CDPSE exam

Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?A . Access is logged on the virtual private network (VPN).B . Multi-factor authentication is enabled.C . Active remote access is monitored.D . Access is only granted to authorized users.View AnswerAnswer:...

Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?A . Detailed documentation of data privacy processesB . Strategic goals of the organizationC . Contract requirements for independent oversightD . Business objectives of senior leadersView AnswerAnswer: B Explanation:...

Which of the following BEST represents privacy threat modeling methodology?A . Mitigating inherent risks and threats associated with privacy control weaknessesB . Systematically eliciting and mitigating privacy threats in a software architectureC . Reliably estimating a threat actor’s ability to exploit privacy vulnerabilitiesD . Replicating privacy scenarios that reflect representative...

Which of the following is a PRIMARY consideration to protect against privacy violations when utilizing artificial intelligence (AI) driven business decisions?A . De-identifying the data to be analyzedB . Verifying the data subjects have consented to the processingC . Defining the intended objectivesD . Ensuring proper data sets are used...

Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?A . Limited functions and capabilities of a secured operating environmentB . Monitored network activities for unauthorized useC . Improved data integrity and reduced effort...

Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?A . Focus on developing a risk action plan based on audit reports.B . Focus on requirements with the highest organizational impact.C . Focus on global compliance before meeting...

Which of the following should be used to address data kept beyond its intended lifespan?A . Data minimizationB . Data anonymizationC . Data securityD . Data normalizationView AnswerAnswer: A Explanation: Reference: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/data-minimisation/ Data minimization is a privacy principle that requires limiting the collection, storage and processing of personal data to...

Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?A . To assess privacy risksB . To evaluate effectiveness of data controlsC . To determine data integration gapsD . To comply with regulationsView AnswerAnswer: A Explanation: Data flow mapping is a...

Which of the following is the MOST important consideration to ensure privacy when using big data analytics?A . Maintenance of archived dataB . Disclosure of how the data is analyzedC . Transparency about the data being collectedD . Continuity with business requirementsView AnswerAnswer: C Explanation: Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection The most important...

Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?A . Private key exposureB . Poor patch managementC . Lack of password complexityD . Out-of-date antivirus signaturesView AnswerAnswer: A Explanation: The vulnerability that would have the greatest impact on the privacy of information is private...