Certified Cloud Security Professional (CCSP) Practice Exam

What is a data structure or collection of information that must be retained by an organization for legal, regulatory or business reasons?

• A. Authentication
• B. Non-Repudiation
• C. Record
• D. Tokenization

The correct answer is: Record

A record refers to a structured collection of information that organizations are required to maintain for various legal, regulatory, or business purposes. These records can take many forms, including documents, electronic files, emails, and databases. Retaining such information is crucial for complying with laws and regulations, demonstrating accountability, or preserving evidence in case of legal disputes. The concept of a record encompasses all types of documentation that support operational continuity and fulfill obligations under relevant frameworks, such as data retention policies, legal requirements, or industry standards. Organizations often establish specific retention schedules to ensure that records are kept for the necessary duration and disposed of appropriately when no longer needed. This process is critically important to mitigate risks associated with non-compliance or data loss. In contrast, the other terms do not align with the definition of a record. Authentication pertains to verifying the identity of users or systems; non-repudiation relates to ensuring that a party cannot deny the authenticity of their signature or the sending of a message; and tokenization involves replacing sensitive data with non-sensitive tokens to protect sensitive information during processing and storage. Thus, the definition aligns with the concept of a record, making it the correct answer.