CompTIA Updated SY0-701 Exam Questions and Answers by luna-rose

A data retention policy is a set of rules that defines how long data should be stored and when it should be deleted or archived. An administrator assists the legal and compliance team with ensuring information about customer transactions is archived for the proper time period by following the data retention policy of the organization. This policy helps the organization to comply with legal and regulatory requirements, optimize storage space, and protect data privacy and security.

References

CompTIA Security+ Study Guide: Exam SY0-701, 9th Edition, Chapter 3, Section 3.4, page 1211

CompTIA Security+ Practice Tests: Exam SY0-701, 3rd Edition, Chapter 3, Question 15, page 832

This scenario describes a partially-known environment penetration test. In CompTIA Security+ SY0-701, penetration testing approaches are commonly categorized as black box (unknown), white box (fully known), and gray box (partially known). A partially-known environment means the tester is given limited information—enough to be realistic and efficient, but not complete details about the infrastructure.

Here, the vendor is assisting an internal red team and is intentionally not provided with extensive infrastructure details, which mirrors a gray-box testing approach. This method balances realism and efficiency by simulating an attacker who has some knowledge (such as credentials, architecture diagrams, or application details) but not full access or documentation.

Passive reconnaissance (A) is an activity within testing, not a testing methodology. Integrated testing (C) refers to coordinated testing involving multiple teams (e.g., red and blue teams) with full cooperation. Defensive testing (D) focuses on validating defensive controls rather than simulating an attacker’s perspective.

Therefore, the correct answer is B: Partially-known environment.