CompTIA Security+ (SY0-701) — Question 144

After a company was compromised, customers initiated a lawsuit. The company's attorneys have requested that the security team initiate a legal hold in response to the lawsuit. Which of the following describes the action the security team will most likely be required to take?

Answer options

• A. Retain the emails between the security team and affected customers for 30 days.
• B. Retain any communications related to the security breach until further notice.
• C. Retain any communications between security members during the breach response.
• D. Retain all emails from the company to affected customers for an indefinite period of time.

Correct answer: B

Explanation

The correct answer is B because a legal hold requires the preservation of all relevant communications related to the security breach until the matter is resolved. Options A, C, and D are too limited in scope, as they do not encompass all communications related to the breach, which is critical for legal proceedings.