CompTIA CASP+ (CAS-003) — Question 31

An agency has implemented a data retention policy that requires tagging data according to type before storing it in the data repository. The policy requires all business emails be automatically deleted after two years. During an open records investigation, information was found on an employee's work computer concerning a conversation that occurred three years prior and proved damaging to the agency's reputation. Which of the following MOST likely caused the data leak?

Answer options

• A. The employee manually changed the email client retention settings to prevent deletion of emails
• B. The file that contained the damaging information was mistagged and retained on the server for longer than it should have been
• C. The email was encrypted and an exception was put in place via the data classification application
• D. The employee saved a file on the computer's hard drive that contained archives of emails, which were more than two years old

Correct answer: D

Explanation

The correct answer is D because the employee saved a file on their hard drive that contained emails older than the two-year retention policy. This action bypassed the automated deletion process outlined in the policy. Options A, B, and C do not apply as they either involve changes to settings that didn't occur, mislabeling of data that wasn't mentioned, or an exception that doesn't relate to the retention policy breach.