CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 4 of 9.
- Question #151Data Life Cycle
Which of the following is the MOST important privacy consideration when developing a contact tracing application?
ProportionalityData MinimizationPurpose LimitationPrivacy by Design - Question #152Privacy Architecture
An organization Wishes to deploy strong encryption to its most critical and sensitive databases. Which of the following is the BEST way to safeguard the encryption keys?
Encryption Key ManagementCryptographic VaultData ProtectionSecurity Controls - Question #153Privacy Architecture
An IT privacy practitioner wants to test an application in pre-production that will be processing sensitive personal data. Which of the following testing methods is BEST used to id...
DASTApplication SecurityPrivacy EngineeringTesting Methods - Question #154Privacy Governance
What is the BES T way for an organization to maintain the effectiveness of its privacy breach incident response plan?
privacy incident responseplan maintenancetabletop exercisesincident readiness - Question #155Privacy Governance
What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?
Privacy noticeIndividual rightsTransparencyData subject rights communication - Question #156Privacy Governance
Which of the following is a role PRIMARILY assigned to an internal data owner?
Data ownerRoles and responsibilitiesAccess managementData governance - Question #157Data Life Cycle
Which of the following practices BEST indicates an organization follows the data minimization principle?
Data minimizationData retentionData lifecycle managementPrivacy principles - Question #158Privacy Governance
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the tim...
Data Protection PrinciplesTransparencyLawful ProcessingPrivacy Notice - Question #159Privacy Governance
Which of the following is the BEST indication of a highly effective privacy training program?
Privacy trainingWorkforce awarenessProgram effectivenessPrivacy education - Question #160Privacy Architecture
Which encryption method encrypts and decrypts data using two separate yet mathematically connected cryptographic keys?
Asymmetric encryptionPublic key cryptographyEncryption methodsCryptographic keys - Question #161Data Life Cycle
A health organization experienced a breach of a database containing pseudonymized personal data. Which of the following should be of MOST concern to the IT privacy practitioner?
PseudonymizationData BreachRe-identification RiskPersonal Data Protection - Question #162Privacy Governance
Which of the following information would MOST likely be considered sensitive personal data?
sensitive personal datapersonal datadata classificationprivacy principles - Question #163Privacy Governance
Within a regulatory and legal context, which of the following is the PRIMARY purpose of a privacy notice sent to customers?
Privacy NoticesData Subject TransparencyLegal Compliance - Question #164Privacy Architecture
Transport Layer Security (TLS) provides data integrity through:
TLSData IntegrityMessage DigestsCryptography - Question #165Privacy Governance
Which of the following outputs of a privacy audit is MOST likely to trigger remedial action?
privacy auditremedial actionthird-party data sharingaudit findings - Question #166Data Life Cycle
Which of the following is the BEST control to prevent the exposure of personal information when redeploying laptops within an organization?
Data sanitizationIT asset dispositionData erasurePrivacy controls - Question #167Privacy Architecture
Critical data elements should be mapped to which of the following?
Data mappingData process flowCritical data elementsPrivacy architecture - Question #168Privacy Governance
Which of the following is the BEST way to ensure an organization's enterprise risk management (ERM) framework can protect the organization from privacy harms?
Privacy Risk ManagementEnterprise Risk ManagementRisk AssessmentPrivacy Governance - Question #169Privacy Governance
A privacy risk assessment identified that a third-party collects personal data on the organization's behalf. This finding could subject the organization to a regulatory fine for no...
Privacy risk managementThird-party data processingDisclosure requirementsRegulatory compliance - Question #170Privacy Architecture
Which of the following MOST significantly impacts an organization's ability to respond to data subject access requests?
Data Subject Access RequestsData Flow MappingData DiscoveryPrivacy Operations - Question #171Privacy Governance
Which of the following has the GREATEST impact on the treatment of data within the scope of an organization's privacy policy?
Data ClassificationPrivacy PolicyData Treatment - Question #172Privacy Architecture
Which cloud deployment model is BEST for an organization whose main objectives are to logically isolate personal data from other tenants and adopt custom privacy controls for the d...
Cloud deployment modelsPrivate cloudData isolationCustom privacy controls - Question #173Privacy Governance
Which of the following helps define data retention time in a stream-fed data lake that includes personal data?
Data retentionPersonal dataPrivacy standardsData lake - Question #174Privacy Architecture
An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data l...
Data Leakage PreventionMobile SecurityCloud SecurityPrivacy Controls - Question #175Data Life Cycle
Which of the following is MOST important to capture in the audit log of an application hosting personal data?
Audit loggingPersonal data accessData lifecycle managementIncident response - Question #176Privacy Architecture
Which of the following is the MOST important consideration for determining the operational life of an encryption key?
Encryption key managementKey lifetimeData sensitivityInformation security risk - Question #177Privacy Architecture
Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?
Secure SDLCApplication SecuritySecurity by DesignShift Left Security - Question #178Privacy Architecture
An increase in threats originating from endpoints is an indication that:
Endpoint SecurityThreat DetectionIncident ResponseXDR - Question #179Privacy Architecture
Which of the following BEST illustrates privacy by design in the development of a consumer mobile application?
Privacy by DesignConsent ManagementMobile Application PrivacyUser Control - Question #180Privacy Governance
Who is ULTIMATELY accountable for the protection of personal data collected by an organization?
Data accountabilityData roles and responsibilitiesData governancePersonal data protection - Question #181Privacy Architecture
Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal dat...
Access ControlLeast PrivilegeERP SecurityPersonal Data Protection - Question #182Privacy Architecture
What would be the BEST reason to include log generation in the design of a system from a privacy perspective?
LoggingPrivacy MonitoringSystem DesignData Misuse Detection - Question #183Privacy Architecture
An attacker was able to retrieve data from a test and development environment that contained end user information. Which of the following hardening techniques would BEST prevent th...
Data obfuscationTest data managementPrivacy by designTechnical privacy controls - Question #184Privacy Governance
What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employ...
Cross-border data transferGlobal privacy complianceEmployee monitoring privacyInternational data transfers - Question #185Privacy Governance
Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?
Privacy Impact Assessment (PIA)Privacy LegislationCompliancePrivacy Program Management - Question #186Privacy Architecture
Which of the following BEST represents privacy threat modeling methodology?
Privacy Threat ModelingSoftware ArchitectureThreat IdentificationRisk Mitigation - Question #187
An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to...
- Question #188
Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization's privacy notice. Which of the following is the BEST...
- Question #189
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?
- Question #190
Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?
- Question #191Privacy Architecture
Which of the following features should be incorporated into an organization's technology stack to meet privacy requirements related to the rights of data subjects to control their...
Data Subject RightsRight to AccessPrivacy ArchitectureTechnical Controls - Question #192Privacy Governance
Who is accountable for establishing the privacy risk and harm tolerance levels?
Privacy Risk ManagementRisk ToleranceAccountabilityEnterprise Risk Management - Question #193Privacy Governance
How should the chief privacy officer of an international enterprise BEST balance the requirements of the enterprise's privacy standards with local regulations?
Global privacy complianceRegulatory mappingPrivacy policy adaptation - Question #194Data Life Cycle
What is one of the GREATEST concerns for the privacy professional when using data analytics in an enterprise?
Data AnalyticsData ProtectionCustomer PrivacyPrivacy Professional Responsibilities - Question #195Privacy Governance
What requirements would be BEST to include in a service level agreement when data is regularly moved outside of the enterprise as part of its life cycle?
SLAThird-party risk managementData privacy requirementsData quality - Question #196Privacy Governance
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?
Privacy Impact AssessmentRisk ManagementRemote Work PrivacyChange Management - Question #197Privacy Architecture
When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately pro...
AnonymizationPseudonymizationKey managementData de-identification - Question #198Privacy Governance
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?
Data subject rightsPrivacy incident responseOrganizational privacy rolesChief Privacy Officer (CPO) - Question #199Data Life Cycle
Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
Data Flow MappingPersonal Data ProtectionPrivacy ControlsData Life Cycle Management - Question #200Privacy Architecture
Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?
Online behavioral trackingPrivacy risksTracking technologiesTargeted advertising