New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: cramtick70

CDPSE Certified Data Privacy Solutions Engineer Questions and Answers

Questions 4

An online retail company is trying to determine how to handle users’ data if they unsubscribe from marketing emails generated from the website. Which of the following is the BEST approach for handling personal data that has been restricted?

Options:

A.

Encrypt users’ information so it is inaccessible to the marketing department.

B.

Reference the privacy policy to see if the data is truly restricted.

C.

Remove users’ information and account from the system.

D.

Flag users’ email addresses to make sure they do not receive promotional information.

Buy Now
Questions 5

Which of the following is the BEST indication of an effective records management program for personal data?

Options:

A.

Archived data is used for future analytics.

B.

The legal department has approved the retention policy.

C.

All sensitive data has been tagged.

D.

A retention schedule is in place.

Buy Now
Questions 6

A health organization experienced a breach of a database containing pseudonymized personal data. Which of the following should be of MOST concern to the IT privacy practitioner?

Options:

A.

The data may be re-identified.

B.

The data was proprietary.

C.

The data was classified as confidential.

D.

The data is subject to regulatory fines.

Buy Now
Questions 7

When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?

Options:

A.

Encryption of customer data

B.

Removal of customer data

C.

De-identification of customer data

D.

Destruction of customer data

Buy Now
Questions 8

Which of the following is the PRIMARY objective of privacy incident response?

Options:

A.

To ensure data subjects impacted by privacy incidents are notified.

B.

To reduce privacy risk to the lowest possible level

C.

To mitigate the impact of privacy incidents

D.

To optimize the costs associated with privacy incidents

Buy Now
Questions 9

Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?

Options:

A.

Offline backup availability

B.

Recovery time objective (RTO)

C.

Recovery point objective (RPO)

D.

Online backup frequency

Buy Now
Questions 10

Which of the following is the BEST way to ensure an organization's enterprise risk management (ERM) framework can protect the organization from privacy harms?

Options:

A.

Include privacy risks as a risk category.

B.

Establish a privacy incident response plan.

C.

Conduct an internal privacy audit.

D.

Complete a privacy risk assessment.

Buy Now
Questions 11

To ensure effective management of an organization’s data privacy policy, senior leadership MUST define:

Options:

A.

training and testing requirements for employees handling personal data.

B.

roles and responsibilities of the person with oversights.

C.

metrics and outcomes recommended by external agencies.

D.

the scope and responsibilities of the data owner.

Buy Now
Questions 12

Before executive leadership approves a new data privacy policy, it is MOST important to ensure:

Options:

A.

a training program is developed.

B.

a privacy committee is established.

C.

a distribution methodology is identified.

D.

a legal review is conducted.

Buy Now
Questions 13

Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?

Options:

A.

Strong authentication controls

B.

Remote wipe

C.

Regular backups

D.

Endpoint encryption

Buy Now
Questions 14

Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?

Options:

A.

Data taxonomy

B.

Data classification

C.

Data collection

D.

Data flows

Buy Now
Questions 15

Which of the following processes BEST enables an organization to maintain the quality of personal data?

Options:

A.

Implementing routine automatic validation

B.

Maintaining hashes to detect changes in data

C.

Encrypting personal data at rest

D.

Updating the data quality standard through periodic review

Buy Now
Questions 16

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

Options:

A.

Conduct an audit.

B.

Report performance metrics.

C.

Perform a control self-assessment (CSA).

D.

Conduct a benchmarking analysis.

Buy Now
Questions 17

A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which of the following is the BEST approach?

Options:

A.

Discretionary access control (DAC)

B.

Attribute-based access control (ABAC)

C.

Provision-based access control (PBAC)

D.

Mandatory access control (MAC)

Buy Now
Questions 18

What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

Options:

A.

Require security management to validate data privacy security practices.

B.

Involve the privacy office in an organizational review of the incident response plan.

C.

Hire a third party to perform a review of data privacy processes.

D.

Conduct annual data privacy tabletop exercises.

Buy Now
Questions 19

An organization has an initiative to implement database encryption to strengthen privacy controls. Which of the following is the MOST useful information for prioritizing database selection?

Options:

A.

Database administration audit logs

B.

Historical security incidents

C.

Penetration test results

D.

Asset classification scheme

Buy Now
Questions 20

Which of the following is the MOST effective way to support organizational privacy awareness objectives?

Options:

A.

Funding in-depth training and awareness education for data privacy staff

B.

Implementing an annual training certification process

C.

Including mandatory awareness training as part of performance evaluations

D.

Customizing awareness training by business unit function

Buy Now
Questions 21

What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

Options:

A.

Gaining consent when information is collected

B.

Publishing a privacy notice

C.

Mailing rights documentation to customers

D.

Distributing a privacy rights policy

Buy Now
Questions 22

Which of the following is the BEST course of action to prevent false positives from data loss prevention (DLP) tools?

Options:

A.

Conduct additional discovery scans.

B.

Suppress the alerts generating the false positives.

C.

Evaluate new data loss prevention (DLP) tools.

D.

Re-establish baselines tor configuration rules

Buy Now
Questions 23

Which of the following should be done NEXT after a privacy risk has been accepted?

Options:

A.

Monitor the risk landscape for material changes.

B.

Determine the risk appetite With management.

C.

Adjust the risk rating to help ensure it is remediated

D.

Reconfirm the risk during the next reporting period

Buy Now
Questions 24

Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

Options:

A.

It increases system resiliency.

B.

It reduces external threats to data.

C.

It reduces exposure of data.

D.

It eliminates attack motivation for data.

Buy Now
Questions 25

An organization's work-from-home policy allows employees to access corporate IT assets remotely Which of the following controls is MOST important to mitigate the

risk of potential personal data compromise?

Options:

A.

Encryption of network traffic

B.

Intrusion prevention system (IPS)

C.

Firewall rules review

D.

Intrusion detection system (IOS)

Buy Now
Questions 26

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

Options:

A.

Access is logged on the virtual private network (VPN).

B.

Multi-factor authentication is enabled.

C.

Active remote access is monitored.

D.

Access is only granted to authorized users.

Buy Now
Questions 27

Which of the following is the BEST way for an organization to gain visibility into Its exposure to privacy-related vulnerabilities?

Options:

A.

Implement a data loss prevention (DLP) solution.

B.

Review historical privacy incidents in the organization.

C.

Monitor inbound and outbound communications.

D.

Perform an analysis of known threats.

Buy Now
Questions 28

Transport Layer Security (TLS) provides data integrity through:

Options:

A.

calculation of message digests.

B.

use of File Transfer Protocol (FTP).

C.

asymmetric encryption of data sets.

D.

exchange of digital certificates.

Buy Now
Questions 29

Which of the following is the MOST important consideration when writing an organization’s privacy policy?

Options:

A.

Using a standardized business taxonomy

B.

Aligning statements to organizational practices

C.

Ensuring acknowledgment by the organization’s employees

D.

Including a development plan for personal data handling

Buy Now
Questions 30

Which of the following BEST enables an organization to ensure consumer credit card numbers are accurately captured?

Options:

A.

Input reference controls

B.

Access controls

C.

Input validation controls

D.

Reconciliation controls

Buy Now
Questions 31

Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?

Options:

A.

Processing flow controls

B.

Time-based controls

C.

Purpose limitation controls

D.

Integrity controls

Buy Now
Questions 32

Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?

Options:

A.

Perform a privacy risk audit.

B.

Conduct a privacy risk assessment.

C.

Validate a privacy risk attestation.

D.

Conduct a privacy risk remediation exercise.

Buy Now
Questions 33

Which of the following is the MOST important action to protect a mobile banking app and its data against manipulation and disclosure?

Options:

A.

Define the mobile app privacy policy.

B.

Implement application hardening measures.

C.

Provide the app only through official app stores

D.

Conduct penetration testing

Buy Now
Questions 34

Which of the following is the BEST way to ensure third-party providers that process an organization's personal data are addressed as part of the data privacy strategy?

Options:

A.

Require data dictionaries from service providers that handle the organization's personal data.

B.

Outsource personal data processing to the same third party

C.

Require independent audits of the providers' data privacy controls

D.

Require service level agreements (SLAs) to ensure data integrity while safeguarding confidentiality

Buy Now
Questions 35

An organization’s data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

Options:

A.

Low-level formatting

B.

Remote partitioning

C.

Degaussing

D.

Hammer strike

Buy Now
Questions 36

Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

Options:

A.

Maintenance of archived data

B.

Disclosure of how the data is analyzed

C.

Transparency about the data being collected

D.

Continuity with business requirements

Buy Now
Questions 37

Which of the following is the BEST way to reduce the risk of compromise when transferring personal information using email?

Options:

A.

Centrally managed encryption

B.

End user-managed encryption

C.

Private cloud storage space

D.

Password-protected .zip files

Buy Now
Questions 38

Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?

Options:

A.

Online behavioral tracking

B.

Radio frequency identification (RFID)

C.

Website cookies

D.

Beacon-based tracking

Buy Now
Questions 39

Which of the following is the MOST important privacy consideration for video surveillance in high security areas?

Options:

A.

Video surveillance recordings may only be viewed by the organization.

B.

Those affected must be informed of the video surveillance_

C.

There is no limitation for retention of this data.

D.

Video surveillance data must be stored in encrypted format.

Buy Now
Questions 40

An organization want to develop an application programming interface (API) to seamlessly exchange personal data with an application hosted by a third-party service provider. What should be the FIRST step when developing an application link?

Options:

A.

Data tagging

B.

Data normalization

C.

Data mapping

D.

Data hashing

Buy Now
Questions 41

Which of the following BEST ensures a mobile application implementation will meet an organization’s data security standards?

Options:

A.

User acceptance testing (UAT)

B.

Data classification

C.

Privacy impact assessment (PIA)

D.

Automatic dynamic code scan

Buy Now
Questions 42

Which of the following is MOST likely to present a valid use case for keeping a customer’s personal data after contract termination?

Options:

A.

For the purpose of medical research

B.

A forthcoming campaign to win back customers

C.

A required retention period due to regulations

D.

Ease of onboarding when the customer returns

Buy Now
Questions 43

Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?

Options:

A.

User acceptance testing (UAT)

B.

Patch management

C.

Software hardening

D.

Web application firewall (WAF)

Buy Now
Questions 44

Which of the following describes a user’s “right to be forgotten”?

Options:

A.

The data is being used to comply with legal obligations or the public interest.

B.

The data is no longer required for the purpose originally collected.

C.

The individual objects despite legitimate grounds for processing.

D.

The individual’s legal residence status has recently changed.

Buy Now
Questions 45

Which of the following is the MOST important consideration when choosing a method for data destruction?

Options:

A.

Granularity of data to be destroyed

B.

Validation and certification of data destruction

C.

Time required for the chosen method of data destruction

D.

Level and strength of current data encryption

Buy Now
Questions 46

An IT privacy practitioner wants to test an application in pre-production that will be processing sensitive personal data. Which of the following testing methods is

BEST used to identity and review the application's runtime modules?

Options:

A.

Static application security testing (SAST)

B.

Dynamic application security testing (DAST)

C.

Regression testing

D.

Software composition analysis

Buy Now
Questions 47

An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data leakage?

Options:

A.

Download of data to the mobile devices is disabled.

B.

Single sign-on is enabled for the mobile application.

C.

Data stored in the cloud-based solution is encrypted.

D.

Separate credentials are used for the mobile application.

Buy Now
Questions 48

Which of the following should be done FIRST when performing a data quality assessment?

Options:

A.

Identify the data owner.

B.

Define data quality rules.

C.

Establish business thresholds-

D.

Assess completeness of the data inventory.

Buy Now
Questions 49

Which of the following is an example of data anonymization as a means to protect personal data when sharing a database?

Options:

A.

The data is encrypted and a key is required to re-identify the data.

B.

Key fields are hidden and unmasking is required to access to the data.

C.

Names and addresses are removed but the rest of the data is left untouched.

D.

The data is transformed such that re-identification is impossible.

Buy Now
Questions 50

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

Options:

A.

Subject matter expertise

B.

Type of media

C.

Regulatory compliance requirements

D.

Location of data

Buy Now
Questions 51

An email opt-in form on a website applies to which privacy principle?

Options:

A.

Accuracy

B.

Consent

C.

Transparency

D.

Integrity

Buy Now
Questions 52

A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?

Options:

A.

Access to personal data is not strictly controlled in development and testing environments.

B.

Complex relationships within and across systems must be retained for testing.

C.

Personal data across the various interconnected systems cannot be easily identified.

D.

Data masking tools are complex and difficult to implement.

Buy Now
Questions 53

Which of the following protocols BEST protects end-to-end communication of personal data?

Options:

A.

Transmission Control Protocol (TCP)

B.

Transport Layer Security Protocol (TLS)

C.

Secure File Transfer Protocol (SFTP)

D.

Hypertext Transfer Protocol (HTTP)

Buy Now
Questions 54

Which of the following is MOST important to capture in the audit log of an application hosting personal data?

Options:

A.

Server details of the hosting environment

B.

Last user who accessed personal data

C.

Application error events

D.

Last logins of privileged users

Buy Now
Questions 55

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

Options:

A.

End users using weak passwords

B.

Organizations using weak encryption to transmit data

C.

Vulnerabilities existing in authentication pages

D.

End users forgetting their passwords

Buy Now
Questions 56

Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?

Options:

A.

Data process flow diagrams

B.

Data inventory

C.

Data classification

D.

Data collection standards

Buy Now
Questions 57

Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

Options:

A.

Encrypting APIs with the organization’s private key

B.

Requiring nondisclosure agreements (NDAs) when sharing APIs

C.

Restricting access to authorized users

D.

Sharing only digitally signed APIs

Buy Now
Questions 58

An organization has initiated a project to enhance privacy protections by improving its information security controls. Which of the following is the MOST useful action to help define the scope of the project?

Options:

A.

Review recent audit reports on the internal control environment

B.

Identify databases that contain personal data

C.

Identify databases that do not have encryption in place.

D.

Review proposed privacy rules that govern the processing of personal data

Buy Now
Questions 59

Which of the following should be done FIRST before an organization migrates data from an on-premise solution to a cloud-hosted solution that spans more than one jurisdiction?

Options:

A.

Ensure data loss prevention (DLP) alerts are turned on.

B.

Encrypt the data while it is being migrated.

C.

Conduct a penetration test of the hosted solution.

D.

Assess the organization's exposure related to the migration.

Buy Now
Questions 60

An organization is concerned with authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Which of the following technologies is the BEST choice to mitigate this risk?

Options:

A.

Email filtering system

B.

Intrusion monitoring

C.

Mobile device management (MDM)

D.

User behavior analytics

Buy Now
Questions 61

Which of the following is the GREATEST benefit of adopting data minimization practices?

Options:

A.

Storage and encryption costs are reduced.

B.

Data retention efficiency is enhanced.

C.

The associated threat surface is reduced.

D.

Compliance requirements are met.

Buy Now
Questions 62

Which of the following is a role PRIMARILY assigned to an internal data owner?

Options:

A.

Monitoring data retention periods

B.

Authorizing access rights

C.

Serving as primary contact with regulators

D.

Implementing appropriate technical controls

Buy Now
Questions 63

Which of the following information would MOST likely be considered sensitive personal data?

Options:

A.

Mailing address

B.

Bank account login ID

C.

Ethnic origin

D.

Contact phone number

Buy Now
Questions 64

An organization is considering the use of remote employee monitoring software. Which of the following is the MOST important privacy consideration when implementing this solution?

Options:

A.

Data should be used to improve employee performance.

B.

Data should be retained per the organization's retention policy

C.

Data access should be restricted based on roles.

D.

Data analysis should be used to set staffing levels

Buy Now
Questions 65

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

Options:

A.

Providing system engineers the ability to search and retrieve data

B.

Allowing individuals to have direct access to their data

C.

Allowing system administrators to manage data access

D.

Establishing a data privacy customer service bot for individuals

Buy Now
Exam Code: CDPSE
Exam Name: Certified Data Privacy Solutions Engineer
Last Update: Dec 26, 2024
Questions: 218
CDPSE pdf

CDPSE PDF

$25.5  $84.99
CDPSE Engine

CDPSE Testing Engine

$30  $99.99
CDPSE PDF + Engine

CDPSE PDF + Testing Engine

$40.5  $134.99