nerdexam
(ISC)2

CISSP · Question #135

Which of the following is the MAIN goal of a data retention policy?

The correct answer is D. Ensure the integrity and confidentiality of data for a predetermined amount of time.. A data retention policy primarily ensures that data maintains its integrity and confidentiality for a specified period, governing how long data is kept and how it is protected during that time.

Submitted by diego_uy· Mar 5, 2026Asset Security

Question

Which of the following is the MAIN goal of a data retention policy?

Options

  • AEnsure that data is destroyed properly.
  • BEnsure that data recovery can be done on the datA.
  • CEnsure the integrity and availability of data for a predetermined amount of time.
  • DEnsure the integrity and confidentiality of data for a predetermined amount of time.

How the community answered

(38 responses)
  • A
    5% (2)
  • B
    3% (1)
  • C
    3% (1)
  • D
    89% (34)

Why each option

A data retention policy primarily ensures that data maintains its integrity and confidentiality for a specified period, governing how long data is kept and how it is protected during that time.

AEnsure that data is destroyed properly.

Data destruction is addressed by a data disposal or data destruction policy, not the main goal of a data retention policy which focuses on keeping data secure for a defined period.

BEnsure that data recovery can be done on the datA.

Data recovery is the focus of backup and disaster recovery policies, not the primary goal of a data retention policy.

CEnsure the integrity and availability of data for a predetermined amount of time.

While integrity is relevant, availability is not the primary concern of a data retention policy - confidentiality is more critical because retained data must be protected from unauthorized disclosure during the retention period.

DEnsure the integrity and confidentiality of data for a predetermined amount of time.Correct

A data retention policy defines how long data must be stored and ensures it remains unaltered (integrity) and protected from unauthorized access (confidentiality) throughout that retention period. The policy governs the lifecycle of data, specifying timeframes and security controls that must be maintained. Confidentiality is a key concern because retained data often contains sensitive information that must be protected for legal, regulatory, or business reasons.

Concept tested: Data retention policy goals and objectives

Source: https://www.comptia.org/certifications/security

Topics

#data retention policy#data integrity#data confidentiality#compliance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice