CERTIFIED-IN-CYBERSECURITY Question #134: Real Exam Question with Answer & Explanation

The correct answer is D: Retention policies. For many organizations, retention policies entail keeping data only for a limited time. Because of the high costs of data storage capacity, organizations maintain specific logs only for a short period of time (a few hours to several days), and keep other data records for more ext

Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts

Question

During the investigation of an incident, which security policies are more likely to cause difficulties?

Options

AIncident response policies
BCommunication policies
CConfiguration standards
DRetention policies

Explanation

For many organizations, retention policies entail keeping data only for a limited time. Because of the high costs of data storage capacity, organizations maintain specific logs only for a short period of time (a few hours to several days), and keep other data records for more extended periods (months to years). Because of this, not all data regarding an incident may be available. Communication and incident response policies can provide valuable help to an incident investigation. Finally, configuration standards are not considered policies (see ISC2 Study Guide, chapter 1, module 4).

Topics

#Incident Investigation#Data Retention#Security Policies#Evidence Management

Community Discussion

No community discussion yet for this question.

Full CERTIFIED-IN-CYBERSECURITY Practice Browse All CERTIFIED-IN-CYBERSECURITY Questions