CompTIA Security+ (SY0-701) — Question 296

Which of the following is the best reason an organization should enforce a data classification policy to help protect its most sensitive information?

Answer options

• A. End users will be required to consider the classification of data that can be used in documents.
• B. The policy will result in the creation of access levels for each level of classification.
• C. The organization will have the ability to create security requirements based on classification levels.
• D. Security analysts will be able to see the classification of data within a document before opening it.

Correct answer: C

Explanation

The correct answer, C, highlights that a data classification policy allows an organization to define specific security requirements tailored to different classification levels, enhancing data protection. Options A and B focus on user actions and access levels, which are not the primary purpose of the policy, while D discusses visibility for security analysts, which is a benefit but not the main reason for enforcing the policy.