CDPSE: Certified Data Privacy Solutions Engineer Part 5
Question #: 161
Topic #: 1
An organization is planning a new implementation for tracking consumer web browser activity. Which of the following should be done FIRST?
A. Seek approval from regulatory authorities.
B. Conduct a privacy impact assessment (PIA).
C. Obtain consent from the organization’s clients.
D. Review and update the cookie policy.
Selected Answer: B
———————————————————————-
Question #: 162
Topic #: 1
Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?
A. Obtain executive support.
B. Develop a data privacy policy.
C. Gather privacy requirements from legal counsel.
D. Create a comprehensive data inventory.
Selected Answer: A
———————————————————————-
Question #: 163
Topic #: 1
Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?
A. Encrypting APIs with the organization’s private key
B. Requiring nondisclosure agreements (NDAs) when sharing APIs
C. Restricting access to authorized users
D. Sharing only digitally signed APIs
Selected Answer: C
———————————————————————-
Question #: 164
Topic #: 1
Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?
A. Strong authentication controls
B. Remote wipe
C. Regular backups
D. Endpoint encryption
Selected Answer: D
———————————————————————-
Question #: 165
Topic #: 1
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
A. The right to object
B. The right to withdraw consent
C. The right to access
D. The right to be forgotten
Selected Answer: D
———————————————————————-
Question #: 166
Topic #: 1
Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?
A. Privacy policy
B. Network security standard
C. Multi-factor authentication
D. Virtual private network (VPN)
Selected Answer: A
———————————————————————-
Question #: 167
Topic #: 1
A global organization is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries. Which of the following is the MOST important data protection consideration for this project?
A. Industry best practice related to information security standards in each relevant jurisdiction
B. Identity and access management mechanisms to restrict access based on need to know
C. Encryption algorithms for securing customer personal data at rest and in transit
D. National data privacy legislative and regulatory requirements in each relevant jurisdiction
Selected Answer: D
———————————————————————-
Question #: 168
Topic #: 1
Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?
A. The organization’s potential legal liabilities related to the data
B. The data recovery capabilities of the storage provider
C. The data security policies and practices of the storage provider
D. Any vulnerabilities identified in the cloud system
Selected Answer: A
———————————————————————-
Question #: 169
Topic #: 1
As part of a major data discovery initiative to identify personal data across the organization, the project team has identified the proliferation of personal data held as unstructured data as a major risk. What should be done FIRST to address this situation?
A. Identify sensitive unstructured data at the point of creation.
B. Classify sensitive unstructured data.
C. Identify who has access to sensitive unstructured data.
D. Assign an owner to sensitive unstructured data.
Selected Answer: C
———————————————————————-
Question #: 170
Topic #: 1
Which of the following MOST effectively protects against the use of a network sniffer?
A. Network segmentation
B. Transport layer encryption
C. An intrusion detection system (IDS)
D. A honeypot environment
Selected Answer: B
———————————————————————-
Question #: 171
Topic #: 1
Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?
A. Processing flow controls
B. Time-based controls
C. Purpose limitation controls
D. Integrity controls
Selected Answer: D
———————————————————————-
Question #: 172
Topic #: 1
Which of the following is the BEST approach to minimize privacy risk when collecting personal data?
A. Use a third party to collect, store, and process the data.
B. Collect data through a secure organizational web server.
C. Collect only the data necessary to meet objectives.
D. Aggregate the data immediately upon collection.
Selected Answer: C
———————————————————————-
Question #: 173
Topic #: 1
Which of the following should be done FIRST to establish privacy by design when developing a contact-tracing application?
A. Conduct a privacy impact assessment (PIA).
B. Conduct a development environment review.
C. Identify privacy controls for the application.
D. Identify differential privacy techniques.
Selected Answer: A
———————————————————————-
Question #: 174
Topic #: 1
A software development organization with remote personnel has implemented a third-party virtualized workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?
A. The third-party workspace is hosted in a highly regulated jurisdiction.
B. Personal data could potentially be exfiltrated through the virtual workspace.
C. The organization’s products are classified as intellectual property.
D. There is a lack of privacy awareness and training among remote personnel.
Selected Answer: B
———————————————————————-
Question #: 175
Topic #: 1
Which of the following is the BEST way to hide sensitive personal data that is in use in a data lake?
A. Data masking
B. Data truncation
C. Data encryption
D. Data minimization
Selected Answer: C
———————————————————————-
Question #: 176
Topic #: 1
Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?
A. The user’s ability to select, filter, and transform data before it is shared
B. Umbrella consent for multiple applications by the same developer
C. User consent to share personal data
D. Unlimited retention of personal data by third parties
Selected Answer: C
———————————————————————-
Question #: 177
Topic #: 1
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?
A. Access to personal data is not strictly controlled in development and testing environments.
B. Complex relationships within and across systems must be retained for testing.
C. Personal data across the various interconnected systems cannot be easily identified.
D. Data masking tools are complex and difficult to implement.
Selected Answer: B
———————————————————————-
Question #: 178
Topic #: 1
A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?
A. Review data flow post migration.
B. Ensure appropriate data classification.
C. Engage an external auditor to review the source data.
D. Check the documentation version history for anomalies.
Selected Answer: B
———————————————————————-
Question #: 179
Topic #: 1
Which of the following is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access?
A. Enable whole disk encryption on remote devices.
B. Purchase an endpoint detection and response (EDR) tool.
C. Implement multi-factor authentication.
D. Deploy single sign-on with complex password requirements.
Selected Answer: C
———————————————————————-
Question #: 180
Topic #: 1
Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?
A. Web application firewall (WAF)
B. Website URL blacklisting
C. Domain name system (DNS) sinkhole
D. Desktop antivirus software
Selected Answer: C
———————————————————————-
Question #: 181
Topic #: 1
Which of the following is the PRIMARY objective of privacy incident response?
A. To ensure data subjects impacted by privacy incidents are notified.
B. To reduce privacy risk to the lowest possible level
C. To mitigate the impact of privacy incidents
D. To optimize the costs associated with privacy incidents
Selected Answer: C
———————————————————————-
Question #: 182
Topic #: 1
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?
A. To comply with consumer regulatory requirements
B. To establish privacy breach response procedures
C. To classify personal data
D. To understand privacy risks
Selected Answer: D
———————————————————————-
Question #: 183
Topic #: 1
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?
A. Detecting malicious access through endpoints
B. Implementing network traffic filtering on endpoint devices
C. Managing remote access and control
D. Hardening the operating systems of endpoint devices
Selected Answer: D
———————————————————————-
Question #: 184
Topic #: 1
How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?
A. Review self-attestations of compliance provided by vendor management.
B. Obtain independent assessments of the vendors’ data management processes.
C. Perform penetration tests of the vendors’ data security.
D. Compare contract requirements against vendor deliverables.
Selected Answer: B
———————————————————————-
Question #: 185
Topic #: 1
An organization has a policy requiring the encryption of personal data if transmitted through email. Which of the following is the BEST control to ensure the effectiveness of this policy?
A. Provide periodic user awareness training on data encryption.
B. Implement a data loss prevention (DLP) tool.
C. Conduct regular control self-assessments (CSAs).
D. Enforce annual attestation to policy compliance.
Selected Answer: B
———————————————————————-
Question #: 186
Topic #: 1
Before executive leadership approves a new data privacy policy, it is MOST important to ensure:
A. a training program is developed.
B. a privacy committee is established.
C. a distribution methodology is identified.
D. a legal review is conducted.
Selected Answer: D
———————————————————————-
Question #: 187
Topic #: 1
Which of the following is MOST important to include when defining an organization’s privacy requirements as part of a privacy program plan?
A. Data classification process
B. Privacy management governance
C. Privacy protection infrastructure
D. Lessons learned documentation
Selected Answer: B
———————————————————————-
Question #: 188
Topic #: 1
Which of the following is an IT privacy practitioner’s BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?
A. Tokenization
B. Aggregation
C. Anonymization
D. Encryption
Selected Answer: C
———————————————————————-
Question #: 189
Topic #: 1
Which of the following is the BEST way to explain the difference between data privacy and data security?
A. Data privacy protects users from unauthorized disclosure, while data security prevents compromise.
B. Data privacy protects the data subjects, while data security is about protecting critical assets.
C. Data privacy is about data segmentation, while data security prevents unauthorized access.
D. Data privacy stems from regulatory requirements, while data security focuses on consumer rights.
Selected Answer: A
———————————————————————-
Question #: 190
Topic #: 1
Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?
A. Approving privacy impact assessments (PIAs)
B. Validating the privacy framework
C. Managing privacy notices provided to customers
D. Establishing employee privacy rights and consent
Selected Answer: B
———————————————————————-
Question #: 191
Topic #: 1
Which of the following should trigger a review of an organization’s privacy policy?
A. Backup procedures for customer data are changed.
B. Data loss prevention (DLP) incidents increase.
C. An emerging technology will be implemented.
D. The privacy steering committee adopts a new charter.
Selected Answer: D
———————————————————————-
Question #: 192
Topic #: 1
An online retail company is trying to determine how to handle users’ data if they unsubscribe from marketing emails generated from the website. Which of the following is the BEST approach for handling personal data that has been restricted?
A. Encrypt users’ information so it is inaccessible to the marketing department.
B. Reference the privacy policy to see if the data is truly restricted.
C. Remove users’ information and accounts from the system.
D. Flag users’ email addresses to make sure they do not receive promotional information.
Selected Answer: B
———————————————————————-
Question #: 193
Topic #: 1
Which of the following BEST ensures an organization’s data retention requirements will be met in the public cloud environment?
A. Service level agreements (SLAs)
B. Cloud vendor agreements
C. Data classification schemes
D. Automated data deletion schedules
Selected Answer: D
———————————————————————-
Question #: 194
Topic #: 1
Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?
A. Obtain executive support.
B. Develop a data privacy policy.
C. Gather privacy requirements from legal counsel.
D. Create a comprehensive data inventory.
Selected Answer: A
———————————————————————-
Question #: 195
Topic #: 1
A web-based payment service is adding a requirement for biometric authentication. Which risk factor is BEST mitigated by this practice?
A. User validation failures when reconnecting after lost sessions
B. Zero-day attacks and exploits
C. Identity spoofing by unauthorized users
D. Legal liability from the misuse of accounts
Selected Answer: C
———————————————————————-
Question #: 196
Topic #: 1
Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?
A. Strong authentication controls
B. Remote wipe
C. Regular backups
D. Endpoint encryption
Selected Answer: D
———————————————————————-
Question #: 197
Topic #: 1
Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?
A. Data taxonomy
B. Data classification
C. Data flows
D. Data collection
Selected Answer: C
———————————————————————-
Question #: 198
Topic #: 1
Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?
A. Privacy policy
B. Network security standard
C. Multi-factor authentication
D. Virtual private network (VPN)
Selected Answer: A
———————————————————————-
Question #: 199
Topic #: 1
Which of the following is the MOST critical action for an organization prior to tracking user activity in its applications?
A. Providing notification to users of the organization’s privacy policies
B. Establishing a data classification scheme
C. Identifying and validating users’ countries of residence
D. Requesting users to read and accept the organization’s privacy notice
Selected Answer: D
———————————————————————-
Question #: 200
Topic #: 1
Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?
A. The organization’s potential legal liabilities related to the data
B. The data recovery capabilities of the storage provider
C. The data security policies and practices of the storage provider
D. Any vulnerabilities identified in the cloud system
Selected Answer: A
