CDPSE Practice Questions

Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

Which of the following is a PRIMARY consideration to protect against privacy violations when utilizing artificial intelligence (AI) driven business decisions?

To ensure effective management of an organization's data privacy policy, senior leadership MUST define:

Which of the following BEST ensures data confidentiality across databases?

Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?

Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?

Which of the following is considered a best practice with regard to event logging?

Which of the following statements is true about compliance risk?

Which of the following would be classified as the first line of defense from the information security and privacy perspective?

Which of the following BEST describes transformation rules used in data warehousing? Transformation rules are:

Which of the following should be used to address data kept beyond its intended lifespan?

Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

A multinational corporation is planning a big data initiative to help with critical business decisions. Which of the following is the BEST way to ensure personal data usage is stan...

An organization's data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

Which of the following processes BEST enables an organization to maintain the quality of personal data?

Which of the following is the MOST important consideration when determining retention periods for personal data?

What is the BEST method to protect customers' personal data that is forwarded to a central system for analysis?

Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?

When configuring information systems for the communication and transport of personal data, an organization should:

Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?

Which of the following should be the FIRST consideration when selecting a data sanitization method?

Which of the following system architectures BEST supports anonymity for data transmission?

Of the following, who should be PRIMARILY accountable for creating an organization's privacy management strategy?

Which of the following is the BEST way to protect personal data in the custody of a third party?

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

Which of the following is the MOST critical action for an organization prior to tracking user activity in its applications?

What should a sender do to send a recipient a file of personal data using asymmetric encryption?

A data subject's ability to securely obtain and reuse personal data for their own purposes across different services is known as the right to:

Which of the following MUST be included in a contract with a vendor that will be processing personal data?

In addition to lowering costs and improving performance, which of the following is the MOST compelling reason to archive data?

The identification of all data recipients in a privacy notice to website visitors reflects which privacy principle?

Which of the following is the BEST approach when providing data subjects with access to their personal data?

Information should only be considered personal information if it:

An organization decides to outsource its customer personal data analytics to a third party to understand spending habits. Which of the following is the MOST important contractual c...

Which of the following is the BEST way to convert personal information to non-personal information?

What is the BEST method for protecting data transmissions to devices in the field?

A privacy impact assessment (PIA) is BEST performed by reviewing controls:

Which of the following should an IT privacy practitioner do FIRST when assessing the potential impact of new privacy legislation on the organization?

Which of the following approaches to incorporating privacy by design principles BEST ensures the privacy of personal information?

To ensure security when accessing personal data from a corporate website, which of the following is a prerequisite to implementing Hypertext Transfer Protocol Secure (HTTPS)?

Which of the following is the GREATEST privacy concern for an organization implementing endpoint detection response (EDR) tools on employee laptops?

Which of the following is the MOST important topic to cover in privacy awareness training customized for an organization's IT security staff?

Which of the following is the MOST effective method to obfuscate personal data in a public cloud environment?

The BEST way to ensure the integrity of an organization's data is to log and review which of the following?

Which of the following controls BEST mitigates the risk of unauthorized access to personal information via brute force attacks through application programming interfaces (APIs)?

Which of the following BEST facilitates a privacy impact assessment (PIA)?

Which of the following is MOST important to ensure when reviewing processes associated with the destruction of data?