CDPSE: Certified Data Privacy Solutions Engineer → CDPSE: Certified Data Privacy Solutions Engineer Part 1

CDPSE: Certified Data Privacy Solutions Engineer Part 1

Question #: 1
Topic #: 1
What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?

A. Cross-border data transfer
B. Support staff availability and skill set
C. User notification
D. Global public interest

Selected Answer: A
———————————————————————-

Question #: 2
Topic #: 1
What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?

A. Cross-border data transfer
B. Support staff availability and skill set
C. User notification
D. Global public interest

Selected Answer: A
———————————————————————-

Question #: 3
Topic #: 1
Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?

A. The applicable privacy legislation
B. The quantity of information within the scope of the assessment
C. The systems in which privacy-related data is stored
D. The organizational security risk profile

Selected Answer: A
———————————————————————-

Question #: 4
Topic #: 1
Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?

Selected Answer: A
———————————————————————-

Question #: 5
Topic #: 1
Which of the following BEST represents privacy threat modeling methodology?

A. Mitigating inherent risks and threats associated with privacy control weaknesses
B. Systematically eliciting and mitigating privacy threats in a software architecture
C. Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities
D. Replicating privacy scenarios that reflect representative software usage

Selected Answer: B
———————————————————————-

Question #: 6
Topic #: 1
Which of the following BEST represents privacy threat modeling methodology?

Selected Answer: B
———————————————————————-

Question #: 7
Topic #: 1
An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to periods of retention for personal data?

A. Data archiving
B. Data storage
C. Data acquisition
D. Data input

Selected Answer: C
———————————————————————-

Question #: 8
Topic #: 1
An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to periods of retention for personal data?

A. Data archiving
B. Data storage
C. Data acquisition
D. Data input

Selected Answer: C
———————————————————————-

Question #: 9
Topic #: 1
Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?

A. Review the privacy policy.
B. Obtain independent assurance of current practices.
C. Re-assess the information security requirements.
D. Validate contract compliance.

Selected Answer: B
———————————————————————-

Question #: 10
Topic #: 1
Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?

A. Review the privacy policy.
B. Obtain independent assurance of current practices.
C. Re-assess the information security requirements.
D. Validate contract compliance.

Selected Answer: B
———————————————————————-

Question #: 11
Topic #: 1
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

A. Segregation of duties
B. Unique user credentials
C. Two-person rule
D. Need-to-know basis

Selected Answer: D
———————————————————————-

Question #: 12
Topic #: 1
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

A. Segregation of duties
B. Unique user credentials
C. Two-person rule
D. Need-to-know basis

Selected Answer: D
———————————————————————-

Question #: 13
Topic #: 1
Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

A. Detailed documentation of data privacy processes
B. Strategic goals of the organization
C. Contract requirements for independent oversight
D. Business objectives of senior leaders

Selected Answer: C
———————————————————————-

Question #: 14
Topic #: 1
Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

A. Detailed documentation of data privacy processes
B. Strategic goals of the organization
C. Contract requirements for independent oversight
D. Business objectives of senior leaders

Selected Answer: A
———————————————————————-

Question #: 15
Topic #: 1
Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

A. Information security assessments
B. Privacy impact assessments (PIAs)
C. Data privacy standards
D. Data lake configuration

Selected Answer: D
———————————————————————-

Question #: 16
Topic #: 1
When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?

A. Data classification labeling
B. Data residing in another country
C. Volume of data stored
D. Privacy training for backup users

Selected Answer: B
———————————————————————-

Question #: 17
Topic #: 1
Which of the following should be the FIRST consideration when selecting a data sanitization method?

A. Risk tolerance
B. Implementation cost
C. Industry standards
D. Storage type

Selected Answer: A
———————————————————————-

Question #: 18
Topic #: 1
Which of the following system architectures BEST supports anonymity for data transmission?

A. Client-server
B. Plug-in-based
C. Front-end
D. Peer-to-peer

Selected Answer: D
———————————————————————-

Question #: 19
Topic #: 1
Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

A. Information security assessments
B. Privacy impact assessments (PIAs)
C. Data privacy standards
D. Data lake configuration

Selected Answer: B
———————————————————————-

Question #: 20
Topic #: 1
Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

A. Chief data officer (CDO)
B. Privacy steering committee
C. Information security steering committee
D. Chief privacy officer (CPO)

Selected Answer: D
———————————————————————-

Question #: 21
Topic #: 1
When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?

A. Data classification labeling
B. Data residing in another country
C. Volume of data stored
D. Privacy training for backup users

Selected Answer: B
———————————————————————-

Question #: 22
Topic #: 1
Which of the following is the BEST way to protect personal data in the custody of a third party?

A. Have corporate counsel monitor privacy compliance.
B. Require the third party to provide periodic documentation of its privacy management program.
C. Include requirements to comply with the organization’s privacy policies in the contract.
D. Add privacy-related controls to the vendor audit plan.

Selected Answer: A
———————————————————————-

Question #: 23
Topic #: 1
Which of the following should be the FIRST consideration when selecting a data sanitization method?

A. Risk tolerance
B. Implementation cost
C. Industry standards
D. Storage type

Selected Answer: A
———————————————————————-

Question #: 24
Topic #: 1
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

A. The system architecture is clearly defined.
B. A risk assessment has been completed.
C. Security controls are clearly defined.
D. Data protection requirements are included.

Selected Answer: D
———————————————————————-

Question #: 25
Topic #: 1
Which of the following system architectures BEST supports anonymity for data transmission?

A. Client-server
B. Plug-in-based
C. Front-end
D. Peer-to-peer

Selected Answer: D
———————————————————————-

Question #: 26
Topic #: 1
Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

A. Conduct an audit.
B. Report performance metrics.
C. Perform a control self-assessment (CSA).
D. Conduct a benchmarking analysis.

Selected Answer: A
———————————————————————-

Question #: 27
Topic #: 1
Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

A. Chief data officer (CDO)
B. Privacy steering committee
C. Information security steering committee
D. Chief privacy officer (CPO)

Selected Answer: D
———————————————————————-

Question #: 28
Topic #: 1
Which of the following is the GREATEST benefit of adopting data minimization practices?

A. Storage and encryption costs are reduced.
B. Data retention efficiency is enhanced.
C. The associated threat surface is reduced.
D. Compliance requirements are met.

Selected Answer: C
———————————————————————-

Question #: 29
Topic #: 1
Which of the following is the BEST way to protect personal data in the custody of a third party?

Selected Answer: A
———————————————————————-

Question #: 30
Topic #: 1
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

A. Data integrity and confidentiality
B. System use requirements
C. Data use limitation
D. Lawfulness and fairness

Selected Answer: D
———————————————————————-

Question #: 31
Topic #: 1
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

A. The system architecture is clearly defined.
B. A risk assessment has been completed.
C. Security controls are clearly defined.
D. Data protection requirements are included.

Selected Answer: D
———————————————————————-

Question #: 32
Topic #: 1
What type of personal information can be collected by a mobile application without consent?

A. Full name
B. Geolocation
C. Phone number
D. Accelerometer data

Selected Answer: D
———————————————————————-

Question #: 33
Topic #: 1
Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

A. Conduct an audit.
B. Report performance metrics.
C. Perform a control self-assessment (CSA).
D. Conduct a benchmarking analysis.

Selected Answer: A
———————————————————————-

Question #: 34
Topic #: 1
What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

A. Distributing a privacy rights policy
B. Mailing rights documentation to customers
C. Publishing a privacy notice
D. Gaining consent when information is collected

Selected Answer: C
———————————————————————-

Question #: 35
Topic #: 1
Which of the following is the GREATEST benefit of adopting data minimization practices?

A. Storage and encryption costs are reduced.
B. Data retention efficiency is enhanced.
C. The associated threat surface is reduced.
D. Compliance requirements are met.

Selected Answer: C
———————————————————————-

Question #: 36
Topic #: 1
A new marketing application needs to use data from the organization’s customer database. Prior to the application using the data, which of the following should be done FIRST?

A. Ensure the data loss prevention (DLP) tool is logging activity.
B. De-identify all personal data in the database.
C. Determine what data is required by the application.
D. Renew the encryption key to include the application.

Selected Answer: C
———————————————————————-

Question #: 37
Topic #: 1
Which of the following MUST be available to facilitate a robust data breach management response?

A. Lessons learned from prior data breach responses
B. Best practices to obfuscate data for processing and storage
C. An inventory of previously impacted individuals
D. An inventory of affected individuals and systems

Selected Answer: D
———————————————————————-

Question #: 38
Topic #: 1
Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?

A. Trusted zone
B. Clean zone
C. Raw zone
D. Temporal zone

Selected Answer: C
———————————————————————-

Question #: 39
Topic #: 1
Which of the following poses the GREATEST privacy risk for client-side application processing?

A. Failure of a firewall protecting the company network
B. An employee loading personal information on a company laptop
C. A remote employee placing communication software on a company server
D. A distributed denial of service attack (DDoS) on the company network

Selected Answer: B
———————————————————————-

Question #: 40
Topic #: 1
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

A. Data integrity and confidentiality
B. System use requirements
C. Data use limitation
D. Lawfulness and fairness

Selected Answer: D

Cart

Practice Exam

Install openssl-1.0.2k on Amazon Linux 2023

Protect Your System: Understanding CVE-2024-3400 Zero-Day Vulnerability

Cart