CISSP Practice question #107

Which of these should not be part of a data retention policy?
A: Which data do we keep?
B: How long do we keep the data?
C: Where do we keep the backup data?
D: How to safely destroy the data after the retention has expired?

CBK 2: Asset Security
Source: ThorTeaches.com practice tests

Answer


D: A data destruction policy would address how we deal with data no longer needed, the retention policy would only deal with what, how long, where and similar topics.

show less

IT security trainer.
Sharing my knowledge, to help you reach your IT certification goals.
CISSP, C|EH, PMP, CCNP, CompTIA Security+, SCP, CCNA-Security, CCNA, et. Al.

You may also like

43 Comments

  1. Answer: D.How to safely destroy the data after the retention has expired?

    ==================================================
    Data Retention
    ==================================================
    Posted by: Margaret Rouse
    WhatIs.com

    Contributor(s): Sarah Wilson
    ==================================================
    Data retention, also called records retention, is the continued storage of an organization’s data for compliance or business reasons.

    An organization may retain data for several different reasons. One reason is to comply with state and federal regulations. Another is to provide the organization with the ability to recover business critical data in the event of a site-wide data loss, such as a fire or flood. Minimum records retention requirements regulations vary by state and by data type, but typically they range from three years to permanent.
    ==================================================

  2. Answer: D.How to safely destroy the data after the retention has expired?

    ==================================================
    Data Retention
    ==================================================
    Posted by: Margaret Rouse
    WhatIs.com

    Contributor(s): Sarah Wilson
    ==================================================
    Data retention, also called records retention, is the continued storage of an organization’s data for compliance or business reasons.

    An organization may retain data for several different reasons. One reason is to comply with state and federal regulations. Another is to provide the organization with the ability to recover business critical data in the event of a site-wide data loss, such as a fire or flood. Minimum records retention requirements regulations vary by state and by data type, but typically they range from three years to permanent.
    ==================================================

  3. I am going to go with D.

    A is important as we want to identify the value of the data, and then determine if we should keep or not keep the data.

    B is the very definition of data retention.

    C is important as it can be backup tapes, electronic journaling, digital drives, a warehouse etc. etc.

    How to safely destroy seems too specific for a data retention policy. Or at least it seems like the least important. Hopefully I get this correct!

    1. A,B,D are the basic principles of data retention. C puts up the question of where and not how. Backup tapes, electronic journaling, digital drives are answers to how we store the data. Warehouse would be where part of the question. So, my answer would be D. Please correct if I am wrong.

Leave a Reply