CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 2 of 9.
- Question #51Privacy Architecture
Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?
API securityAccess controlData protectionAuthentication and authorization - Question #52Data Life Cycle
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
Data Subject RightsRight to be forgottenData Deletion - Question #53Privacy Governance
A global organization is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries. Which of the following is the MOST...
Legal complianceMulti-jurisdictional privacyData protection requirementsCRM implementation - Question #54Privacy Architecture
An organization is concerned with authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Which of the following technologies is...
User behavior analyticsInsider threat detectionData misuseAnomaly detection - Question #55Privacy Architecture
Which of the following MOST effectively protects against the use of a network sniffer?
Network SecurityEncryptionData ConfidentialitySniffing - Question #56Data Life Cycle
Which of the following is the BEST indication of an effective records management program for personal data?
Records ManagementData RetentionData LifecycleStorage Limitation - Question #57Data Life Cycle
Which of the following is MOST important to establish within a data storage policy to protect data privacy?
Data disposalData privacyData storage policyData lifecycle management - Question #58Privacy Architecture
Which of the following helps to ensure the identities of individuals in two-way communication are verified?
AuthenticationIdentity verificationMutual authenticationDigital certificates - Question #59Data Life Cycle
Which of the following is the BEST way to hide sensitive personal data that is in use in a data lake?
Data maskingSensitive data protectionData in use protectionAnonymization techniques - Question #60Privacy Architecture
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is...
Data MaskingTest Data ManagementPrivacy Enhancing TechnologiesData Integrity - Question #61Privacy Architecture
Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?
Access ControlRole-Based Access Control (RBAC)Personal Data ProtectionIT Staff Security - Question #62Privacy Architecture
Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?
DNS SecurityTracking PreventionNetwork Security ControlsPrivacy Architecture - Question #63Privacy Governance
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?
Privacy Impact Assessment (PIA)Risk ManagementPrivacy RiskCompliance - Question #64Privacy Governance
How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?
Vendor Risk ManagementThird-Party CompliancePrivacy AssuranceIndependent Audit - Question #65Privacy Governance
Before executive leadership approves a new data privacy policy, it is MOST important to ensure:
Privacy policy developmentLegal compliancePolicy governance - Question #66Data Life Cycle
Which of the following is an IT privacy practitioner's BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?
AnonymizationData de-identificationThird-party data sharingPrivacy risk reduction - Question #67Privacy Governance
Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?
Audit responsibilitiesPrivacy compliancePrivacy framework validationAssurance - Question #68Data Life Cycle
An online retail company is trying to determine how to handle users' data if they unsubscribe from marketing emails generated from the website. Which of the following is the BEST a...
User preferencesData restrictionOpt-out mechanismConsent management - Question #69Privacy Governance
Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?
Executive supportPrivacy program initiationGovernance frameworkRisk strategy - Question #70Privacy Architecture
Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?
Data protectionEndpoint encryptionData privacyData at rest - Question #71Privacy Architecture
Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?
Remote AccessVPNNetwork Security ControlsTechnical Safeguards - Question #72Privacy Governance
Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?
Cloud computingLegal liabilityData storagePrivacy risk - Question #73Data Life Cycle
As part of a major data discovery initiative to identify personal data across the organization, the project team has identified the proliferation of personal data held as unstructu...
Data ClassificationUnstructured DataData DiscoveryPrivacy Risk - Question #74Data Life Cycle
Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?
Integrity controlsData accuracyData lifecycleData quality - Question #75Data Life Cycle
Which of the following is the BEST approach to minimize privacy risk when collecting personal data?
Data MinimizationPrivacy Risk ManagementData CollectionPurpose Limitation - Question #76Privacy Governance
Which of the following should be done FIRST to establish privacy to design when developing a contact-tracing application?
Privacy Impact Assessment (PIA)Privacy by DesignRisk AssessmentApplication Development - Question #77Privacy Architecture
A software development organization with remote personnel has implemented a third-party virtualized workspace to allow the teams to collaborate. Which of the following should be of...
Data ExfiltrationVirtual Workspace SecurityThird-Party RiskPrivacy Breach - Question #78Privacy Architecture
Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?
API designUser consentPersonal data accessMobile application privacy - Question #79Data Life Cycle
A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?
Data classificationData migrationPrivacy risk managementData lifecycle management - Question #80Privacy Architecture
Which of the following is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access?
Multi-factor authenticationCredential securityRemote access securityAuthentication controls - Question #81Privacy Governance
Which of the following is the PRIMARY objective of privacy incident response?
Privacy Incident ResponseIncident ManagementMitigationBreach Response - Question #82Privacy Architecture
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?
Endpoint SecurityOS HardeningFoundational SecurityPrivacy by Design - Question #83Privacy Architecture
An organization has a policy requiring the encryption of personal data if transmitted through email. Which of the following is the BEST control to ensure the effectiveness of this...
Data Loss PreventionEmail SecurityData EncryptionPolicy Enforcement - Question #84Privacy Architecture
Which of the following helps to ensure the identities of individuals in a two-way communication are verified?
Mutual authenticationIdentity verificationDigital certificatesSecure communication - Question #85Data Life Cycle
Which of the following is the BEST practice to protect data privacy when disposing removable backup media?
Data disposalMedia sanitizationData lifecycle managementData protection - Question #86Privacy Governance
Which of the following should be done FIRST before an organization migrates data from an on- premise solution to a cloud-hosted solution that spans more than one jurisdiction?
Data MigrationCloud PrivacyJurisdictional PrivacyRisk Assessment - Question #87Privacy Governance
Which of the following is the MOST effective way to support organizational privacy awareness objectives?
Privacy awareness trainingOrganizational trainingTraining effectivenessPrivacy program management - Question #88Privacy Architecture
Which of the following assurance approaches is MOST effective in identifying vulnerabilities within an application programming interface (API) transferring personal data?
API SecurityVulnerability ManagementBug Bounty ProgramsAssurance Methods - Question #89Privacy Governance
Which of the following activities would BEST enable an organization to identify gaps in its privacy posture?
Privacy PolicyEmployee AwarenessPrivacy GovernanceGap Identification - Question #90Privacy Architecture
Which of the following is the BEST way to address threats to mobile device privacy when using beacons as a tracking technology?
Mobile privacyBeacon trackingBluetooth securityPrivacy controls - Question #91Privacy Governance
Which of the following BEST enables an organization to ensure privacy-related risk responses meet organizational objectives?
Enterprise Risk ManagementPrivacy Risk ManagementOrganizational ObjectivesStrategic Alignment - Question #92Data Life Cycle
Which of the following technologies BEST facilitates protection of personal data?
Data Loss PreventionPersonal Data ProtectionPrivacy Technology - Question #93Data Life Cycle
Which of the following is the MOST important consideration when choosing a method for data destruction?
Data DestructionProof of DestructionPrivacy ComplianceData Lifecycle Management - Question #94Privacy Architecture
A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which...
Access Control ModelsAttribute-Based Access Control (ABAC)Data Access RestrictionsPrivacy Controls - Question #95Privacy Governance
Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?
Vendor managementThird-party risk managementPrivacy assessmentDue diligence - Question #96Privacy Governance
The BEST way for a multinational organization to ensure the comprehensiveness of its data privacy policy is to perform an annual review of changes to privacy regulations in.
Multinational complianceJurisdictional scopePrivacy policy managementRegulatory monitoring - Question #97Data Life Cycle
Using hash values With stored personal data BEST enables an organization to
HashingData IntegrityPersonal Data Protection - Question #98Privacy Governance
To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.
Access ManagementRoles and ResponsibilitiesPrivacy PoliciesData Governance - Question #99Privacy Governance
Which of the following is MOST important to include in a data use policy?
Data Use PolicyData Collection RequirementsData Processing PrinciplesPrivacy Policies - Question #100Privacy Governance
Which of the following is MOST important to capture in the audit log of an application hosting personal data?
Audit logsPersonal data accessPrivacy accountabilityCompliance logging