CDPSE exam

Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?A . Privacy rights advocateB . Outside privacy counselC . Data protection authoritiesD . The organization’s chief privacy officer (CPO)View AnswerAnswer: D Explanation: The data subject should contact the organization’s chief...

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?A . It eliminates cryptographic key collision.B . It minimizes the risk if the cryptographic key is compromised.C . It is more practical and efficient to...

Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?A . Evaluate the impact resulting from this change.B . Revisit the current remote working policies.C . Implement a virtual private network (VPN) tool.D...

Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?A . Degaussing the driveB . Factory resetting the driveC . Crypto-shredding the driveD . Reformatting the driveView AnswerAnswer: A Explanation: Reference: https://allgreenrecycling.com/what-is-data-destruction/ Degaussing is a hard drive...

Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?A . Whole disk encryptionB . Asymmetric encryptionC . Digital signatureD . Symmetric encryptionView AnswerAnswer: B Explanation: Asymmetric encryption is a method of encrypting and decrypting data...

In which of the following should the data record retention period be defined and established?A . Data record modelB . Data recovery proceduresC . Data quality standardD . Data management planView AnswerAnswer: D Explanation: Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/an-introduction-to-digital-records-management A data management plan is a document that describes how data will be collected,...

Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?A . User acceptance testing (UAT)B . Patch managementC . Software hardeningD . Web application firewall (WAF)View AnswerAnswer: C Explanation: Software hardening is a technique that mitigates design flaws...

It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?A . Application designB . Requirements definitionC . ImplementationD . TestingView AnswerAnswer: B Explanation: Requirements definition is a phase of the software development life cycle (SDLC) that involves gathering, analyzing and...

Which of the following is the GREATEST benefit of adopting data minimization practices?A . Storage and encryption costs are reduced.B . Data retention efficiency is enhanced.C . The associated threat surface is reduced.D . Compliance requirements are met.View AnswerAnswer: C Explanation: The greatest benefit of adopting data minimization practices is...

Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?A . It increases system resiliency.B . It reduces external threats to data.C . It reduces exposure of data.D . It eliminates attack motivation for data.View AnswerAnswer: A Explanation: System hardening is a process of...