CompTIA Security+ (SY0-601) — Question 46

A company is under investigation for possible fraud. As part of the investigation, the authorities need to review all emails and ensure data is not deleted. Which of the following should the company implement to assist in the investigation?

Answer options

• A. Legal hold
• B. Chain of custody
• C. Data loss prevention
• D. Content filter

Correct answer: A

Explanation

Implementing a Legal hold ensures that all relevant data, including emails, is preserved and not deleted during legal proceedings. The Chain of custody refers to the process of maintaining and documenting the handling of evidence, which does not directly prevent data deletion. Data loss prevention is focused on preventing unauthorized data exfiltration, and a Content filter is used to manage email content and spam, but neither addresses the need for data preservation in an investigation.