CDPSE Practice Questions
437 real CDPSE exam questions with expert-verified answers and explanations. Page 7 of 9.
- Question #301Privacy Governance
Which of the following is the PRIMARY outcome of a privacy risk assessment?
Privacy Risk AssessmentRisk IdentificationPrivacy Governance Framework - Question #302Privacy Architecture
A travel agency wants to introduce a new cloud application for customers to access while traveling. Which of the following would BEST help to protect the application against unauth...
Multi-factor AuthenticationAccess ControlApplication SecurityCloud Security - Question #303Privacy Governance
Which of the following should be reviewed FIRST as part of an audit of controls implemented to mitigate data privacy risk?
Privacy Impact Assessment (PIA)AuditRisk MitigationPrivacy Controls - Question #304Privacy Architecture
Which of the following is the BEST solution for storing both non-relational and relational personal data from Internet of Things (IoT) devices, web sites, and mobile applications?
Data Storage ArchitecturesIoT Data ManagementPersonal Data HandlingData Lake - Question #305Privacy Governance
An organization is opening a new office in a country that has strict privacy regulations regarding consumer data. Which of the following is the BEST way for the senior leadership t...
Privacy GovernanceRegulatory ComplianceData Privacy Officer (DPO) RoleLeadership Accountability - Question #306Privacy Architecture
Which of the following is the BEST control to mitigate the impact of credential harvesting attacks?
Credential harvestingMulti-factor authenticationSecurity controlsAuthentication - Question #307Privacy Architecture
Which data warehousing operating model masks data within a larger database to provide subset views to users?
Mandatory Access ControlData MaskingData WarehousingAccess Control - Question #308Privacy Governance
Which of the following is the PRIMARY consideration when managing consent for the use of an application targeted toward children?
Children's PrivacyParental ConsentConsent VerificationData Processing (Children) - Question #309Privacy Governance
An online business has implemented cookies in its retail website to track customer shopping behavior. Which of the following is the MOST important process to ensure customers' priv...
Customer ConsentCookiesData CollectionPrivacy Compliance - Question #310Privacy Architecture
Privacy flaws can MOST effectively be minimized during which phase of the software development life cycle?
SDLCPrivacy by DesignPrivacy EngineeringRisk Mitigation - Question #311Privacy Architecture
Which of the following BEST helps to determine appropriate access privileges for an application containing customer personal data?
Access ControlData ProtectionData ClassificationApplication Security - Question #312Data Life Cycle
In which of the following scenarios would implementing a machine learning algorithm for anomaly detection raise data privacy concerns?
Machine LearningAnomaly DetectionEmployee MonitoringPrivacy Concerns - Question #313Privacy Governance
An organization has confirmed a breach of personal data. Which of the following actions should be done NEXT?
Data breach responseIncident managementImpact assessmentPersonal data - Question #314Privacy Governance
Which of the following BEST ensures an organization takes a consistent approach to handling data subject rights requests?
Data Subject Rights ManagementOrganizational PoliciesProcess ConsistencyPrivacy Program Management - Question #315Data Life Cycle
A visitor approaches the security desk of a global bank to gain access to attend a meeting. The security desk personnel ask for an official form of identity. Which of the following...
Data MinimizationIdentity VerificationRecord KeepingVisitor Privacy - Question #316Data Life Cycle
Which of the following is the GREATEST privacy threat when an organization wants to leverage artificial intelligence (AI) for marketing purposes?
AIPrivacy ThreatsMarketingData Exploitation - Question #317Privacy Architecture
An enterprise is planning to introduce a new product that involves geolocation tracking of customers. Which of the following is the BEST way to determine the associated risk?
Geolocation TrackingPseudonymizationRe-identification RiskPrivacy-Enhancing Technologies - Question #318Privacy Architecture
Which type of flaw in an application programming interface (API) allows an attacker to manipulate legitimate standard functionality?
API securityBusiness logic flawsApplication securityVulnerability management - Question #319Privacy Governance
Which of the following BEST mitigates the risk of users not understanding the purpose of their data being collected?
TransparencyPrivacy PrinciplesData Subject RightsNotice - Question #320Privacy Architecture
Which of the following BEST protects against unauthorized access to stored personal data?
EncryptionData at RestData ProtectionSecurity Controls - Question #321Privacy Architecture
Which of the following should be done FIRST when responding to a mandate to protect a critical application that was developed in-house?
Threat assessmentApplication securityRisk managementSecurity program initiation - Question #322Privacy Architecture
Which of the following is the PRIMARY benefit of data flow mapping?
Data flow mappingData visibilityData footprint - Question #323Privacy Governance
Following a merger and acquisition deal, an organization wants to integrate all customers into a single customer relationship management (CRM) system. Which of the following is the...
M&AData IntegrationPrivacy PolicyPersonal Data Processing - Question #324Privacy Architecture
Which of the following techniques BEST protects the privacy of personal data accessed via system endpoints?
EncryptionData protectionPrivacy controlsTechnical safeguards - Question #325Data Life Cycle
A recently issued privacy regulation requires that customer data be deleted within a certain timeframe upon customer request. What is an organization's MOST important consideration...
Data deletionData inventoryComplianceRight to erasure - Question #326Privacy Architecture
Which of the following is MOST important to review when determining the data lineage of a data element?
Data LineageData FlowData GovernancePrivacy Architecture - Question #327Privacy Governance
Which of the following is MOST useful for senior management to review when preparing to release a new service involving substantial use of personal data?
Privacy Impact Assessment (PIA)Risk ManagementNew Service IntroductionSenior Management Oversight - Question #328Privacy Architecture
A payment processor is implementing a system that uses algorithms on transaction logs to detect potentially fraudulent activities. What is the BEST way to handle customer data in t...
EncryptionData MinimizationPrivacy by DesignData Protection Technologies - Question #329Privacy Governance
Which of the following types of employee information requires the STRONGEST protection due to its sensitivity?
Sensitive personal dataData classificationEmployee privacyData protection principles - Question #330Privacy Governance
Which of the following is MOST important to help determine the controls required to secure the servers that support a customer portal?
Data ClassificationSecurity ControlsPrivacy GovernanceRisk Assessment - Question #331Privacy Governance
Which of the following is a privacy by design principle?
Privacy by DesignPbD PrinciplesUser-Centric Privacy - Question #332Privacy Governance
Which of the following is the MOST essential attribute to distinguish between personal data protection and information security?
Privacy vs SecurityPersonal Data ProtectionInformation Security PrinciplesLinkability - Question #333Privacy Architecture
As part of network hardening it is MOST important to set up thresholds to trigger privacy alerts for:
Data ExfiltrationPrivacy MonitoringNetwork HardeningData Loss Prevention - Question #334Privacy Architecture
Which of the following is the BEST way to mitigate privacy risk associated with application programming interfaces (APIs)?
API SecurityPrivacy Risk MitigationVulnerability ManagementApplication Security - Question #335Data Life Cycle
An audit of an organization's customer relationship management (CRM) system revealed duplicate user accounts for many customers. Which of the following should be the IT privacy pra...
Data QualityData AccuracyPrivacy RiskData Subject Rights - Question #336Data Life Cycle
Which of the following is the GREATEST privacy risk factor for data stored on disk?
Encryption at RestData ConfidentialityPrivacy RisksData Storage Security - Question #337Privacy Architecture
A bug has been identified in a third-party video library that could expose sensitive user data. Which of the following is the BEST recommendation to address this issue?
Vulnerability ManagementThird-Party RiskData ExposurePatching - Question #338Privacy Governance
Which of the following is the PRIMARY reason that regulatory authorities would require permission for corporate use of drones with mounted video cameras for visual surveillance?
Privacy noticeVisual surveillanceRegulatory complianceTransparency - Question #339Data Life Cycle
Which of the following should be an information security manager's PRIMARY focus when migrating data between two dissimilar systems?
Data MigrationData Security ControlsInformation Security ManagementPrivacy Controls - Question #340Privacy Architecture
Which of the following is the BEST way to protect the confidentiality of the information returned by a new application programming interface (API) integration?
API SecurityEncryptionConfidentialityData in Transit - Question #341Privacy Governance
Which of the following is MOST likely to be considered confidential data as opposed to personal information?
Data ClassificationData SensitivityConfidentialityPersonal Information - Question #342Data Life Cycle
Rounding and nulling are examples of which type of data de-identification function?
Data De-identificationData MaskingPrivacy-enhancing technologies - Question #343Data Life Cycle
Which of the following poses the GREATEST privacy risk for users of an application that collects their geolocation information?
Location Data PrivacyData Sharing RisksThird-Party DataPrivacy Risk Assessment - Question #344Data Life Cycle
Which of the following is the BEST indication that an organization needs to perform a privacy impact assessment (PIA)?
Privacy Impact AssessmentPIA triggersData collectionPrivacy risk management - Question #345Data Life Cycle
Which of the following BEST enables an IT privacy practitioner to ensure high quality and accurate personal data collection?
Data CollectionData QualityData ValidationPrivacy Controls - Question #346Privacy Governance
Which of the following should an organization do FIRST to mitigate the risk of employees mishandling personal data?
Employee TrainingPrivacy AwarenessRisk MitigationHuman Error - Question #347Privacy Governance
An organization has developed a tracking system to better understand customer purchasing behavior. Prior to deployment it is discovered that the consumer privacy policy does not pr...
Privacy policy updateTransparencyLawful processingData collection ethics - Question #348Privacy Governance
An enterprise is planning to introduce a new product that involves geolocation tracking of customers. Which of the following is the BEST way to determine the associated risk?
Risk AssessmentPrivacy Impact Assessment (PIA)Business Impact Assessment (BIA)New Product Development - Question #349Privacy Governance
Which of the following is the BEST information to use as a framework to evaluate an organization's data management practices?
Data management evaluationCapability Maturity ModelOrganizational assessmentPrivacy framework - Question #350Privacy Governance
Which of the following is MOST important to ensure when reviewing strategic customer decisions driven by predictive AI?
Responsible AIHuman in the loopAI governancePrivacy controls