CDPSE exam

During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?A . Segregation of dutiesB . Unique user credentialsC . Two-person ruleD . Need-to-know basisView AnswerAnswer: D Explanation: The need-to-know basis principle is a...

Which of the following describes a user’s “right to be forgotten”?A . The data is being used to comply with legal obligations or the public interest.B . The data is no longer required for the purpose originally collected.C . The individual objects despite legitimate grounds for processing.D . The individual’s...

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?A . End users using weak passwordsB . Organizations using weak encryption to transmit dataC . Vulnerabilities existing in authentication pagesD . End users forgetting their passwordsView AnswerAnswer: A Explanation: One of...

Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?A . Implement a data loss prevention (DLP) system.B . Use only the data required by the application.C . Encrypt all data used by the application.D . Capture the application’s...

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?A . Subject matter expertiseB . Type of mediaC . Regulatory compliance requirementsD . Location of dataView AnswerAnswer: B Explanation: Data sanitization is a process of permanently erasing or...

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?A . The system architecture is clearly defined.B . A risk assessment has been completed.C . Security controls are clearly defined.D ....

Which of the following is the BEST way to limit the organization’s potential exposure in the event of consumer data loss while maintaining the traceability of the data?A . Encrypt the data at rest.B . De-identify the data.C . Use a unique hashing algorithm.D . Require a digital signature.View AnswerAnswer:...

An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings. Which of the following is the IT privacy practitioner’s BEST recommendation?A . Anonymize personal data.B . Discontinue the creation of profiles.C . Implement strong access controls.D . Encrypt data at...

When a government’s health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?A . Co-regulatoryB . SectoralC . ComprehensiveD . Self-regulatoryView AnswerAnswer: B Explanation: Sectoral is a privacy protection reference model that refers to a system of laws and regulations...

An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?A . Height, weight, and activitiesB . Sleep schedule and calorie intakeC . Education...