CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 6 of 9.
- Question #251Privacy Governance
When data processing is performed at a third-party data center, ownership of the risk PRIMARILY rests with the:
Risk ownershipData controller responsibilitiesThird-party processingAccountability - Question #252Privacy Governance
Which of the following should be the PRIMARY consideration when evaluating transaction-based cloud solutions?
Cloud privacyShared responsibility modelData protection responsibilitiesCloud solution evaluation - Question #253Data Life Cycle
A technology company has just launched a mobile application for tracking health symptoms. This application is built on a mobile device technology stack that allows users to share t...
ConsentData usageMobile privacySensitive data - Question #254Privacy Architecture
Which of the following is the MOST effective use of data flow diagrams when implementing a data privacy compliance program?
Data Flow DiagramsData mappingPrivacy architectureData residence - Question #255Privacy Governance
Which of the following is MOST important to address in a privacy policy with respect to big data repositories of sales information?
Privacy PolicyData Management StrategyData GovernanceBig Data Privacy - Question #256Privacy Architecture
Which of the following is the PRIMARY privacy concern with the use of a data lake containing transaction data, including personal data?
Data LakeAccess ControlLeast PrivilegePrivacy Risks - Question #257Privacy Architecture
Which of the following is the BEST approach for configuring remote access rules to safeguard personal data within the organization's network?
Remote Access SecurityAuthenticationAccess ControlData Protection - Question #258Data Life Cycle
Notice was provided to everyone visiting a company's website indicating what personal data was being collected and for what purpose it was being used. The IT department recently re...
Purpose LimitationData Use AssessmentTransparencyConsent Management - Question #259Privacy Governance
Which of the following is defined and implemented to ensure organizational data privacy protection arrangements are maintained and enforced regardless of jurisdiction?
Global PrivacyOrganizational Privacy ProgramsPrivacy NoticeConsent Management - Question #260Privacy Governance
Which of the following is the BEST way to manage privacy risk associated with outsourcing to a third party?
Third-party risk managementPrivacy auditsVendor managementOutsourcing - Question #261Data Life Cycle
Which of the following is the MOST effective approach to identify personal data stored as unstructured data?
Data discoveryUnstructured dataPersonal data identification - Question #262Privacy Architecture
An organization's new sales application asks for consent to collect consumer personal information. Which foundational privacy by design principle is this organization following?
Consent ManagementPrivacy by DesignUser PrivacyData Collection - Question #263Privacy Architecture
Which of the following is the BEST example of risk-based data protection?
Risk-based data protectionData segmentationPrivacy controlsData classification - Question #264Privacy Architecture
When using a digital signature, which of the following keys will the recipient need to verify the authenticity of the sender's message?
Digital signaturesAsymmetric encryptionAuthenticationPublic key cryptography - Question #265Privacy Architecture
An organization that stores personal information is receiving an excessive number of alerts from its intrusion detection system (IDS), causing follow-through to become unfeasible....
IDSAlert ManagementRoot Cause AnalysisOperational Security - Question #266Data Life Cycle
Which of the following is the GREATEST concern with using degaussing to destroy personal data?
Data destructionDegaussingData sanitizationVerification - Question #267Privacy Governance
Which of the following statements BEST differentiates sensitive personal data from other types of confidential data?
Sensitive personal dataData classificationData protection levelsPrivacy principles - Question #268Data Life Cycle
A debt collection agency is attempting to locate a debtor and collects information on several people with similar names. During the inquiry, some of these people are discounted. Ho...
AnonymizationData MinimizationData Lifecycle ManagementPurpose Limitation - Question #269Privacy Architecture
An organization is designing a new human resources (HR) system. Which of the following should be implemented to BEST enable detection of unauthorized access to personal data?Data l...
Data loss preventionPersonal data securityAccess detectionPrivacy controls - Question #270Privacy Architecture
Which of the following BEST demonstrates that security considerations are embedded in DevOps operations for application development?
DevSecOpsApplication SecuritySecurity ControlsSecure Software Development Life Cycle - Question #271Privacy Governance
An organization wants to change the originally specified purpose of collected personal data. What must be done NEXT?
Privacy NoticePurpose LimitationTransparencyInformation Requirements - Question #272Privacy Architecture
An organization wants to implement a cloud application with a REST application programming interface (API). Which of the following BEST protects against unauthorized access to the...
API SecurityAuthenticationCloud SecurityAccess Control - Question #273Privacy Governance
Which of the following roles is responsible for establishing procedures that address the use of personal data for continuous auditing?
Data Controller ResponsibilitiesPrivacy GovernanceContinuous AuditingPersonal Data Procedures - Question #274Data Life Cycle
A data subject has requested the personal data an organization has collected on them. Which of the following should be done FIRST when responding to this request?
Data Subject Access RequestIdentity VerificationPrivacy OperationsDSAR Process - Question #275Privacy Architecture
Which of the following would BEST enable a data warehouse to limit access to individual database objects?
Database SecurityAccess ControlData WarehouseData Dictionary - Question #276Data Life Cycle
Which of the following BEST enables an organization to comply with data privacy laws?
Data MinimizationCompliance StrategyPrivacy Principles - Question #277Privacy Governance
A retail company handles payroll accounting for its employees through a Software as a Service (SaaS) provider that uses a data center operator as a subcontractor. Who is responsibl...
Privacy rolesData processorOutsourcingData protection responsibility - Question #278Privacy Governance
Which of the following is MOST important to consider when setting priorities for privacy data management objectives?
Privacy Risk ManagementPrioritizationTechnical ControlsPrivacy Program Management - Question #279Privacy Governance
Which of the following should be the FIRST consideration prior to implementing an audit trail of access to personal data?
Cost-benefit analysisPrivacy control implementationAudit trailsPrivacy program management - Question #280Privacy Architecture
During which stage of the software development life cycle (SDLC) is it MOST critical to conduct a privacy impact assessment (PIA)?
Privacy Impact Assessment (PIA)Software Development Life Cycle (SDLC)Privacy by DesignPrivacy Engineering - Question #281Privacy Architecture
Which method BEST reduces the risk related to sharing of personal data between a software as a service (SaaS) customer and the third party storing it?
Data anonymizationPrivacy-enhancing technologies (PETs)Data sharingRisk reduction - Question #282Privacy Governance
A material finding related to the integrity of personal data was discovered during a privacy audit. Which of the following should the IT privacy practitioner do FIRST?
Audit findingsGovernance reportingEscalationIncident response - Question #283Data Life Cycle
At a minimum, records metadata in data retention files should include:
Data retentionRecords managementMetadataPrivacy records - Question #284Privacy Architecture
Which of the following is the MOST important key management practice when deploying cryptography for protecting personal data?
Key ManagementCryptographyPrivate KeysData Protection - Question #285Privacy Governance
Which of the following BEST facilitates an organization's ability to achieve data privacy-related goals?
Data QualityPrivacy GovernancePrivacy PrinciplesData Accuracy - Question #286Privacy Governance
An employee accidentally sends an email with personal data to the wrong person. Which of the following should the employee do FIRST upon becoming aware of the issue?
Incident ManagementEmployee ResponsibilitiesData Breach ResponseDocumentation - Question #287Privacy Governance
Which of the following is MOST useful for understanding an organization's approach towards privacy compliance?
Privacy compliancePrivacy program assessmentPrivacy auditsGovernance effectiveness - Question #288Data Life Cycle
Which of the following is the PRIMARY reason to allow data transfer between regions?
International Data TransfersLegal BasisData Transfer DerogationsContractual Necessity - Question #289Privacy Architecture
Which of the following is the BEST course of action to manage privacy risk when a significant vulnerability is identified in the operating system (OS) that supports an organization...
Privacy Risk ManagementAccess ControlVulnerability ManagementCompensating Controls - Question #290Privacy Governance
In a contract for cloud services, whom should a cloud provider agree to notify in the event of a personal data breach?
Breach NotificationCloud ContractsProcessor ObligationsData Subject Rights - Question #291Privacy Architecture
Which of the following BEST prevents users from sending out customers' personal data without encryption?
De-identificationPrivacy-enhancing TechnologiesData MinimizationPrivacy Controls - Question #292Privacy Architecture
Which of the following would BEST enable an organization to account for unstructured data?
Unstructured dataData inventoryData discoveryData management tools - Question #293Privacy Governance
To increase productivity, an organization is planning to implement movement tracking devices in the vehicles of field employees. Which of the following MUST be in place before inst...
Employee PrivacyBYOD PolicyLocation TrackingPrivacy Governance - Question #294Privacy Architecture
Which of the following is the MOST effective way to prevent employees from inappropriately accessing customer information?
Role-based access controlLeast privilegeData access managementPreventative controls - Question #295Privacy Architecture
Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?
SQL SecurityData Access ControlData IntegrityRead-Only Systems - Question #296Privacy Governance
Which of the following should be done FIRST before an organization migrates data from an on- premise solution to a cloud-hosted solution that spans more than one jurisdiction?
Cloud data migrationPrivacy risk assessmentCross-border data transferCompliance readiness - Question #297Privacy Governance
Of the following, who is the BEST resource for determining which privacy laws must be followed for data that crosses international borders?
Legal complianceInternational data transfersOrganizational rolesPrivacy laws - Question #298Privacy Architecture
Which of the following is the BEST control to mitigate a distributed denial of service (DDoS) attack on an application programming interface (API)?
API SecurityDDoS MitigationRate Limiting - Question #299Privacy Governance
Which of the following is MOST important when creating a data retention policy?
Data Retention PolicyRegulatory CompliancePrivacy GovernancePolicy Creation - Question #300Privacy Governance
Which of the following documents should be communicated to customers to establish accountability for the use and protection of personal information?
Privacy noticeTransparencyAccountabilityCustomer communication