Effective CISSP Questions

Organizations should keep data only as long as it is required. To reduce the volume of data stored and ensure that only relevant data is preserved, which of the following is the least consideration?
A. Data location
B. Data types
C. Strength of cryptographic algorithms
D. Retention period

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Strength of cryptographic algorithms.

This question is about primary concerns for data retention policy: retention period, data volume, data relevancy.

Data retention is typically subject to laws and regulations. For example, GDPR requires the personal data of an EU individual to be subject to certain safeguards, and their data rights and freedoms must be protected. Chapter 5 of GDPR is about transfers of personal data to third countries or international organizations. So, data location matters.

Data types are about relevance and affect the retention period.

The strength of cryptographic algorithms does not determine the retention period, affect data volume or influence data relevancy.


2 thoughts on “CISSP PRACTICE QUESTIONS – 20200211

Leave a Reply