CompTIA CySA+ (CS0-002) — Question 365

An employee was found to have performed fraudulent activities. The employee was dismissed, and the employee's laptop was sent to the IT service desk to undergo a data sanitization procedure. However, the security analyst responsible for the investigation wants to avoid data sanitization. Which of the following can the security analyst use to justify the request?

Answer options

• A. GDPR
• B. Data correlation procedure
• C. Evidence retention
• D. Data retention

Correct answer: C

Explanation

The correct answer is C, Evidence retention, because it is crucial to retain evidence for ongoing investigations or potential legal actions. The other options, while related to data management and privacy regulations, do not specifically justify the need to preserve evidence in this context.