An organization wants to retain regulatory records for the legally-required minimum and dispose of everything beyond that. Which policy governs this?
A CISSP practice question covering Domain 2: Asset Security. Try answering before reading the explanation below.
Show options & answer
Why "Data retention policy" is the right answer
Data retention policies define how long classes of data are kept and how they are disposed of. Over-retention increases breach exposure and discovery cost; under-retention may violate regulation. Schedule and disposition are core elements.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.