CDPSE exam

When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?A . Data classification labelingB . Data residing in another countryC . Volume of data storedD . Privacy training for backup usersView AnswerAnswer: B Explanation: Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2014/selecting-the-right-cloud-operating-model-privacy-and-data-security-in-the-cloud When evaluating cloud-based services...

A new marketing application needs to use data from the organization’s customer database. Prior to the application using the data, which of the following should be done FIRST?A . Ensure the data loss prevention (DLP) tool is logging activity.B . De-identify all personal data in the database.C . Determine what...

What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?A . Require security management to validate data privacy security practices.B . Involve the privacy office in an organizational review of the incident response plan.C . Hire a third party to perform...

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?A . Conduct an audit.B . Report performance metrics.C . Perform a control self-assessment (CSA).D . Conduct a benchmarking analysis.View AnswerAnswer: A Explanation: The best way to validate that privacy...

When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?A . EncodingB . BackupC . EncryptionD . ClassificationView AnswerAnswer: C Explanation: Reference: https://cpl.thalesgroup.com/faq Encryption is a security practice that transforms data into an unreadable format using a...

Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)? A. Conducting a PIA requires significant funding and resources. B. PIAs need to be performed many times in a year. C. The organization lacks knowledge of PIA methodology. D. The value proposition of a PIA...

Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?A . Possession factor authenticationB . Knowledge-based credential authenticationC . Multi-factor authenticationD . Biometric authenticationView AnswerAnswer: A Explanation: Authentication is a process of verifying the identity of...

When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?A . The key must be kept separate and distinct from the data it protects.B . The data must be protected by multi-factor authentication.C...

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?A . Providing system engineers the ability to search and retrieve dataB . Allowing individuals to have direct access to their dataC...

Which of the following is the MOST important consideration when writing an organization’s privacy policy?A . Using a standardized business taxonomyB . Aligning statements to organizational practicesC . Ensuring acknowledgment by the organization’s employeesD . Including a development plan for personal data handlingView AnswerAnswer: B Explanation: The most important consideration...