QUESTION 21
An organization’s backup media containing archived customer data was lost during transit to an offsite storage location. Which of the following is the MOST important course of action?
A. Initiate a claim with the organization’s insurer.
B. Discuss the incident with the IT steering committee.
C. Exercise the right-to-audit clause with the offsite storage location.
D. Inform customers about the suspected loss.
Correct Answer: D
QUESTION 22
Which of the following is the MOST important consideration to ensure privacy when using big data analytics?
A. Continuity with business requirements
B. Disclosure of how the data is analyzed
C. Maintenance of archived data
D. Transparency about the data being collected
Correct Answer: D
QUESTION 23
Which of the following is the MOST effective way to support organizational privacy awareness objectives?
A. Funding in-depth training and awareness education for data privacy staff
B. Implementing an annual training certification process
C. Including mandatory awareness training as part of performance evaluations
D. Customizing awareness training by business unit function
Correct Answer: D
QUESTION 24
Which of the following assurance approaches is MOST effective in identifying vulnerabilities within an application programming interface (API) transferring personal data?
A. Security audit
B. Bug bounty program
C. Source code review
D. Tabletop simulation
Correct Answer: C
QUESTION 25
Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?
A. Purpose limitation controls
B. Integrity controls
C. Processing flow controls
D. Time-based controls
Correct Answer: B
QUESTION 26
Which of the following is the MOST important consideration when an organization is negotiating a data processing agreement with a third party?
A. Security of data processing
B. Purpose of data processing
C. Retention period of data after processing
D. Ownership of data processing
Correct Answer: D
QUESTION 27
Which of the following is MOST important for an IT privacy practitioner to focus on during a data migration process?
A. Preparing a rollback plan in case issues arise
B. Avoiding disruption of routine business operations
C. Detecting and responding to security violations
D. Minimizing data inconsistency and integrity issues
Correct Answer: B
QUESTION 28
Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?
A. Managing privacy notices provided to customers
B. Approving privacy impact assessments (PIAs)
C. Establishing employee privacy rights and consent
D. Validating the privacy framework
Correct Answer: D
QUESTION 29
An employee accidentally sends an email with personal data to the wrong person. Which of the following should the employee do FIRST upon becoming aware of the issue?
A. Report the situation to the data privacy officer as it could be a privacy breach.
B. Document and file the details of what happened in anticipation of further questioning.
C. Send the recipient another email requesting deletion of the email that was accidentally sent.
D. Notify the privacy regulator and the impacted data subjects.
Correct Answer: C
QUESTION 30
To ensure customers understand how their personal data is handled, an organization should provide:
A. industry privacy principles.
B. a privacy notice.
C. a data processing agreement.
D. the data retention policy for personal data.
Correct Answer: B
QUESTION 31
Which of the following BEST prevents users from sending out customers’ personal data without encryption?
A. Automatic email blocking
B. User behavior monitoring
C. Data loss prevention (DLP) tools
D. De-identification of data
Correct Answer: C
QUESTION 32
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?
A. To understand privacy risks
B. To classify personal data
C. To comply with consumer regulatory requirements
D. To establish privacy breach response procedures
Correct Answer: A
QUESTION 33
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?
A. Data protection requirements are included.
B. A risk assessment has been completed.
C. Security controls are clearly defined.
D. The system architecture is clearly defined.
Correct Answer: A
QUESTION 34
When capturing browsing and purchase data from consumers visiting a corporate website more than once, which of the following metadata-based technologies is typically used to identify a consumer?
A. HTTP cookie
B. Server cookie
C. Flash cookie
D. Supercookie Correct Answer: A QUESTION 35
As part of a major data discovery initiative to identify personal data across the organization, the project team has identified the proliferation of personal data held as unstructured data as a major risk. What should be done FIRST to address this situation?
A. Identify sensitive unstructured data at the point of creation.
B. Assign an owner to sensitive unstructured data.
C. Classify sensitive unstructured data.
D. Identify who has access to sensitive unstructured data.
Correct Answer: B
QUESTION 36
Consent MUST be obtained from a data subject when:
A. the organization processing the data has implemented segregation of duties.
B. data will be used for a purpose other than for which it was collected.
C. collection includes de-identified personal data obtained from a public domain website.
D. the data will be used to support the public interest.
Correct Answer: B
QUESTION 37
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
A. The right to withdraw consent
B. The right to be forgotten
C. The right to access
D. The right to object
Correct Answer: B
QUESTION 38
Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?
A. Updates to data life cycle policy
B. Modifications to data quality standards
C. Business impact due to the changes
D. Changes to current information architecture
Correct Answer: C
QUESTION 39
Which cloud deployment model is BEST for an organization whose main objectives are to logically isolate personal data from other tenants and adopt custom privacy controls for the data?
A. Community cloud
B. Private cloud
C. Public cloud
D. Hybrid cloud
Correct Answer: B
QUESTION 40
Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?
A. Include qualified application security personnel as part of the process.
B. Ensure comprehensive application security testing immediately prior to release.
C. Require an annual third-party audit of new client software solutions.
D. Require an annual internal audit of SDLC processes.
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.