CompTIA CASP+ (CAS-003) — Question 122
A business is growing and starting to branch out into other locations. In anticipation of opening an office in a different country, the Chief Information Security
Officer (CISO) and legal team agree they need to meet the following criteria regarding data to open the new office:
✑ Store taxation-related documents for five years
✑ Store customer addresses in an encrypted format
✑ Destroy customer information after one year
✑ Keep data only in the customer's home country
Which of the following should the CISO implement to BEST meet these requirements? (Choose three.)
Answer options
- A. Capacity planning policy
- B. Data retention policy
- C. Data classification standard
- D. Legal compliance policy
- E. Data sovereignty policy
- F. Backup policy
- G. Acceptable use policy
- H. Encryption standard
Correct answer: B, E, H
Explanation
The correct answers are B, E, and H. The Data retention policy (B) ensures documents are stored for the required duration, the Data sovereignty policy (E) guarantees that data is kept within the customer's home country, and the Encryption standard (H) secures customer addresses as required. The other options do not directly address the specific legal and security requirements outlined in the scenario.