CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 1 of 9.
- Question #1Privacy Governance
Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?
Cross-border data transferCloud computing privacyJurisdictional data protectionThird-party risk management - Question #2Data Life Cycle
Which of the following is the GREATEST benefit of adopting data minimization practices?
Data MinimizationThreat Surface ReductionPrivacy PrinciplesRisk Management - Question #3Data Life Cycle
An organization want to develop an application programming interface (API) to seamlessly exchange personal data with an application hosted by a third-party service provider. What s...
Data mappingAPI integrationPersonal data exchangeThird-party data sharing - Question #4Privacy Architecture
Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?
Multi-factor authenticationAccess controlVulnerability mitigationUser authentication - Question #5Data Life Cycle
Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?
Data MinimizationPrivacy by DesignApplication PrivacyData Exposure Prevention - Question #6Privacy Governance
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the tim...
Data protection principlesLawfulness and fairnessTransparencyPrivacy notices - Question #7Data Life Cycle
What type of personal information can be collected by a mobile application without consent?
Mobile PrivacyData ClassificationConsent RequirementsSensor Data - Question #8Privacy Governance
What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?
Privacy NoticeCustomer RightsTransparencyCommunication - Question #9Data Life Cycle
A new marketing application needs to use data from the organization's customer database. Prior to the application using the data, which of the following should be done FIRST?
Data MinimizationPurpose LimitationData InventoryPrivacy by Design - Question #10Data Life Cycle
Which of the following MUST be available to facilitate a robust data breach management response?
Data breach managementIncident responseData inventoryBreach scope identification - Question #11Privacy Architecture
Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?
Data Lake ZonesSensitive Data ProtectionEncryptionTokenization - Question #12Data Life Cycle
Which of the following poses the GREATEST privacy risk for client-side application processing?
Client-side privacyData handling riskEndpoint data storageInsider threat - Question #13Privacy Architecture
Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?
Remote Access ControlPrivacy Policy AlignmentAccess ManagementAuthorization - Question #14Data Life Cycle
Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
Hardware disposalData sanitizationData lifecycle managementRisk assessment - Question #15Data Life Cycle
Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the...
Business Continuity PlanRecovery Point ObjectivePersonal Data RecoveryData Loss Prevention - Question #16Data Life Cycle
In which of the following should the data record retention period be defined and established?
Data retentionData management planData lifecycle management - Question #17Data Life Cycle
When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?
Data SecurityEncryptionSensitive DataData Storage - Question #18Privacy Governance
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
Privacy Impact Assessment (PIA)Data ownerStakeholder rolesPrivacy governance - Question #19Privacy Architecture
Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?
Desktop VirtualizationAccess ControlData IntegrityPrivacy Audits - Question #20Privacy Governance
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
Incident Response PlanTabletop ExercisePrivacy BreachPlan Effectiveness - Question #21Privacy Governance
Which of the following is MOST important when developing an organizational data privacy program?
Privacy program developmentPrivacy frameworksProgram foundational elementsOrganizational privacy - Question #22Data Life Cycle
Which of the following should be considered personal information?
Personal InformationPIIBiometric DataData Classification - Question #23Privacy Architecture
Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?
Software HardeningSecure DevelopmentApplication SecurityData Leakage Prevention - Question #24Privacy Architecture
Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?
Cryptographic key managementKey purposeRisk mitigationInformation security principles - Question #25Privacy Architecture
During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?
Privacy Impact Assessment (PIA)System Development Life Cycle (SDLC)Privacy by DesignPrivacy Risk Management - Question #26Data Life Cycle
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?
Data mappingPrivacy riskPersonal data flowPrivacy program - Question #27Privacy Architecture
Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?
Asymmetric EncryptionKey ManagementCloud Data SecurityData Transfer - Question #28Privacy Architecture
When using pseudonymization to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
PseudonymizationData protectionDe-identificationSecurity controls - Question #29Data Life Cycle
Which of the following is the BEST way to limit the organization's potential exposure in the event of consumer data loss while maintaining the traceability of the data?
Data De-identificationPseudonymizationData TraceabilityData Minimization - Question #30Privacy Architecture
Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?
Authentication FactorsIdentity VerificationAccess ControlSecurity Controls - Question #31Privacy Architecture
Which of the following BEST ensures a mobile application implementation will meet an organization's data security standards?
Application SecurityMobile SecurityDynamic AnalysisSecurity Testing - Question #32Privacy Governance
Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?
System HardeningPolicies and ProceduresSystem ResiliencySecurity Controls - Question #33Data Life Cycle
Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?
Data SanitizationData DestructionMedia TypesSecure Data Disposal - Question #34Data Life Cycle
An email opt-in form on a website applies to which privacy principle?
ConsentData collectionPrivacy principlesOpt-in - Question #35Data Life Cycle
Which of the following is MOST likely to present a valid use case for keeping a customer's personal data after contract termination?
Data RetentionLegal Basis for ProcessingData Life Cycle ManagementCompliance Obligations - Question #36Privacy Governance
Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?
Privacy Compliance PrioritizationRisk-based ComplianceGlobal Privacy StrategyCompliance Management - Question #37Privacy Governance
Which of the following is the MOST important consideration when writing an organization's privacy policy?
Privacy Policy DevelopmentPolicy AlignmentOrganizational PracticesPrivacy Governance - Question #38Privacy Governance
Which of the following BEST supports an organization's efforts to create and maintain desired privacy protection practices among employees?
Privacy awarenessEmployee trainingPrivacy culturePrivacy program management - Question #39Privacy Architecture
Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?
Data sanitationData erasureMedia destructionTechnical controls - Question #40Data Life Cycle
Which of the following describes a user's "right to be forgotten"?
Right to be forgottenData subject rightsData erasureData retention - Question #41Privacy Architecture
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?
Data attributesGranularityBig data architectureData quality - Question #42Data Life Cycle
Which of the following is the MOST important consideration to ensure privacy when using big data analytics?
Privacy PrinciplesTransparencyBig Data AnalyticsData Collection - Question #43Privacy Architecture
An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings. Which of the following i...
Data AnonymizationPrivacy Enhancing Technologies (PETs)ProfilingPrivacy Risk Management - Question #44Privacy Governance
When a government's health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?
Privacy regulation modelsSectoral approachRegulatory frameworksGovernment regulation - Question #45Data Life Cycle
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MO...
Data MinimizationPurpose LimitationLegitimate BasisHealth Data - Question #46Privacy Governance
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?
Risk AssessmentPrivacy RiskCompliance RiskRisk Management - Question #47Privacy Architecture
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
Privacy by DesignSDLCRequirements DefinitionProactive Privacy - Question #48Privacy Governance
Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relatio...
Privacy Impact AssessmentSaaS privacyRisk mitigationThird-party risk management - Question #49Privacy Architecture
Which of the following protocols BEST protects end-to-end communication of personal data?
Network ProtocolsData SecurityEnd-to-End EncryptionTLS - Question #50Privacy Governance
An organization is planning a new implementation for tracking consumer web browser activity. Which of the following should be done FIRST?
Privacy Impact Assessment (PIA)Privacy by DesignRisk ManagementNew Project Assessment