CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 3 of 9.
- Question #101Data Life Cycle
Which of the following should an organization do FIRST to ensure it can respond to all data subject access requests in a timely manner?
Data Subject Access Requests (DSAR)Data InventoryIndividual RightsPrivacy Program Implementation - Question #102Data Life Cycle
A technology company has just launched a mobile application tor tracking health symptoms_ This application is built on a mobile device technology stack that allows users to share t...
ConsentData UsageSensitive DataMobile Privacy - Question #103Privacy Governance
Which of the following is the BEST way for senior management to verify the success of its commitment to privacy by design?
Privacy by DesignPrivacy GovernanceControl AssessmentProgram Verification - Question #104Privacy Governance
Which of the following is the BEST way to explain the difference between data privacy and data security?
Data PrivacyData SecurityDefinitionsCore Concepts - Question #105Privacy Architecture
An organization is considering the use of remote employee monitoring software. Which of the following is the MOST important privacy consideration when implementing this solution?
Data Access ControlEmployee PrivacyLeast PrivilegePrivacy by Design - Question #106Privacy Architecture
Which of the following is the BEST way to reduce the risk of compromise when transferring personal information using email?
Email SecurityEncryptionData Transfer SecurityRisk Mitigation - Question #107Privacy Architecture
Which of the following is an example of data anonymization as a means to protect personal data when sharing a database?
Data AnonymizationData ProtectionRe-identificationPrivacy Technologies - Question #108Data Life Cycle
Which of the following BEST enables an organization to ensure consumer credit card numbers are accurately captured?
Input ValidationData AccuracyData IntegritySecurity Controls - Question #109Privacy Architecture
Which of the following is the BEST course of action to prevent false positives from data loss prevention (DLP) tools?
DLP (Data Loss Prevention)False PositivesConfiguration BaselinesPrivacy Tool Management - Question #110Privacy Governance
When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?
SaaS contractsData terminationData privacyContractual requirements - Question #111Privacy Architecture
A project manager for a new data collection system had a privacy impact assessment (PIA) completed before the solution was designed. Once the system was released into production, a...
Privacy by DesignSecure Development Life Cycle (SDLC)Privacy CheckpointsProactive Privacy - Question #112Data Life Cycle
Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?
Data InventoryPersonal Data IdentificationData MappingPrivacy Program Management - Question #113Data Life Cycle
Which of the following is the FIRST step toward the effective management of personal data assets?
Data inventoryPersonal data managementData mappingPrivacy program initiation - Question #114Data Life Cycle
Which of the following should be done FIRST when performing a data quality assessment?
Data Quality AssessmentData InventoryData Life Cycle Management - Question #115Privacy Governance
Which of the following is a foundational goal of data privacy laws?
Data Privacy PrinciplesIndividual RightsData Subject RightsPrivacy Laws Goals - Question #116Privacy Architecture
Which of the following is the MOST effective remote access model for reducing the likelihood of attacks originating from connecting devices?
Remote Access SecurityThin Client ArchitectureEndpoint ProtectionAttack Surface Reduction - Question #117Privacy Architecture
Which of the following is the PRIMARY reason for an organization to use hash functions when hardening application systems involved in biometric data processing?
Hash functionsBiometric data protectionData breach risk reductionApplication hardening - Question #118Privacy Architecture
When is the BEST time during the secure development life cycle to perform privacy threat modeling?
Privacy Threat ModelingSecure Development Life CyclePrivacy by DesignSystem Design - Question #119Privacy Governance
Which of the following is BEST used to validate compliance with agreed-upon service levels established with a third party that processes personal data?
Third-party risk managementContractual auditsService level agreements (SLAs)Compliance validation - Question #120Privacy Governance
Which of the following BEST ensures an effective data privacy policy is implemented?
Policy ImplementationRegulatory ComplianceBusiness AlignmentPrivacy Program Management - Question #121Data Life Cycle
Which type of data is produced by using a more complex method of analytics to find correlations between data sets and using them to categorize or profile people?
Inferred dataData typesData analyticsProfiling - Question #122Privacy Architecture
Which of the following is a PRIMARY element of application and software hardening?
Application HardeningCode ReviewSecure Software DevelopmentApplication Security - Question #123Data Life Cycle
A mortgage lender has created an online application that collects borrower information and delivers a mortgage decision automatically based on criteria set by the lender. Which fun...
Data Subject RightsAutomated Decision MakingProfiling - Question #124Privacy Governance
Which of the following is the BEST way to ensure third-party providers that process an organization's personal data are addressed as part of the data privacy strategy?
Third-party risk managementVendor assessmentPrivacy auditsData privacy strategy - Question #125Data Life Cycle
An organization must de-identify its data before it is transferred to a third party. Which of the following should be done FIRST?
Data de-identificationData classificationData inventory - Question #126Privacy Governance
Which of the following is the MOST important consideration for developing data retention requirements?
Data retentionRegulatory complianceLegal obligations - Question #127Privacy Architecture
Which of the following is the MOST important action to protect a mobile banking app and its data against manipulation and disclosure?
Mobile securityApplication hardeningData protectionSecurity controls - Question #128Data Life Cycle
Which of the following BEST mitigates the privacy risk associated with setting cookies on a website?
CookiesUser ConsentPrivacy Risk MitigationData Collection - Question #129Privacy Governance
Which of the following is the MOST important attribute of a privacy policy?
Privacy PolicyTransparencyPrivacy PrinciplesPrivacy Communication - Question #130Privacy Architecture
Which of the following is the GREATEST privacy risk associated with the use of application programming interfaces (APIs)?
API SecurityPrivacy Risk ManagementAuthenticationAccess Control - Question #131Privacy Architecture
An organization's work-from-home policy allows employees to access corporate IT assets remotely Which of the following controls is MOST important to mitigate the risk of potential...
Remote Access SecurityData Protection in TransitEncryption ControlsPersonal Data Risk Mitigation - Question #132Privacy Governance
Which of the following should be done NEXT after a privacy risk has been accepted?
Privacy risk managementRisk acceptanceRisk monitoringContinuous monitoring - Question #133Privacy Architecture
Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?
API privacyData flow mappingRisk mitigationPrivacy by Design - Question #134Data Life Cycle
Which of the following is the BEST way to address privacy concerns when an organization captures personal data from a third party through an open application programming interface...
ConsentData collectionThird-party dataLegal basis - Question #135Privacy Governance
Which of the following needs to be identified FIRST to define the privacy requirements to use when assessing the selection of IT systems?
Legal compliancePrivacy requirementsIT system selectionPrivacy program development - Question #136Privacy Architecture
The MOST effective way to incorporate privacy by design principles into applications is to include privacy requirements in.
Privacy by DesignSoftware Development Life Cycle (SDLC)Application PrivacyPrivacy Requirements - Question #137Privacy Governance
Which of the following should be done FIRST when a data collection process is deemed to be a high-level risk?
Privacy Impact AssessmentRisk managementData collectionPrivacy controls - Question #138Privacy Governance
An organization has an initiative to implement database encryption to strengthen privacy controls. Which of the following is the MOST useful information for prioritizing database s...
Privacy ControlsRisk PrioritizationData ClassificationDatabase Encryption - Question #139Data Life Cycle
Which of the following is the BEST method of data sanitization when there is a need to balance the destruction of data and the ability to recycle IT assets?
Data sanitizationCryptographic erasureIT asset recyclingData destruction - Question #140Privacy Governance
Which of the following is the MOST important privacy consideration for video surveillance in high security areas?
Video surveillance privacyNotice and transparencyData subject rights - Question #141Privacy Architecture
Which of the following is the PRIMARY reason to use public key infrastructure (PRI) for protection against a man-in-the-middle attack?
Public Key Infrastructure (PKI)Man-in-the-Middle (MITM)Public Key CryptographyDigital Certificates - Question #142Privacy Governance
Which of the following scenarios should trigger the completion of a privacy impact assessment (PIA)?
Privacy Impact Assessment (PIA)PIA TriggersData SharingRisk Management - Question #143Privacy Governance
When can data subjects be prohibited from withdrawing consent for processing their personal data?
Data Subject RightsConsentLegal BasesPublic Interest - Question #144Privacy Architecture
Which of the following is the BEST way for an organization to gain visibility into Its exposure to privacy-related vulnerabilities?
Threat analysisVulnerability assessmentPrivacy risk management - Question #145Privacy Governance
An organization has initiated a project to enhance privacy protections by improving its information security controls. Which of the following is the MOST useful action to help defi...
Project ScopingPrivacy RegulationsCompliance ManagementPrivacy Program Design - Question #146Privacy Governance
Which of the following is the BEST way to ensure privacy considerations are included when working with vendors?
Vendor ManagementThird-Party Risk ManagementPrivacy ContractsLegal Requirements - Question #147Privacy Architecture
Which of the following is the BEST control to detect potential internal breaches of personal data?
Internal breach detectionUser behavior analytics (UBA)Security controlsInsider threat - Question #148Data Life Cycle
From a privacy perspective, it is MOST important to ensure data backups are:
Data backupsEncryptionData protectionConfidentiality - Question #149Privacy Governance
A data processor that handles personal data tor multiple customers has decided to migrate its data warehouse to a third-party provider. What is the processor obligated to do prior...
Data processor responsibilitiesSub-processor engagementController authorizationThird-party risk - Question #150Privacy Governance
Which of the following BEST ensures an organization's data retention requirements will be met in the public cloud environment?
Data retentionCloud privacyVendor managementContractual agreements