- All Exams Instant Download
What does it mean to “rationalize” data protection requirements?
What does it mean to “rationalize” data protection requirements?A . Evaluate the costs and risks of applicable laws and regulations and address those that have the greatest penaltiesB . Look for overlaps in laws and regulations from which a common solution can be developedC . Determine where laws and regulations...
What must be done to maintain the program and develop it beyond just a data breach prevention program? How can you build on your success?
SCENARIO Please use the following to answer the next QUESTION: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of relatively minor data breaches that could easily have...
How could the objection to Spencer's training suggestion be addressed?
SCENARIO Please use the following to answer the next QUESTION: Natalia, CFO of the Nationwide Grill restaurant chain, had never seen her fellow executives so anxious. Last week, a data processing firm used by the company reported that its system may have been hacked, and customer data such as names,...
These steps can help an organization recover from what?
Read the following steps: ✑ Perform frequent data back-ups. ✑ Perform test restorations to verify integrity of backed-up data. ✑ Maintain backed-up data offline or on separate servers. These steps can help an organization recover from what?A . Phishing attacksB . Authorization errorsC . Ransomware attacksD . Stolen encryption keysView...
Which of the following controls does the PCI DSS framework NOT require?
Which of the following controls does the PCI DSS framework NOT require?A . Implement strong asset control protocols.B . Implement strong access control measures.C . Maintain an information security policy.D . Maintain a vulnerability management program.View AnswerAnswer: A
What should be the first major goal of a company developing a new privacy program?
What should be the first major goal of a company developing a new privacy program?A . To survey potential funding sources for privacy team resources.B . To schedule conversations with executives of affected departments.C . To identify potential third-party processors of the organization's information.D . To create Data Lifecycle Management...
Penny’s colleague in Marketing is excited by the new sales and the company’s plans, but is also concerned that Penny may curtail some of the growth opportunities he has planned. He tells her “I heard someone in the breakroom talking about some new privacy laws but I really don’t think it affects us. We’re just a small company. I mean we just sell accessories online, so what’s the real risk?
SCENARIO Please use the following to answer the next QUESTION: Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in California but thanks to some great publicity from a social media influencer last year, the company has...
How would a strong data life cycle management policy have helped prevent the breach?
SCENARIO Please use the following to answer the next QUESTION: Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to change the hotel’s on-the-job mentoring model to a standardized training program for employees who were...
In consideration of the company’s new initiatives, which of the following laws and regulations would be most appropriate for Albert to mention at the interview as a priority concern for the privacy team?
SCENARIO Please use the following to answer the next QUESTION: For 15 years, Albert has worked at Treasure Box C a mail order company in the United States (U.S.) that used to sell decorative candles around the world, but has recently decided to limit its shipments to customers in the...
What should you do first to ascertain additional information about the loss of data?
SCENARIO Please use the following to answer the next QUESTION: It's just what you were afraid of. Without consulting you, the information technology director at your organization launched a new initiative to encourage employees to use personal devices for conducting business. The initiative made purchasing a new, high-specification laptop computer...
