CDPSE | How Many Questions Of CDPSE Real Exam

NEW QUESTION 1
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

• A. Evaluate the impact resulting from this change.
• B. Revisit the current remote working policies.
• C. Implement a virtual private network (VPN) tool.
• D. Enforce multi-factor authentication for remote access.

Answer: B

NEW QUESTION 2
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?

• A. Access to personal data is not strictly controlled in development and testing environments.
• B. Complex relationships within and across systems must be retained for testing.
• C. Personal data across the various interconnected systems cannot be easily identified.
• D. Data masking tools are complex and difficult to implement.

Answer: D

NEW QUESTION 3
Which of the following is the GREATEST benefit of adopting data minimization practices?

• A. Storage and encryption costs are reduced.
• B. Data retention efficiency is enhanced.
• C. The associated threat surface is reduced.
• D. Compliance requirements are met.

Answer: B

Explanation:
Unfortunately, the financial liability portion of retained personal information rarely shows up on an organization’s financial balance sheet. And yet it is indeed a liability: the impact on an organization when cybercriminals steal that information or when the information is misused is real, in the form of breach response costs, the costs related to reducing harm inflicted on affected parties (think of credit monitoring services, a frequent remedy for stolen credit card numbers), fines from governmental regulators, and the occasional class-action lawsuit.

NEW QUESTION 4
Which of the following BEST supports an organization’s efforts to create and maintain desired privacy protection practices among employees?

• A. Skills training programs
• B. Awareness campaigns
• C. Performance evaluations
• D. Code of conduct principles

Answer: B

NEW QUESTION 5
Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?

• A. The user’s ability to select, filter, and transform data before it is shared
• B. Umbrella consent for multiple applications by the same developer
• C. User consent to share personal data
• D. Unlimited retention of personal data by third parties

Answer: C

NEW QUESTION 6
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?

• A. Detecting malicious access through endpoints
• B. Implementing network traffic filtering on endpoint devices
• C. Managing remote access and control
• D. Hardening the operating systems of endpoint devices

Answer: B

NEW QUESTION 7
Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?

• A. Focus on developing a risk action plan based on audit reports.
• B. Focus on requirements with the highest organizational impact.
• C. Focus on global compliance before meeting local requirements.
• D. Focus on local standards before meeting global compliance.

Answer: D

NEW QUESTION 8
Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

• A. Possession factor authentication
• B. Knowledge-based credential authentication
• C. Multi-factor authentication
• D. Biometric authentication

Answer: B

NEW QUESTION 9
Which of the following is the BEST way to protect personal data in the custody of a third party?

• A. Have corporate counsel monitor privacy compliance.
• B. Require the third party to provide periodic documentation of its privacy management program.
• C. Include requirements to comply with the organization’s privacy policies in the contract.
• D. Add privacy-related controls to the vendor audit plan.

Answer: C

Explanation:
In GDPR parlance, organizations that use third-party service providers are often, but not always, considered data controllers, which are entities that determine the purposes and means of the processing of personal data, which can include directing third parties to process personal data on their behalf. The third parties that process data for data controllers are known as data processors.

NEW QUESTION 10
Which of the following BEST represents privacy threat modeling methodology?

• A. Mitigating inherent risks and threats associated with privacy control weaknesses
• B. Systematically eliciting and mitigating privacy threats in a software architecture
• C. Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities
• D. Replicating privacy scenarios that reflect representative software usage

Answer: A

NEW QUESTION 11
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

• A. Segregation of duties
• B. Unique user credentials
• C. Two-person rule
• D. Need-to-know basis

Answer: A

NEW QUESTION 12
Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?

• A. Implement a data loss prevention (DLP) system.
• B. Use only the data required by the application.
• C. Encrypt all data used by the application.
• D. Capture the application’s authentication logs.

Answer: A

NEW QUESTION 13
Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

• A. Develop and communicate a data security plan.
• B. Perform a privacy impact assessment (PIA).
• C. Ensure strong encryption is used.
• D. Conduct a security risk assessment.

Answer: D

NEW QUESTION 14
When a government’s health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?

• A. Co-regulatory
• B. Sectoral
• C. Comprehensive
• D. Self-regulatory

Answer: C

NEW QUESTION 15
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?

• A. Data custodian
• B. Privacy data analyst
• C. Data processor
• D. Data owner

Answer: D

NEW QUESTION 16
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?

• A. Accuracy
• B. Granularity
• C. Consistency
• D. Reliability

Answer: B

NEW QUESTION 17
Which of the following BEST ensures a mobile application implementation will meet an organization’s data security standards?

• A. User acceptance testing (UAT)
• B. Data classification
• C. Privacy impact assessment (PIA)
• D. Automatic dynamic code scan

Answer: C

NEW QUESTION 18
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

• A. Height, weight, and activities
• B. Sleep schedule and calorie intake
• C. Education and profession
• D. Race, age, and gender

Answer: B

NEW QUESTION 19
Which of the following MUST be available to facilitate a robust data breach management response?

• A. Lessons learned from prior data breach responses
• B. Best practices to obfuscate data for processing and storage
• C. An inventory of previously impacted individuals
• D. An inventory of affected individuals and systems

Answer: A

NEW QUESTION 20
Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?

• A. Mandatory access control
• B. Network segmentation
• C. Dedicated access system
• D. Role-based access control

Answer: D

NEW QUESTION 21
......