New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Free and Premium Isaca CDPSE Dumps Questions Answers

Page: 1 / 16
Total 218 questions

Certified Data Privacy Solutions Engineer Questions and Answers

Question 1

Which of the following BEST supports an organization’s efforts to create and maintain desired privacy protection practices among employees?

Options:

A.

Skills training programs

B.

Awareness campaigns

C.

Performance evaluations

D.

Code of conduct principles

Buy Now
Question 2

An organization is concerned with authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Which of the following technologies is the BEST choice to mitigate this risk?

Options:

A.

Email filtering system

B.

Intrusion monitoring

C.

Mobile device management (MDM)

D.

User behavior analytics

Question 3

Which of the following should be done FIRST when performing a data quality assessment?

Options:

A.

Identify the data owner.

B.

Define data quality rules.

C.

Establish business thresholds-

D.

Assess completeness of the data inventory.

Question 4

Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?

Options:

A.

Strong authentication controls

B.

Remote wipe

C.

Regular backups

D.

Endpoint encryption

Question 5

Which of the following BEST illustrates privacy by design in the development of a consumer mobile application?

Options:

A.

The application only stores data locally.

B.

The application shares personal information upon request.

C.

The application only stores data for 24 hours.

D.

The application requires consent before sharing locations.

Question 6

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

Options:

A.

It eliminates cryptographic key collision.

B.

It minimizes the risk if the cryptographic key is compromised.

C.

It is more practical and efficient to use a single cryptographic key.

D.

Each process can only be supported by its own unique key management process.

Question 7

Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?

Options:

A.

Understanding the data flows within the organization

B.

Implementing strong access controls on a need-to-know basis

C.

Anonymizing privacy data during collection and recording

D.

Encrypting the data throughout its life cycle

Question 8

Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?

Options:

A.

Changes to current information architecture

B.

Updates to data life cycle policy

C.

Business impact due to the changes

D.

Modifications to data quality standards

Question 9

Which of the following should be considered personal information?

Options:

A.

Biometric records

B.

Company address

C.

University affiliation

D.

Age

Question 10

Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?

Options:

A.

Online behavioral tracking

B.

Radio frequency identification (RFID)

C.

Website cookies

D.

Beacon-based tracking

Question 11

What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

Options:

A.

Distributing a privacy rights policy

B.

Mailing rights documentation to customers

C.

Publishing a privacy notice

D.

Gaining consent when information is collected

Question 12

Which of the following is the PRIMARY reason to use public key infrastructure (PRI) for protection against a man-in-the-middle attack?

Options:

A.

It uses Transport Layer Security (TLS).

B.

It provides a secure connection on an insecure network

C.

It makes public key cryptography feasible.

D.

It contains schemes for revoking keys.

Question 13

Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?

Options:

A.

Whole disk encryption

B.

Asymmetric encryption

C.

Digital signature

D.

Symmetric encryption

Question 14

Which of the following BEST enables an organization to ensure consumer credit card numbers are accurately captured?

Options:

A.

Input reference controls

B.

Access controls

C.

Input validation controls

D.

Reconciliation controls

Question 15

Which of the following is the BEST way for senior management to verify the success of its commitment to privacy by design?

Options:

A.

Review the findings of an industry benchmarking assessment

B.

Identify trends in the organization's amount of compromised personal data

C.

Review the findings of a third-party privacy control assessment

D.

Identify trends in the organization's number of privacy incidents.

Question 16

During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

Options:

A.

Segregation of duties

B.

Unique user credentials

C.

Two-person rule

D.

Need-to-know basis

Question 17

Which of the following is the BEST way to protect personal data in the custody of a third party?

Options:

A.

Have corporate counsel monitor privacy compliance.

B.

Require the third party to provide periodic documentation of its privacy management program.

C.

Include requirements to comply with the organization’s privacy policies in the contract.

D.

Add privacy-related controls to the vendor audit plan.

Question 18

Which of the following is the MOST effective remote access model for reducing the likelihood of attacks originating from connecting devices?

Options:

A.

Thick client desktop with virtual private network (VPN) connection

B.

Remote wide area network (WAN) links

C.

Thin Client remote desktop protocol (RDP)

D.

Site-to-site virtual private network (VPN)

Question 19

An organization has a policy requiring the encryption of personal data if transmitted through email. Which of the following is the BEST control to ensure the effectiveness of this policy?

Options:

A.

Provide periodic user awareness training on data encryption.

B.

Implement a data loss prevention (DLP) tool.

C.

Conduct regular control self-assessments (CSAs).

D.

Enforce annual attestation to policy compliance.

Question 20

Which of the following is MOST important to include in a data use policy?

Options:

A.

The requirements for collecting and using personal data

B.

The method used to delete or destroy personal data

C.

The reason for collecting and using personal data

D.

The length of time personal data will be retained

Question 21

Which of the following should be done NEXT after a privacy risk has been accepted?

Options:

A.

Monitor the risk landscape for material changes.

B.

Determine the risk appetite With management.

C.

Adjust the risk rating to help ensure it is remediated

D.

Reconfirm the risk during the next reporting period

Question 22

Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

Options:

A.

Degaussing the drive

B.

Factory resetting the drive

C.

Crypto-shredding the drive

D.

Reformatting the drive

Question 23

Which of the following is the MOST important consideration when determining retention periods for personal data?

Options:

A.

Sectoral best practices for the industry

B.

Notice provided to customers during data collection

C.

Data classification standards

D.

Storage capacity available for retained data

Question 24

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?

Options:

A.

Review the privacy policy.

B.

Obtain independent assurance of current practices.

C.

Re-assess the information security requirements.

D.

Validate contract compliance.

Question 25

Which of the following MOST effectively protects against the use of a network sniffer?

Options:

A.

Network segmentation

B.

Transport layer encryption

C.

An intrusion detection system (IDS)

D.

A honeypot environment

Question 26

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

Options:

A.

Subject matter expertise

B.

Type of media

C.

Regulatory compliance requirements

D.

Location of data

Question 27

When configuring information systems for the communication and transport of personal data, an organization should:

Options:

A.

adopt the default vendor specifications.

B.

review configuration settings for compliance.

C.

implement the least restrictive mode.

D.

enable essential capabilities only.

Question 28

A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?

Options:

A.

Access to personal data is not strictly controlled in development and testing environments.

B.

Complex relationships within and across systems must be retained for testing.

C.

Personal data across the various interconnected systems cannot be easily identified.

D.

Data masking tools are complex and difficult to implement.

Question 29

How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?

Options:

A.

Review self-attestations of compliance provided by vendor management.

B.

Obtain independent assessments of the vendors’ data management processes.

C.

Perform penetration tests of the vendors’ data security.

D.

Compare contract requirements against vendor deliverables.

Question 30

A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which of the following is the BEST approach?

Options:

A.

Discretionary access control (DAC)

B.

Attribute-based access control (ABAC)

C.

Provision-based access control (PBAC)

D.

Mandatory access control (MAC)

Question 31

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

Options:

A.

Access is logged on the virtual private network (VPN).

B.

Multi-factor authentication is enabled.

C.

Active remote access is monitored.

D.

Access is only granted to authorized users.

Question 32

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

Options:

A.

End users using weak passwords

B.

Organizations using weak encryption to transmit data

C.

Vulnerabilities existing in authentication pages

D.

End users forgetting their passwords

Question 33

From a privacy perspective, it is MOST important to ensure data backups are:

Options:

A.

encrypted.

B.

incremental.

C.

differential.

D.

pseudonymized

Question 34

An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content

viewed, and the time and duration of online activities. Which data protection principle is applied?

Options:

A.

System use requirements

B.

Data integrity and confidentiality

C.

Lawfulness and fairness

D.

Data use limitation

Question 35

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

Options:

A.

Conduct an audit.

B.

Report performance metrics.

C.

Perform a control self-assessment (CSA).

D.

Conduct a benchmarking analysis.

Question 36

Transport Layer Security (TLS) provides data integrity through:

Options:

A.

calculation of message digests.

B.

use of File Transfer Protocol (FTP).

C.

asymmetric encryption of data sets.

D.

exchange of digital certificates.

Question 37

Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

Options:

A.

Information security assessments

B.

Privacy impact assessments (PIAs)

C.

Data privacy standards

D.

Data lake configuration

Question 38

Which of the following is the MOST effective way to support organizational privacy awareness objectives?

Options:

A.

Funding in-depth training and awareness education for data privacy staff

B.

Implementing an annual training certification process

C.

Including mandatory awareness training as part of performance evaluations

D.

Customizing awareness training by business unit function

Question 39

Which of the following BEST enables an organization to ensure privacy-related risk responses meet organizational objectives?

Options:

A.

Integrating security and privacy control requirements into the development of risk scenarios

B.

Prioritizing privacy-related risk scenarios as part of enterprise risk management ERM) processes

C.

Using a top-down approach to develop privacy-related risk scenarios for the organization

D.

Assigning the data protection officer accountability for privacy protection controls

Question 40

Which of the following needs to be identified FIRST to define the privacy requirements to use when assessing the selection of IT systems?

  • Type of data being processed

Options:

A.

Applicable privacy legislation

B.

Applicable control frameworks

C.

Available technology platforms

Question 41

Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

Options:

A.

To identify controls to mitigate data privacy risks

B.

To classify personal data according to the data classification scheme

C.

To assess the risk associated with personal data usage

D.

To determine the service provider’s ability to maintain data protection controls

Question 42

An organization is planning a new implementation for tracking consumer web browser activity. Which of the following should be done FIRST?

Options:

A.

Seek approval from regulatory authorities.

B.

Conduct a privacy impact assessment (PIA).

C.

Obtain consent from the organization’s clients.

D.

Review and update the cookie policy.

Question 43

Which of the following is the MOST important consideration when choosing a method for data destruction?

Options:

A.

Granularity of data to be destroyed

B.

Validation and certification of data destruction

C.

Time required for the chosen method of data destruction

D.

Level and strength of current data encryption

Question 44

Which of the following is MOST important to establish within a data storage policy to protect data privacy?

Options:

A.

Data redaction

B.

Data quality assurance (QA)

C.

Irreversible disposal

D.

Collection limitation

Question 45

Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

Options:

A.

The right to object

B.

The right to withdraw consent

C.

The right to access

D.

The right to be forgotten

Question 46

Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?

Options:

A.

Require an annual internal audit of SDLC processes.

B.

Include qualified application security personnel as part of the process.

C.

Ensure comprehensive application security testing immediately prior to release.

D.

Require an annual third-party audit of new client software solutions.

Question 47

Which of the following is the MOST important privacy consideration for video surveillance in high security areas?

Options:

A.

Video surveillance recordings may only be viewed by the organization.

B.

Those affected must be informed of the video surveillance_

C.

There is no limitation for retention of this data.

D.

Video surveillance data must be stored in encrypted format.

Question 48

An organization has an initiative to implement database encryption to strengthen privacy controls. Which of the following is the MOST useful information for prioritizing database selection?

Options:

A.

Database administration audit logs

B.

Historical security incidents

C.

Penetration test results

D.

Asset classification scheme

Question 49

When a government’s health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?

Options:

A.

Co-regulatory

B.

Sectoral

C.

Comprehensive

D.

Self-regulatory

Question 50

Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?

Options:

A.

Data taxonomy

B.

Data classification

C.

Data collection

D.

Data flows

Question 51

Which of the following should be done FIRST to establish privacy to design when developing a contact-tracing application?

Options:

A.

Conduct a privacy impact assessment (PIA).

B.

Conduct a development environment review.

C.

Identify privacy controls for the application.

D.

Identify differential privacy techniques.

Question 52

Which of the following BEST ensures data confidentiality across databases?

Options:

A.

Logical data model

B.

Data normalization

C.

Data catalog vocabulary

D.

Data anonymization

Question 53

Which of the following is the MOST important action to protect a mobile banking app and its data against manipulation and disclosure?

Options:

A.

Define the mobile app privacy policy.

B.

Implement application hardening measures.

C.

Provide the app only through official app stores

D.

Conduct penetration testing

Question 54

What is the BES T way for an organization to maintain the effectiveness of its privacy breach incident response plan?

  • Require security management to validate data privacy security practices.
  • Conduct annual data privacy tabletop exercises

Options:

A.

Hire a third party to perform a review of data privacy processes.

B.

Involve the privacy office in an organizational review of the incident response plan.

Question 55

Which of the following protocols BEST protects end-to-end communication of personal data?

Options:

A.

Transmission Control Protocol (TCP)

B.

Transport Layer Security Protocol (TLS)

C.

Secure File Transfer Protocol (SFTP)

D.

Hypertext Transfer Protocol (HTTP)

Question 56

In which of the following should the data record retention period be defined and established?

Options:

A.

Data record model

B.

Data recovery procedures

C.

Data quality standard

D.

Data management plan

Question 57

Which of the following describes a user’s “right to be forgotten”?

Options:

A.

The data is being used to comply with legal obligations or the public interest.

B.

The data is no longer required for the purpose originally collected.

C.

The individual objects despite legitimate grounds for processing.

D.

The individual’s legal residence status has recently changed.

Question 58

Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

Options:

A.

Evaluate the impact resulting from this change.

B.

Revisit the current remote working policies.

C.

Implement a virtual private network (VPN) tool.

D.

Enforce multi-factor authentication for remote access.

Question 59

It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?

Options:

A.

Application design

B.

Requirements definition

C.

Implementation

D.

Testing

Question 60

An organization is considering the use of remote employee monitoring software. Which of the following is the MOST important privacy consideration when implementing this solution?

Options:

A.

Data should be used to improve employee performance.

B.

Data should be retained per the organization's retention policy

C.

Data access should be restricted based on roles.

D.

Data analysis should be used to set staffing levels

Question 61

Which of the following is MOST important to capture in the audit log of an application hosting personal data?

Options:

A.

Server details of the hosting environment

B.

Last user who accessed personal data

C.

Application error events

D.

Last logins of privileged users

Question 62

When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?

Options:

A.

Encryption of customer data

B.

Removal of customer data

C.

De-identification of customer data

D.

Destruction of customer data

Question 63

Within a regulatory and legal context, which of the following is the PRIMARY purpose of a privacy notice sent to customers?

Options:

A.

To educate data subjects regarding how personal data will be safeguarded

B.

To inform customers about the procedure to legally file complaints for misuse of personal data

C.

To provide transparency to the data subject on the intended use of their personal data

D.

To establish the organization's responsibility for protecting personal data during the relationship with the data subject

Question 64

An organization must de-identify its data before it is transferred to a third party Which of the following should be done FIRST?

Options:

A.

Encrypt the data at rest and in motion

B.

Remove the identifiers during the data transfer

C.

Determine the categories of personal data collected

D.

Ensure logging is turned on for the database

Question 65

Which of the following is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access?

Options:

A.

Enable whole disk encryption on remote devices.

B.

Purchase an endpoint detection and response (EDR) tool.

C.

Implement multi-factor authentication.

D.

Deploy single sign-on with complex password requirements.

Page: 1 / 16
Total 218 questions