CompTIA Security+ (SY0-601) — Question 610

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

Answer options

• A. Security policy
• B. Classification policy
• C. Retention policy
• D. Access control policy

Correct answer: C

Explanation

The correct answer is C, Retention policy, as it specifically addresses how long records should be kept and when they should be destroyed to comply with regulations. The other options do not focus on record retention and destruction; A pertains to security measures, B relates to organizing information, and D involves managing access to records.