CompTIA Security+ (SY0-701) — Question 594

A company needs to keep the fewest records possible, meet compliance needs, and ensure destruction of records that are no longer needed. Which of the following best describes the policy that meets these requirements?

Answer options

• A. Security policy
• B. Classification policy
• C. Retention policy
• D. Access control policy

Correct answer: C

Explanation

The correct answer is C, Retention policy, as it specifically addresses how long records should be kept and when they should be destroyed. The other options do not focus on record management in the same way; a Security policy pertains to safeguarding information, a Classification policy deals with categorizing data, and an Access control policy governs permissions for accessing data.