CDPSE Online Practice Questions and Answers

Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

A. The service provider has denied the organization's request for right to audit.

B. Personal data stored on the cloud has not been anonymized.

C. The extent of the service provider's access to data has not been established.

D. The data is stored in a region with different data protection requirements.

Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?

A. Offline backup availability

B. Recovery time objective (RTO)

C. Recovery point objective (RPO)

D. Online backup frequency

Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

A. Possession factor authentication

B. Knowledge-based credential authentication

C. Multi-factor authentication

D. Biometric authentication

Which of the following BEST supports an organization's efforts to create and maintain desired privacy protection practices among employees?

A. Skills training programs

B. Awareness campaigns

C. Performance evaluations

D. Code of conduct principles

Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

A. Compartmentalizing resource access

B. Regular testing of system backups

C. Monitoring and reviewing remote access logs

D. Regular physical and remote testing of the incident response plan

An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

A. Height, weight, and activities

B. Sleep schedule and calorie intake

C. Education and profession

D. Race, age, and gender

Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

A. To identify controls to mitigate data privacy risks

B. To classify personal data according to the data classification scheme

C. To assess the risk associated with personal data usage

D. To determine the service provider's ability to maintain data protection controls

Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?

A. Including mandatory compliance language in the request for proposal (RFP)

B. Conducting a risk assessment of all candidate vendors

C. Requiring candidate vendors to provide documentation of privacy processes

D. Obtaining self-attestations from all candidate vendors

Which of the following is the PRIMARY reason for an organization to use hash functions when hardening application systems involved in biometric data processing?

A. To ensure technical security measures are effective

B. To prevent possible identity theft

C. To meet the organization's security baseline

D. To reduce the risk of sensitive data breaches

A technology company has just launched a mobile application for tracking health symptoms. This application is built on a mobile device technology stack that allows users to share their location and details of their symptoms. Which of the following is the GREATEST privacy concern with collecting this data via mobile devices?

A. Client-side device ID

B. Data storage requirements

C. Encryption of key data elements

D. Data usage without consent

Which of the following is the PRIMARY privacy concern with the use of a data lake containing transaction data, including personal data?

A. The data lake retains all the organization's data.

B. The data lake supports all operational users.

C. The data lake receives data from all data sources.

D. The data lake supports all types of data structures.

Notice was provided to everyone visiting a company's website indicating what personal data was being collected and for what purpose it was being used. The IT department recently received a new request to use this personal data. Which of the following should be done FIRST?

A. Determine who needs to opt in to the new data usage scenario.

B. Request the internal audit function to conduct a privacy audit.

C. Assess whether the use of data is consistent with the original purpose.

D. Determine which department is the data owner and refer to them for approval.

Which of the following is the MOST effective remote access model for reducing the likelihood of attacks originating from connecting devices?

A. Remote wide area network (WAN) links

B. Thin client remote desktop protocol (RDP)

C. Site-to-site virtual private network (VPN)

D. Thick client desktop with virtual private network (VPN) connection

Which of the following would BEST enable a data warehouse to limit access to individual database objects?

A. Private storage volumes

B. Virtual private database

C. Database privacy firewall

D. Data control dictionary

Which method BEST reduces the risk related to sharing of personal data between a software as a service (SaaS) customer and the third party storing it?

A. Data hashing

B. Data encryption

C. Data pseudonymization

D. Data anonymization