CDPSE: Certified Data Privacy Solutions Engineer Part 2
Question #: 41
Topic #: 1
Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?
A. Access is logged on the virtual private network (VPN).
B. Multi-factor authentication is enabled.
C. Active remote access is monitored.
D. Access is only granted to authorized users.
Selected Answer: D
———————————————————————-
Question #: 42
Topic #: 1
What type of personal information can be collected by a mobile application without consent?
A. Full name
B. Geolocation
C. Phone number
D. Accelerometer data
Selected Answer: D
———————————————————————-
Question #: 43
Topic #: 1
Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
A. The organization lacks a hardware disposal policy.
B. Emails are not consistently encrypted when sent internally.
C. Privacy training is carried out by a service provider.
D. The organization’s privacy policy has not been reviewed in over a year.
Selected Answer: A
———————————————————————-
Question #: 44
Topic #: 1
What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?
A. Distributing a privacy rights policy
B. Mailing rights documentation to customers
C. Publishing a privacy notice
D. Gaining consent when information is collected
Selected Answer: C
———————————————————————-
Question #: 45
Topic #: 1
Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?
A. Offline backup availability
B. Recovery time objective (RTO)
C. Recovery point objective (RPO)
D. Online backup frequency
Selected Answer: C
———————————————————————-
Question #: 46
Topic #: 1
A new marketing application needs to use data from the organization’s customer database. Prior to the application using the data, which of the following should be done FIRST?
A. Ensure the data loss prevention (DLP) tool is logging activity.
B. De-identify all personal data in the database.
C. Determine what data is required by the application.
D. Renew the encryption key to include the application.
Selected Answer: C
———————————————————————-
Question #: 47
Topic #: 1
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
A. Data custodian
B. Privacy data analyst
C. Data processor
D. Data owner
Selected Answer: D
———————————————————————-
Question #: 48
Topic #: 1
Which of the following MUST be available to facilitate a robust data breach management response?
A. Lessons learned from prior data breach responses
B. Best practices to obfuscate data for processing and storage
C. An inventory of previously impacted individuals
D. An inventory of affected individuals and systems
Selected Answer: D
———————————————————————-
Question #: 49
Topic #: 1
Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?
A. Limited functions and capabilities of a secured operating environment
B. Monitored network activities for unauthorized use
C. Improved data integrity and reduced effort for privacy audits
D. Unlimited functionalities and highly secured applications
Selected Answer: C
———————————————————————-
Question #: 50
Topic #: 1
Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?
A. Trusted zone
B. Clean zone
C. Raw zone
D. Temporal zone
Selected Answer: C
———————————————————————-
Question #: 51
Topic #: 1
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
A. Require security management to validate data privacy security practices.
B. Involve the privacy office in an organizational review of the incident response plan.
C. Hire a third party to perform a review of data privacy processes.
D. Conduct annual data privacy tabletop exercises.
Selected Answer: D
———————————————————————-
Question #: 52
Topic #: 1
Which of the following poses the GREATEST privacy risk for client-side application processing?
A. Failure of a firewall protecting the company network
B. An employee loading personal information on a company laptop
C. A remote employee placing communication software on a company server
D. A distributed denial of service attack (DDoS) on the company network
Selected Answer: B
———————————————————————-
Question #: 53
Topic #: 1
Which of the following is MOST important when developing an organizational data privacy program?
A. Obtaining approval from process owners
B. Profiling current data use
C. Following an established privacy framework
D. Performing an inventory of all data
Selected Answer: B
———————————————————————-
Question #: 54
Topic #: 1
Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?
A. Access is logged on the virtual private network (VPN).
B. Multi-factor authentication is enabled.
C. Active remote access is monitored.
D. Access is only granted to authorized users.
Selected Answer: D
———————————————————————-
Question #: 55
Topic #: 1
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?
A. Evaluate the impact resulting from this change.
B. Revisit the current remote working policies.
C. Implement a virtual private network (VPN) tool.
D. Enforce multi-factor authentication for remote access.
Selected Answer: A
———————————————————————-
Question #: 56
Topic #: 1
Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
A. The organization lacks a hardware disposal policy.
B. Emails are not consistently encrypted when sent internally.
C. Privacy training is carried out by a service provider.
D. The organization’s privacy policy has not been reviewed in over a year.
Selected Answer: A
———————————————————————-
Question #: 57
Topic #: 1
When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
A. The key must be kept separate and distinct from the data it protects.
B. The data must be protected by multi-factor authentication.
C. The key must be a combination of alpha and numeric characters.
D. The data must be stored in locations protected by data loss prevention (DLP) technology.
Selected Answer: A
———————————————————————-
Question #: 58
Topic #: 1
Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?
A. Offline backup availability
B. Recovery time objective (RTO)
C. Recovery point objective (RPO)
D. Online backup frequency
Selected Answer: C
———————————————————————-
Question #: 59
Topic #: 1
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?
A. Privacy rights advocate
B. Outside privacy counsel
C. Data protection authorities
D. The organization’s chief privacy officer (CPO)
Selected Answer: D
———————————————————————-
Question #: 60
Topic #: 1
Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
A. Understanding the data flows within the organization
B. Implementing strong access controls on a need-to-know basis
C. Anonymizing privacy data during collection and recording
D. Encrypting the data throughout its life cycle
Selected Answer: A
———————————————————————-
Question #: 61
Topic #: 1
Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?
A. Online behavioral tracking
B. Radio frequency identification (RFID)
C. Website cookies
D. Beacon-based tracking
Selected Answer: A
———————————————————————-
Question #: 62
Topic #: 1
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
A. Data custodian
B. Privacy data analyst
C. Data processor
D. Data owner
Selected Answer: D
———————————————————————-
Question #: 63
Topic #: 1
Which of the following is a PRIMARY consideration to protect against privacy violations when utilizing artificial intelligence (AI) driven business decisions?
A. De-identifying the data to be analyzed
B. Verifying the data subjects have consented to the processing
C. Defining the intended objectives
D. Ensuring proper data sets are used to train the models
Selected Answer: B
———————————————————————-
Question #: 64
Topic #: 1
Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?
A. Limited functions and capabilities of a secured operating environment
B. Monitored network activities for unauthorized use
C. Improved data integrity and reduced effort for privacy audits
D. Unlimited functionalities and highly secured applications
Selected Answer: C
———————————————————————-
Question #: 65
Topic #: 1
To ensure effective management of an organization’s data privacy policy, senior leadership MUST define:
A. training and testing requirements for employees handling personal data.
B. roles and responsibilities of the person with oversight.
C. metrics and outcomes recommended by external agencies.
D. the scope and responsibilities of the data owner.
Selected Answer: B
———————————————————————-
Question #: 66
Topic #: 1
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
A. Require security management to validate data privacy security practices.
B. Involve the privacy office in an organizational review of the incident response plan.
C. Hire a third party to perform a review of data privacy processes.
D. Conduct annual data privacy tabletop exercises.
Selected Answer: D
———————————————————————-
Question #: 67
Topic #: 1
Which of the following BEST ensures data confidentiality across databases?
A. Logical data model
B. Data normalization
C. Data catalog vocabulary
D. Data anonymization
Selected Answer: D
———————————————————————-
Question #: 68
Topic #: 1
Which of the following is MOST important when developing an organizational data privacy program?
A. Obtaining approval from process owners
B. Profiling current data use
C. Following an established privacy framework
D. Performing an inventory of all data
Selected Answer: B
———————————————————————-
Question #: 69
Topic #: 1
Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?
A. Private key exposure
B. Poor patch management
C. Lack of password complexity
D. Out-of-date antivirus signatures
Selected Answer: A
———————————————————————-
Question #: 70
Topic #: 1
Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?
A. Changes to current information architecture
B. Updates to data life cycle policy
C. Business impact due to the changes
D. Modifications to data quality standards
Selected Answer: C
———————————————————————-
Question #: 71
Topic #: 1
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?
A. Evaluate the impact resulting from this change.
B. Revisit the current remote working policies.
C. Implement a virtual private network (VPN) tool.
D. Enforce multi-factor authentication for remote access.
Selected Answer: A
———————————————————————-
Question #: 72
Topic #: 1
Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?
A. User acceptance testing (UAT)
B. Patch management
C. Software hardening
D. Web application firewall (WAF)
Selected Answer: C
———————————————————————-
Question #: 73
Topic #: 1
When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
A. The key must be kept separate and distinct from the data it protects.
B. The data must be protected by multi-factor authentication.
C. The key must be a combination of alpha and numeric characters.
D. The data must be stored in locations protected by data loss prevention (DLP) technology.
Selected Answer: A
———————————————————————-
Question #: 74
Topic #: 1
Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?
A. It eliminates cryptographic key collision.
B. It minimizes the risk if the cryptographic key is compromised.
C. It is more practical and efficient to use a single cryptographic key.
D. Each process can only be supported by its own unique key management process.
Selected Answer: B
———————————————————————-
Question #: 75
Topic #: 1
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?
A. Privacy rights advocate
B. Outside privacy counsel
C. Data protection authorities
D. The organization’s chief privacy officer (CPO)
Selected Answer: D
———————————————————————-
Question #: 76
Topic #: 1
During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?
A. Functional testing
B. Development
C. Production
D. User acceptance testing (UAT)
Selected Answer: B
———————————————————————-
Question #: 77
Topic #: 1
Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
A. Understanding the data flows within the organization
B. Implementing strong access controls on a need-to-know basis
C. Anonymizing privacy data during collection and recording
D. Encrypting the data throughout its life cycle
Selected Answer: A
———————————————————————-
Question #: 78
Topic #: 1
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?
A. To assess privacy risks
B. To evaluate effectiveness of data controls
C. To determine data integration gaps
D. To comply with regulations
Selected Answer: A
———————————————————————-
Question #: 79
Topic #: 1
Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?
A. Online behavioral tracking
B. Radio frequency identification (RFID)
C. Website cookies
D. Beacon-based tracking
Selected Answer: A
———————————————————————-
Question #: 80
Topic #: 1
Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?
A. Whole disk encryption
B. Asymmetric encryption
C. Digital signature
D. Symmetric encryption
Selected Answer: B
