nerdexam
ExamsCDPSEQuestions#100
IsacaIsaca

CDPSE · Question #100

CDPSE Question #100: Real Exam Question with Answer & Explanation

The correct answer is C: Last user who accessed personal data. An audit log is a record of the activities and events that occur in an information system, such as an application hosting personal data. An audit log can help to monitor, detect, investigate and prevent unauthorized or malicious access, use, modification or deletion of personal d

Privacy Governance

Question

Which of the following is MOST important to capture in the audit log of an application hosting personal data?

Options

  • AServer details of the hosting environment
  • BLast logins of privileged users
  • CLast user who accessed personal data
  • DApplication error events

Explanation

An audit log is a record of the activities and events that occur in an information system, such as an application hosting personal data. An audit log can help to monitor, detect, investigate and prevent unauthorized or malicious access, use, modification or deletion of personal data. An audit log can also help to demonstrate compliance with data protection laws and regulations, such as the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CCPA). An audit log should capture the following information for each event: - The date and time of the event - The identity of the user or system that performed the event - The type and description of the event - The outcome or result of the event - The personal data that were accessed, used, modified or deleted The last user who accessed personal data is the most important information to capture in the audit log, as it can help to identify who is responsible for any data breach or misuse of personal data. It can also help to verify that only authorized and legitimate users have access to personal data, and that they follow the data use policy and the principle of least privilege. The last user who accessed personal data can also help to support data subjects' rights, such as the right to access, rectify, erase or restrict their personal data. The other options are less important or irrelevant to capture in the audit log of an application hosting personal data. Server details of the hosting environment are not related to personal data, and they can be obtained from other sources, such as network logs or configuration files. Last logins of privileged users are important to capture in a separate audit log for user account management, but they do not indicate what personal data were accessed or used by those users. Application error events are important to capture in a separate audit log for system performance and reliability, but they do not indicate what personal data were affected by those errors.

Topics

#Audit logs#Personal data access#Privacy accountability#Compliance logging

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CDPSE PracticeBrowse All CDPSE Questions