specific program under a different user's credentials (e.g., runas /user:Administrator cmd.exe). Since the question specifies Linux, this is incorrect.

B. cmcl (INCORRECT):
cmcl is not a standard, recognized command in either Linux or Windows. It appears to be a distractor with no valid function.

C. net user (INCORRECT):
net user is a Windows command-line utility used to manage user accounts. For example, net user john /add would create a new user named "john." This is a core administrative command in Windows, but it is not used in Linux.

Reference to CompTIA A+ Objectives:
This question aligns with the Operating Systems domain of the CompTIA A+ 220-1102 exam, specifically:

Objective 1.8: Identify common features and tools of the Linux client/desktop OS.
This objective requires knowledge of basic Linux commands, and su is a fundamental command for privilege escalation and system administration.

Conclusion:
While sudo (which runs a single command with root privileges) is also a very common administrative command, the su command is the traditional and correct answer for switching to a root shell session for extended administrative work in a Linux environment. The other options are either Windows-specific commands or non-existent.

Explanation
This scenario points to a software or configuration issue rather than a hardware defect. The most critical clue is that the "smartphone was replaced two weeks ago," and the problem persists with the new device.

1. Analyzing the Symptom and its Cause:
Rapid battery drain, especially in a specific situation like traveling, is typically caused by applications and services working excessively hard. On a new device, this is almost never a faulty battery.

Common Causes While Traveling:

Poor Cellular Signal:
When a phone has a weak signal, it constantly boosts its radio power to search for and maintain a connection to a cell tower. This is one of the biggest drains on a battery.

Background Apps:
Navigation apps (e.g., Google Maps, Waze), streaming services (e.g., Spotify, podcasts), and social media apps can continue to run in the background, using GPS, data, and CPU.

Location Services:
Apps constantly using GPS for location tracking consume significant power.

Mobile Hotspot/Tethering:
The user might be using their phone as a Wi-Fi hotspot for other devices, which is very power-intensive.

Since the hardware is new, the first step must be to diagnose what is causing the high power demand.

2. Why Checking Application Utilization is the First Step
All modern mobile operating systems (iOS and Android) have built-in battery usage monitors.

How it Works:
In the settings (e.g., "Battery" on iOS or "Battery & device care" on Android), there is a breakdown showing which apps and services have consumed the most battery over the last 24 hours or 10 days.

Why it's First:
This provides immediate, data-driven evidence of the root cause. The technician can see if a specific app is responsible, or if "Mobile Network" or "Phone Idle" is unusually high, indicating a poor signal issue. This diagnostic step must come before any hardware replacement or accessory recommendation.

3. In-Depth Analysis of the Other Options

A. Replace the battery with a higher capacity option (INCORRECT):
The phone is brand new, so the battery is not degraded. Furthermore, many modern smartphones have sealed, non-user-replaceable batteries. This "solution" is impractical, expensive, and does not address the underlying software or radio issue causing the drain.

B. Provide an external battery to extend the usage time (INCORRECT):
This is a workaround, not a solution. It addresses the symptom (low battery) but completely ignores the cause (why the battery is depleting so quickly). A technician's goal is to diagnose and resolve the root problem.

C. Ensure that the charging port is working as expected (INCORRECT):
The problem is rapid battery discharge while using the phone, not an inability to charge the phone. The charging port's functionality is irrelevant to how quickly the battery drains during use.

Reference to CompTIA A+ Objectives:
This scenario falls under the Mobile Devices domain of the CompTIA A+ 220-1102 exam, specifically:

Objective 1.5: Given a scenario, troubleshoot common mobile OS and application issues.
This includes troubleshooting common problems like "swollen battery," "broken screen," and "high resource utilization." The objective requires a technician to know how to use device tools to check battery usage by app.

Conclusion:
The persistence of the problem across a device replacement is the definitive clue that this is not a hardware fault. The most logical and effective first step for a technician is to use the phone's built-in diagnostics to look for applications and services that are reporting the highest utilization. This will identify the specific software or environmental factor (like poor signal) that is causing the excessive battery drain.

Explanation
The key terms in this question are "legacy tablet" and "latest version of an app." A "legacy" device is an older model that is no longer being actively sold or supported by the manufacturer.

1. The Core Issue:
OS and App Compatibility

Application developers, especially for popular apps, frequently update their software to use new features, security protocols, and programming interfaces (APIs) available in the latest mobile operating systems (like iOS or Android).

How it Works:
When a developer releases a new version of an app, they set a "minimum OS version" requirement. This is the oldest version of the operating system that the app will run on.

The Legacy Problem:
A legacy tablet cannot update its operating system to the latest version. The hardware is too old to support it, or the manufacturer has officially ended support. Therefore, the tablet is stuck on an old, outdated OS.

The Result:
When the user tries to install the "latest version of an app," the app store (Google Play or Apple App Store) checks the tablet's OS version against the app's minimum requirement. If the tablet's OS is too old, the store will block the installation or upgrade, stating the device is not compatible.

This is the most direct and common reason for this exact scenario.

2. In-Depth Analysis of the Other Options

B. Space is inadequate (INCORRECT):
While inadequate storage space is a common reason for being unable to install any app, the question specifies the user cannot use the "latest version." If storage were the issue, the error message would typically be about "not enough storage" or "cannot download," not a compatibility error. Furthermore, the user might still be able to use an older, compatible version of the app if space were the only constraint.

C. MDM is blocking updates (INCORRECT):
A Mobile Device Management (MDM) system is used by organizations to control company-owned devices. It could be configured to block app updates. However, the question describes a "legacy tablet," which strongly implies a personal or very old device. MDM is a possible but less likely reason compared to the universal problem of an end-of-life OS on legacy hardware.

D. The tablet is infected with malware (INCORRECT):
Malware can cause erratic behavior, but it is not the typical cause for being systematically blocked from updating to the latest version of a specific app. The app store's compatibility check is a function of the store itself, not something malware would typically interfere with in this precise way. An OS-level compatibility block is a far more likely and common cause.

Reference to CompTIA A+ Objectives:
This scenario falls under the Mobile Devices and Operational Procedures domains of the CompTIA A+ 220-1102 exam, specifically:

Objective 1.5: Given a scenario, troubleshoot common mobile OS and application issues.
This includes understanding application compatibility issues and the implications of using outdated operating systems.

Objective 4.4: Explain the processes for addressing prohibited content/activity, and privacy, licensing, and policy concepts.
This includes understanding End-of-Life (EOL) policies for both hardware and software, which is the core issue here.

Conclusion:
The most logical and frequent reason a user cannot run the latest version of an app on a legacy tablet is that the device's operating system is too old and is no longer supported by the app developer. The tablet has reached its end-of-life, meaning it cannot receive further OS updates to meet the minimum requirements of modern applications. This is a fundamental limitation of aging mobile technology.

Explanation
The core task described is handling and reusing physical RAM modules. The primary risk when dealing with any static-sensitive electronic component, including RAM, is Electrostatic Discharge (ESD). ESD can instantly and irreparably damage the delicate circuits on a memory stick, even if the shock is too small for a person to feel.

1. The Critical Importance of ESD Protection

The technician's process involves:
Removing RAM from retired workstations.

Storing the RAM temporarily.

Transporting the RAM to other workstations.

Installing the RAM into the new workstations.

Throughout this entire process, the RAM modules are vulnerable to ESD. The single most important practice to prevent damage is proper handling and storage using ESD-safe materials.

Antistatic Bags:
These are specially designed bags with a conductive layer that shields the components inside from external static charges. Placing the removed RAM modules in antistatic bags for storage and transport is a standard, mandatory procedure in any professional IT environment. It is the most likely and essential action the technician will take.

2. In-Depth Analysis of the Other Options

A. Demagnetize memory for security. (INCORRECT):
RAM is a volatile, solid-state memory. It does not store data magnetically like an old hard drive or floppy disk. The data in RAM is cleared the moment it loses power. "Demagnetizing" is not a procedure for RAM and would serve no purpose for security or functionality. For security, data remanence is not a concern with standard volatile RAM after power loss.

C. Plug in the power supply to ground each workstation. (INCORRECT):
While it is a best practice for the workstation itself to be plugged into a grounded outlet (which helps provide a path to ground for the power supply and case), this is not a specific action for handling the RAM modules. You should not have the power supply plugged in while working inside the computer. The correct ESD practice is for the technician to wear an antistatic wrist strap connected to the computer's grounded chassis (with the computer powered off but plugged in), not to "ground each workstation" as a step for the RAM itself.

D. Install memory in identical pairs. (INCORRECT):
This refers to a performance feature called dual-channel (or triple/quad-channel) mode. While installing memory in identical pairs can improve performance, it is not a requirement for the memory to work. The technician's primary goal, as stated, is to upgrade workstations that need "more memory." The RAM will function perfectly fine even if installed in non-identical or single-module configurations. This is a performance optimization, not a fundamental step for the task of reusing RAM.

Reference to CompTIA A+ Objectives:
This scenario falls under the Hardware and Operational Procedures domains of the CompTIA A+ 220-1101/1102 exams, specifically:

Objective 3.5: Given a scenario, install and configure motherboards, CPUs, and add-on cards.
This includes the proper handling of components, with a heavy emphasis on ESD precautions such as using antistatic mats and bags.

Objective 4.5: Given a scenario, implement procedures for environmental impacts and controls.
ESD is a primary environmental factor that technicians must control to prevent hardware damage.

Conclusion:
The most likely and critical action for a technician reusing RAM modules is to protect them from Electrostatic Discharge during the entire process of removal, storage, and transport. The standard and universally adopted method for this is to place the components in antistatic bags. The other options are either technically inaccurate, related to performance rather than core functionality, or describe an unsafe practice.

Explanation
The key to solving this performance issue lies in correctly interpreting the resource usage data provided by the Windows Task Manager. The numbers tell a clear story about where the bottleneck is.

1. Analyzing the Performance Data

Let's break down the metrics:

CPU: 70%:
This is high, indicating the processor is under significant load, but it is not maxed out.

Memory: 97%:
This is the critical number. It indicates that the computer's RAM is almost completely full. When physical RAM is exhausted, Windows is forced to use the hard drive (SSD or HDD) as "virtual memory." Accessing data on a drive is thousands of times slower than accessing data in RAM. This process, known as "paging" or "swapping," causes severe system-wide slowdowns, which manifest exactly as described: applications are slow to respond, and everything feels sluggish.

Disk: 2%:
This low usage is a direct consequence of the high memory usage. The system is so bogged down by the memory bottleneck that it can't even queue up significant disk operations. The slowness is not caused by the disk itself being busy, but by the system waiting for memory management tasks.

Network:
12% and GPU: 15%: These are within normal ranges and are not contributing significantly to the problem.

2. Why Closing Unnecessary Programs is the Correct Solution:
The high memory usage is being caused by the programs and processes currently running. Each open application, browser tab, and background process consumes a portion of the available RAM.

Direct Impact:
By closing programs that are not needed, you immediately free up the RAM they were using. For example, closing a web browser with many tabs, a large Excel spreadsheet, or an unused photo editor can free up gigabytes of memory.

Immediate Effect:
This action has an instant and dramatic effect on performance. As the Memory usage drops from 97% to a healthier level (e.g., 70-80%), the system stops relying heavily on the slow paging file, and application responsiveness returns to normal.

3. In-Depth Analysis of the Other Options

A. Clear browser cached data (INCORRECT):
While clearing the browser cache can free up a small amount of disk space and potentially resolve website loading issues, it has a minimal impact on RAM usage. The cache is stored on the disk, not in active memory. This action does not address the primary bottleneck of 97% memory utilization.

B. Upgrade the network connection (INCORRECT):
The network utilization is only at 12%, which is not a bottleneck. The slowness described is system-wide (applications are slow), not just related to downloading web pages. Upgrading the network would have no effect on the memory-bound slowdown.

D. Delete temporary files (INCORRECT):
Similar to clearing the browser cache, this action frees up disk space. While good general maintenance, it does not free up the active RAM that is causing the current performance crisis. The Disk usage is already at 2%, proving that free disk space is not the issue. The problem is a lack of free memory.
Reference to CompTIA A+ Objectives:
This scenario falls under the Software Troubleshooting domain of the CompTIA A+ 220-1202 exam, specifically:

Objective 3.3: Given a scenario, use best practice procedures for malware removal. While this is not a malware scenario, the objective emphasizes using tools like Task Manager to identify resource-hogging processes.

Objective 3.6: Given a scenario, troubleshoot common OS and application issues. This includes troubleshooting performance problems and using system utilities to diagnose issues related to high resource utilization, particularly CPU and memory.

Conclusion:
A technician must be able to diagnose the root cause of a performance issue by reading system metrics. In this case, the Memory usage at 97% is the definitive bottleneck causing the system-wide slowdown. The most immediate, effective, and non-invasive solution is to close unnecessary programs to free up the over-utilized RAM.

Explanation
The key phrase in the email is "will no longer be issued security updates and patches." This is the definitive characteristic of a software product reaching its End-of-Life (EOL) or End-of-Support (EOS) date.

1. Understanding End of Life (EOL):
Software vendors, including operating system developers like Microsoft, Apple, and various Linux distributors, have a product lifecycle policy.

What it Means:
"End of Life" is a pre-announced date after which the vendor will no longer provide:

Security updates or patches for newly discovered vulnerabilities.

Technical support.

Bug fixes or feature updates.

Why it Happens:
Vendors focus their resources on supporting newer versions of their software. Continuing to support old, outdated code indefinitely is not sustainable.

Direct Match:
The message received by the administrator is a standard notification sent out to inform customers that their OS is approaching or has reached this EOL milestone.

2. In-Depth Analysis of the Other Options

A. Support from the computer’s manufacturer is expiring (INCORRECT):
While a computer manufacturer (like Dell, HP, or Lenovo) may also end hardware support, their expiration does not directly control the OS vendor's policy on security updates. The manufacturer's support typically covers drivers and hardware warranties, not the core OS security patches, which come directly from Microsoft, Apple, etc. The email is specifically about the OS and its security updates.

C. The built-in security software is being removed from the next OS version (INCORRECT):
This is not a standard practice. Vendors may replace or rename security features (e.g., Windows Defender evolving over time), but they do not send emails stating that security updates for a current OS are stopping because a feature is being removed from a future version. The email is about the cessation of all updates for the OS the administrator is currently using.

D. A new version of the OS will be released soon (INCORRECT):
The release of a new OS version is often correlated with the EOL of an older one, but it is not the direct reason for the email. A new release does not automatically mean an old one stops getting patches immediately. Vendors publish EOL schedules years in advance. The email is a direct notification of the consequence (no more security patches), not an announcement of a new product. The reason for the message is the EOL status itself.

Reference to CompTIA A+ Objectives:
This scenario falls under the Operational Procedures and Security domains of the CompTIA A+ 220-1202 exam, specifically:

Objective 4.4: Explain the processes for addressing prohibited content/activity, and privacy, licensing, and policy concepts.
This includes understanding End-of-Life (EOL) policies for software. A technician must be aware that using an EOL OS poses a severe security risk, as unpatched vulnerabilities will remain open to exploitation.

Conclusion:
The cessation of security updates and patches is the hallmark of an operating system reaching its End-of-Life.

Vendors provide these notifications to give administrators time to plan and execute a migration to a supported OS version. Continuing to use an EOL OS in a production environment is a significant security violation.

Explanation
Malware removal follows a structured process. The CompTIA A+ exam objectives outline a specific best-practice methodology. After the core removal steps are complete, the focus shifts to preventing a recurrence.

Why Educating the End User is the Next Step:
The user's actions are often the reason malware was able to infect the system in the first place (e.g., clicking a phishing link, downloading a malicious attachment, visiting an unsafe website).

Purpose:
This step is crucial for preventing the same user from causing a repeat infection. The technician should explain how the infection likely occurred and provide clear guidelines on how to avoid similar threats in the future (e.g., "Don't open unexpected email attachments," "Hover over links before clicking," "Only download software from official sources").

Proactive Security:
This turns a reactive fix into a proactive security measure. It addresses the human element, which is often the weakest link in security.

3. In-Depth Analysis of the Other Options:

A. Perform a secondary antivirus scan (INCORRECT):
This is part of the Remediation phase (Step 4). A full system scan is a primary step, and a secondary scan might be done to verify removal. However, this is completed before the final steps of the process. The question asks for the step after removal is complete.

C. Reimage the computer (INCORRECT):
Reimaging is a nuclear option that is sometimes taken instead of a detailed removal process, especially for severe infections. If the technician has already gone through the steps of identifying, quarantining, and successfully removing the malware, reimaging is an unnecessary and time-consuming step. It is not the standard "next step" after a successful removal.

D. Review system logs (INCORRECT):
Reviewing logs is part of the Identification and Research phase (Step 1). The technician would have examined logs to understand the infection's scope and impact before beginning the removal process. While logs can be reviewed post-removal to confirm no lingering issues, this is not the formalized "next step" in the standardized methodology. User education is the defined concluding step.

Reference to CompTIA A+ Objectives:
This question directly maps to the Security domain of the CompTIA A+ 220-1202 exam, specifically:

Objective 2.5: Given a scenario, troubleshoot common security issues.
This objective includes following the best practice methodology for malware removal, which explicitly ends with educating the end user.

Conclusion:
According to the CompTIA A+ best practices, after the technical steps of malware removal are finished, the final and critical step is to educate the end user. This step is essential for closing the security loop and reducing the likelihood of the same user re-infecting the system, making it the correct "next step."

Explanation
The key details in the question that point to MDR are:

"Third-party vendor": The security function is outsourced to an external company.

"Protect the organization's assets": This is the core service being provided.

"Multiple tools": The vendor is using a suite of security technologies.

1. Defining MDR (Managed Detection and Response):
MDR is a service provided by a third-party security vendor that delivers a combination of technology and human expertise. An MDR provider doesn't just sell software; they actively monitor, investigate, and respond to threats on your behalf.

How it Works:
The MDR provider uses a combination of tools (which may include EDR, XDR, network monitoring, etc.) and their own security analysts (SOCs) to hunt for threats, investigate alerts, and take action to contain and eradicate threats for their clients.

Direct Match:
The description of a "third-party vendor... protect[ing] the organization's assets with multiple tools" is a perfect fit for an MDR service. The client is paying for a fully managed security outcome.

2. In-Depth Analysis of the Other Options

A. PaaS (Platform as a Service) (INCORRECT):
PaaS is a cloud computing model where a provider delivers a platform for developers to build, run, and manage applications without the complexity of maintaining the underlying infrastructure (e.g., Microsoft Azure App Services, Google App Engine). It is not a security service focused on protecting assets with multiple tools.

B. EDR (Endpoint Detection and Response) (INCORRECT):
EDR is a technology category, not a service type. It refers to software tools that are installed on endpoints (laptops, servers) to record activities and detect/respond to suspicious behavior. While an MDR service almost certainly uses EDR tools, the organization itself is not "using EDR" as a service; they are using a third-party vendor who manages the EDR and other tools for them.

D. XDR (Extended Detection and Response) (INCORRECT):
Like EDR, XDR is primarily a technology category. It is an evolution of EDR that integrates data from multiple security layers (email, network, cloud, endpoints) to provide better threat detection and response. Again, an MDR provider would likely use XDR platforms, but the service being described—a third-party vendor providing protection—is the management service (MDR) that sits on top of the technology (XDR/EDR).

Reference to CompTIA A+ Objectives:
This question aligns with the Security domain of the CompTIA A+ 220-1102 exam, specifically the growing need to understand modern security service models. Objective 2.1: Compare and contrast common security controls.

Understanding the difference between a security tool (EDR/XDR) and a managed security service (MDR) is a key part of comparing security controls and operational models.

Conclusion:
The scenario describes an organization outsourcing its security operations to a specialist company. This is the definition of a Managed Detection and Response (MDR) service. The MDR provider supplies the expertise and uses a combination of multiple security tools (which would include technologies like EDR and XDR) to actively protect the client's assets.

Explanation
The question has two key requirements:

Make the data unrecoverable.

Allow the drive to be repurposed.

The correct answer must satisfy both conditions.

1. How a Low-Level Format Meets the Criteria:
A low-level format (LLF), also known as a zero-fill or secure erase, is a process that writes zeros (or a random pattern) to every single sector on the drive.

Makes Data Unrecoverable:
By overwriting every bit of data with zeros, the original data is destroyed. While specialized, expensive hardware forensics might recover a few bits from a drive that was simply deleted, a full overwrite makes software-based recovery impossible and hardware recovery practically infeasible.

Allows Drive Repurposing:
The physical drive platters (if an HDD) or NAND chips (if an SSD) are not damaged. After the low-level format is complete, the drive is in a "like-new" state. A technician can then partition and format it with a new file system, and it can be put back into service without any issues.

2. In-Depth Analysis of the Other Options

A. Deleting the partitions (INCORRECT):
Deleting a partition only removes the pointer to the data in the partition table. The actual data remains on the drive sectors until it is overwritten by new data. The data is easily recoverable with common software tools, so it fails the "unrecoverable" requirement.

B. Implementing EFS (INCORRECT):
The Encrypting File System (EFS) is a Windows feature for encrypting individual files and folders. It is a security measure for data in use on a live system. It does not destroy data to make it unrecoverable. If you simply enabled EFS and then gave the drive away, the new owner could not access the files, but the raw data is still there. Furthermore, if the drive is repurposed, the encrypted files would still occupy space and could potentially be recovered, violating the core requirement.

D. Degaussing the device (INCORRECT):
Degaussing uses a powerful magnetic field to disrupt the magnetic domains on a traditional Hard Disk Drive (HDD). This effectively and permanently destroys all data, making it unrecoverable.

Why it's Wrong:
Degaussing is a destructive process that renders the drive unusable. It can damage the servo tracks and other low-level formatting that the drive needs to operate. A degaussed HDD cannot be repurposed; it must be recycled. This method also does not work on Solid State Drives (SSDs), which store data electronically, not magnetically. Therefore, it fails the "allow the drive to be repurposed" requirement.

Reference to CompTIA A+ Objectives:
This scenario falls under the Security and Operational Procedures domains of the CompTIA A+ 220-1102 exam, specifically:

Objective 2.8: Given a scenario, implement data destruction and disposal methods.
This objective requires technicians to know the difference between methods like formatting (which allows reuse) and physical destruction like degaussing/shredding (which does not).

Conclusion:
For a drive that needs to be sanitized of data but then put back into service, the correct method is a low-level format or its modern equivalent (like ATA Secure Erase for SSDs). This process overwrites the data, making it unrecoverable through software, while leaving the physical storage media intact and fully functional for future use.