What is the purpose of data classification?

  1. Back up critical data
  2. Encrypt all data
  3. Delete unnecessary data
  4. Categorize data by sensitivity level to apply appropriate protection controls ✓

Correct answer: Categorize data by sensitivity level to apply appropriate protection controls

Option D is correct because data classification is the process of categorizing data according to its sensitivity, value, and criticality (for example, public, internal, confidential, restricted) so that organizations can apply appropriate security controls, access policies, and handling procedures proportional to the risk associated with each category. Option A, backing up critical data, is a data protection practice that depends on knowing which data is critical, but backup itself is not the purpose of classification. Option B, encrypting all data, is a blanket security control that does not require classification and does not represent the goal of the classification process. Option C, deleting unnecessary data, relates to data retention and minimization policies, which may be informed by classification but is not its primary purpose.

Topic: Security Program Management and Oversight · data classification, information security, security controls, comptia security+

Practice CompTIA Security+ (SY0-701) Questions Free