Changed CDPSE Exam Questions

Biometric records are personal information that can be used to identify an individual based on their physical or behavioral characteristics, such as fingerprints, facial recognition, iris scans, voice patterns, etc. Biometric records are considered sensitive personal information that require special protection and consent from the data subject. Biometric records can be used for various purposes, such as authentication, identification, security, etc., but they also pose privacy risks, such as unauthorized access, use, disclosure, or transfer of biometric data. References: : CDPSE Review Manual (Digital Version), page 25

Online behavioral tracking is a tracking technology associated with unsolicited targeted advertisements that presents the greatest privacy risk. Online behavioral tracking is a technique that collects and analyzes personal data about users’ online activities, preferences, interests, and behaviors across different websites or platforms. Online behavioral tracking is used to create user profiles and deliver personalized or targeted advertisements that match users’ needs or wants. Online behavioral tracking poses a privacy risk because it can invade users’ privacy by collecting sensitive or intimate personal data without their knowledge or consent, such as health conditions, political views, sexual orientation, etc. Online behavioral tracking can also expose users to unwanted or inappropriate advertisements that may influence their decisions or actions. References: : CDPSE Review Manual (Digital Version), page 139

The primary means by which an organization communicates customer rights as it relates to the use of their personal information is publishing a privacy notice. A privacy notice is a document that informs the customers about how their personal information is collected, used, shared, stored, and protected by the organization, as well as what rights they have regarding their personal information, such as access, rectification, erasure, portability, objection, etc. A privacy notice should be clear, concise, transparent, and easily accessible to the customers, and should comply with the applicable privacy regulations and standards. A privacy notice helps to establish trust and transparency between the organization and the customers, and enables the customers to exercise their rights and choices over their personal information. References: : CDPSE Review Manual (Digital Version), page 39

Public key infrastructure (PKI) is a system that enables the use of public key cryptography, which is a method of encrypting and authenticating data using a pair of keys: a public key and a private key. Public key cryptography can protect against man-in-the-middle (MITM) attacks, which are attacks where an attacker intercepts and modifies the communication between two parties. PKI makes public key cryptography feasible by providing a way to generate, distribute, verify, and revoke public keys. PKI also uses digital certificates, which are documents that bind a public key to an identity, and certificate authorities, which are trusted entities that issue and validate certificates. By using PKI, the parties can ensure that they are communicating with the intended recipient and that the data has not been tampered with by an attacker.

References:

• What is Public Key Infrastructure (PKI)? - Fortinet
• How is man-in-the-middle attack prevented in TLS? [duplicate]
• A brief look at Man-in-the-Middle Attacks and the Role of Public Key Infrastructure (PKI)