CDPSE: Certified Data Privacy Solutions Engineer Part 4
Question #: 121
Topic #: 1
What is the BEST method to protect customers’ personal data that is forwarded to a central system for analysis?
A. Pseudonymization
B. Deletion
C. Encryption
D. Anonymization
Selected Answer: A
———————————————————————-
Question #: 122
Topic #: 1
Which of the following BEST supports an organization’s efforts to create and maintain desired privacy protection practices among employees?
A. Skills training programs
B. Awareness campaigns
C. Performance evaluations
D. Code of conduct principles
Selected Answer: B
———————————————————————-
Question #: 123
Topic #: 1
Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?
A. Develop a data migration plan.
B. Conduct a legitimate interest analysis (LIA).
C. Perform a privacy impact assessment (PIA).
D. Obtain consent from data subjects.
Selected Answer: C
———————————————————————-
Question #: 124
Topic #: 1
Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?
A. Degaussing the drive
B. Factory resetting the drive
C. Crypto-shredding the drive
D. Reformatting the drive
Selected Answer: A
———————————————————————-
Question #: 125
Topic #: 1
Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?
A. Conducting a PIA requires significant funding and resources.
B. PIAs need to be performed many times in a year.
C. The organization lacks knowledge of PIA methodology.
D. The value proposition of a PIA is not understood by management.
Selected Answer: D
———————————————————————-
Question #: 126
Topic #: 1
Which of the following describes a user’s “right to be forgotten”?
A. The data is being used to comply with legal obligations or the public interest.
B. The data is no longer required for the purpose originally collected.
C. The individual objects despite legitimate grounds for processing.
D. The individual’s legal residence status has recently changed.
Selected Answer: B
———————————————————————-
Question #: 127
Topic #: 1
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?
A. Height, weight, and activities
B. Sleep schedule and calorie intake
C. Education and profession
D. Race, age, and gender
Selected Answer: A
———————————————————————-
Question #: 128
Topic #: 1
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?
A. Accuracy
B. Granularity
C. Consistency
D. Reliability
Selected Answer: B
———————————————————————-
Question #: 129
Topic #: 1
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?
A. Perform a privacy risk audit.
B. Conduct a privacy risk assessment.
C. Validate a privacy risk attestation.
D. Conduct a privacy risk remediation exercise.
Selected Answer: B
———————————————————————-
Question #: 130
Topic #: 1
Which of the following should be used to address data kept beyond its intended lifespan?
A. Data minimization
B. Data anonymization
C. Data security
D. Data normalization
Selected Answer: A
———————————————————————-
Question #: 131
Topic #: 1
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
A. Application design
B. Requirements definition
C. Implementation
D. Testing
Selected Answer: B
———————————————————————-
Question #: 132
Topic #: 1
Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?
A. Compartmentalizing resource access
B. Regular testing of system backups
C. Monitoring and reviewing remote access logs
D. Regular physical and remote testing of the incident response plan
Selected Answer: A
———————————————————————-
Question #: 133
Topic #: 1
Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?
A. To identify controls to mitigate data privacy risks
B. To classify personal data according to the data classification scheme
C. To assess the risk associated with personal data usage
D. To determine the service provider’s ability to maintain data protection controls
Selected Answer: C
———————————————————————-
Question #: 134
Topic #: 1
A multinational corporation is planning a big data initiative to help with critical business decisions. Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?
A. De-identify all data.
B. Develop a data dictionary.
C. Encrypt all sensitive data.
D. Perform data discovery.
Selected Answer: B
———————————————————————-
Question #: 135
Topic #: 1
Which of the following protocols BEST protects end-to-end communication of personal data?
A. Transmission Control Protocol (TCP)
B. Transport Layer Security Protocol (TLS)
C. Secure File Transfer Protocol (SFTP)
D. Hypertext Transfer Protocol (HTTP)
Selected Answer: B
———————————————————————-
Question #: 136
Topic #: 1
An organization’s data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?
A. Low-level formatting
B. Remote partitioning
C. Degaussing
D. Hammer strike
Selected Answer: C
———————————————————————-
Question #: 137
Topic #: 1
An organization is planning a new implementation for tracking consumer web browser activity. Which of the following should be done FIRST?
A. Seek approval from regulatory authorities.
B. Conduct a privacy impact assessment (PIA).
C. Obtain consent from the organization’s clients.
D. Review and update the cookie policy.
Selected Answer: B
———————————————————————-
Question #: 138
Topic #: 1
Which of the following processes BEST enables an organization to maintain the quality of personal data?
A. Implementing routine automatic validation
B. Maintaining hashes to detect changes in data
C. Encrypting personal data at rest
D. Updating the data quality standard through periodic review
Selected Answer: A
———————————————————————-
Question #: 139
Topic #: 1
Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?
A. Encrypting APIs with the organization’s private key
B. Requiring nondisclosure agreements (NDAs) when sharing APIs
C. Restricting access to authorized users
D. Sharing only digitally signed APIs
Selected Answer: C
———————————————————————-
Question #: 140
Topic #: 1
Which of the following is the MOST important consideration when determining retention periods for personal data?
A. Sectoral best practices for the industry
B. Notice provided to customers during data collection
C. Data classification standards
D. Storage capacity available for retained data
Selected Answer: B
———————————————————————-
Question #: 141
Topic #: 1
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
A. The right to object
B. The right to withdraw consent
C. The right to access
D. The right to be forgotten
Selected Answer: D
———————————————————————-
Question #: 142
Topic #: 1
What is the BEST method to protect customers’ personal data that is forwarded to a central system for analysis?
A. Pseudonymization
B. Deletion
C. Encryption
D. Anonymization
Selected Answer: A
———————————————————————-
Question #: 143
Topic #: 1
A global organization is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries. Which of the following is the MOST important data protection consideration for this project?
A. Industry best practice related to information security standards in each relevant jurisdiction
B. Identity and access management mechanisms to restrict access based on need to know
C. Encryption algorithms for securing customer personal data at rest and in transit
D. National data privacy legislative and regulatory requirements in each relevant jurisdiction
Selected Answer: D
———————————————————————-
Question #: 144
Topic #: 1
Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?
A. Develop a data migration plan.
B. Conduct a legitimate interest analysis (LIA).
C. Perform a privacy impact assessment (PIA).
D. Obtain consent from data subjects.
Selected Answer: C
———————————————————————-
Question #: 145
Topic #: 1
Which of the following MOST effectively protects against the use of a network sniffer?
A. Network segmentation
B. Transport layer encryption
C. An intrusion detection system (IDS)
D. A honeypot environment
Selected Answer: B
———————————————————————-
Question #: 146
Topic #: 1
Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?
A. Conducting a PIA requires significant funding and resources.
B. PIAs need to be performed many times in a year.
C. The organization lacks knowledge of PIA methodology.
D. The value proposition of a PIA is not understood by management.
Selected Answer: D
———————————————————————-
Question #: 147
Topic #: 1
Which of the following is the BEST way to hide sensitive personal data that is in use in a data lake?
A. Data masking
B. Data truncation
C. Data encryption
D. Data minimization
Selected Answer: D
———————————————————————-
Question #: 148
Topic #: 1
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?
A. Access to personal data is not strictly controlled in development and testing environments.
B. Complex relationships within and across systems must be retained for testing.
C. Personal data across the various interconnected systems cannot be easily identified.
D. Data masking tools are complex and difficult to implement.
Selected Answer: B
———————————————————————-
Question #: 149
Topic #: 1
Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?
A. Web application firewall (WAF)
B. Website URL blacklisting
C. Domain name system (DNS) sinkhole
D. Desktop antivirus software
Selected Answer: C
———————————————————————-
Question #: 150
Topic #: 1
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?
A. To comply with consumer regulatory requirements
B. To establish privacy breach response procedures
C. To classify personal data
D. To understand privacy risks
Selected Answer: D
———————————————————————-
Question #: 151
Topic #: 1
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?
A. Height, weight, and activities
B. Sleep schedule and calorie intake
C. Education and profession
D. Race, age, and gender
Selected Answer: A
———————————————————————-
Question #: 152
Topic #: 1
How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?
A. Review self-attestations of compliance provided by vendor management.
B. Obtain independent assessments of the vendors’ data management processes.
C. Perform penetration tests of the vendors’ data security.
D. Compare contract requirements against vendor deliverables.
Selected Answer: B
———————————————————————-
Question #: 153
Topic #: 1
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?
A. Perform a privacy risk audit.
B. Conduct a privacy risk assessment.
C. Validate a privacy risk attestation.
D. Conduct a privacy risk remediation exercise.
Selected Answer: B
———————————————————————-
Question #: 154
Topic #: 1
Before executive leadership approves a new data privacy policy, it is MOST important to ensure:
A. a training program is developed.
B. a privacy committee is established.
C. a distribution methodology is identified.
D. a legal review is conducted.
Selected Answer: D
———————————————————————-
Question #: 155
Topic #: 1
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
A. Application design
B. Requirements definition
C. Implementation
D. Testing
Selected Answer: B
———————————————————————-
Question #: 156
Topic #: 1
Which of the following is an IT privacy practitioner’s BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?
A. Tokenization
B. Aggregation
C. Anonymization
D. Encryption
Selected Answer: C
———————————————————————-
Question #: 157
Topic #: 1
Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?
A. To identify controls to mitigate data privacy risks
B. To classify personal data according to the data classification scheme
C. To assess the risk associated with personal data usage
D. To determine the service provider’s ability to maintain data protection controls
Selected Answer: C
———————————————————————-
Question #: 158
Topic #: 1
Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?
A. Approving privacy impact assessments (PIAs)
B. Validating the privacy framework
C. Managing privacy notices provided to customers
D. Establishing employee privacy rights and consent
Selected Answer: B
———————————————————————-
Question #: 159
Topic #: 1
Which of the following protocols BEST protects end-to-end communication of personal data?
A. Transmission Control Protocol (TCP)
B. Transport Layer Security Protocol (TLS)
C. Secure File Transfer Protocol (SFTP)
D. Hypertext Transfer Protocol (HTTP)
Selected Answer: B
———————————————————————-
Question #: 160
Topic #: 1
An online retail company is trying to determine how to handle users’ data if they unsubscribe from marketing emails generated from the website. Which of the following is the BEST approach for handling personal data that has been restricted?
A. Encrypt users’ information so it is inaccessible to the marketing department.
B. Reference the privacy policy to see if the data is truly restricted.
C. Remove users’ information and accounts from the system.
D. Flag users’ email addresses to make sure they do not receive promotional information.
Selected Answer: D
