Exam SY0-701 topic 1 question 597 discussion

In this scenario, the banks require that data is disposed of in a specific manner that aligns with regulatory data retention and destruction requirements. ✅ Certification in Data Destruction: Provides proof that data has been destroyed according to regulatory standards. Ensures the storage provider follows industry-accepted secure disposal practices. Helps the bank demonstrate compliance to regulators (e.g., via audit trails or destruction certificates). Can include: Certificates of Destruction (CoD) Compliance with standards like NIST SP 800-88 (media sanitization) . Encryption Protects data while stored or transmitted. ❌ Doesn’t guarantee how data is destroyed. B. Classification Labels data by sensitivity (e.g., public, confidential). ❌ Important for identifying what to destroy, but not how it's destroyed. D. Procurement Process of acquiring goods/services. ❌ Not related to data destruction or compliance validation.

The correct answer is: C. Certification Banks in regulated industries must prove that data was destroyed according to legal and compliance standards. Certification refers to receiving a formal attestation or documented proof that the data was disposed of securely and in compliance with the required regulations. This is essential for: Audits Regulatory compliance Legal protection

When a bank uses a third-party service to store and dispose of sensitive data, they need to ensure that the chosen provider has the proper security measures in place to handle and destroy the data according to regulations. This includes selecting a vendor with the necessary certifications, infrastructure, and procedures for secure data destruction.