CGEIT Question #355: Real Exam Question with Answer & Explanation

The correct answer is B: Information retention policies. Due to new personal data protection regulations requiring limited data retention in production, it is most important to review information retention policies.

Submitted by wei.xz· Apr 18, 2026Governance of Enterprise IT

Question

Due to the recent introduction of personal data protection regulations, an enterprise is required to maintain its employee data in production systems only for a limited time. Which of the following is MOST important to review?

Options

AAsset retention policies
BInformation retention policies
CData archival policies
DData backup and restoration policies

Explanation

Due to new personal data protection regulations requiring limited data retention in production, it is most important to review information retention policies.

Common mistakes.

A. Asset retention policies typically refer to physical or IT assets, not specifically the data contained within them or regulatory requirements for data lifespan.
C. Data archival policies deal with moving inactive data to long-term storage, not necessarily the maximum allowable retention period in production systems as dictated by regulation.
D. Data backup and restoration policies focus on recovery in case of loss, not on the legal or regulatory mandates for how long data can be maintained in active systems.

Concept tested. Data retention policy compliance

Reference. https://learn.microsoft.com/en-us/microsoft-365/compliance/retention-policies-information?view=o365-worldwide

Topics

#Data Protection#Regulatory Compliance#Information Retention#IT Policy

Community Discussion

No community discussion yet for this question.

Full CGEIT Practice Browse All CGEIT Questions