CompTIA SecurityX (CAS-005) — Question 124

An organization is developing an in-house software platform to support capital planning and reporting functions. In addition to role-based access controls and auditing/logging capabilities, the product manager must include requirements associated with archiving data and immutable backups. Which of the following organizational considerations are most likely associated with this requirement? (Choose two.)

Answer options

• A. Crypto-export management controls
• B. Supply chain weaknesses
• C. Device attestation
• D. Quality assurance
• E. Legal hold compliance
• F. Ransomware resilience

Correct answer: E, F

Explanation

Legal hold compliance (E) ensures that data is preserved for legal purposes and cannot be altered, which aligns with the need for immutable backups. Ransomware resilience (F) involves strategies to protect against data loss and maintain accessibility, making it vital for a system with archiving needs. The other options do not directly address the requirements for data archiving and immutability.