Which of the following outputs of a privacy audit is MOST likely to trigger remedial action?
A. Identification of uses of sensitive personal data
B. Deficiencies in how personal data is shared with third parties
C. Areas of focus for privacy training
D. Recommendations to optimize current privacy policy
Correct Answer: A
QUESTION 42
Which encryption method encrypts and decrypts data using two separate yet mathematically connected cryptographic keys?
A. Private key
B. Hashing
C. Symmetric
D. Asymmetric
Correct Answer: D
QUESTION 43
Which of the following is the BEST way to ensure an organization’s enterprise risk management (ERM) framework can protect the organization from privacy harms?
A. Establish a privacy incident response plan.
B. Complete a privacy risk assessment.
C. Conduct an internal privacy audit.
D. Include privacy risks as a risk category.
Correct Answer: B
QUESTION 44
Transport Layer Security (TLS) provides data integrity through:
A. exchange of digital certificates.
B. asymmetric encryption of data sets.
C. use of File Transfer Protocol (FTP).
D. calculation of message digests.
Correct Answer: D
QUESTION 45
Which of the following is the BEST control to prevent the exposure of personal information when redeploying laptops within an organization?
A. Reinstall the operating system and enable laptop encryption.
B. Perform a full wipe and reimage of the laptops.
C. Set a unique static IP for the default network interface.
D. Disable all wireless networking in the group policy.
Correct Answer: B
QUESTION 46
Within a regulatory and legal context, which of the following is the PRIMARY purpose of a privacy notice sent to customers?
A. To provide transparency to the data subject on the intended use of their personal data
B. To establish the organization’s responsibility for protecting personal data during the relationship with the data subject
C. To educate data subjects regarding how personal data will be safeguarded
D. To inform customers about the procedure to legally file complaints for misuse of personal data
Correct Answer: A
QUESTION 47
An increase in threats originating from endpoints is an indication that:
A. extended detection and response should be installed.
B. network protection should be maintained remotely.
C. credential management should be implemented.
D. network audit frequency should increase.
Correct Answer: A
QUESTION 48
Critical data elements should be mapped to which of the following?
A. Data process flow
B. Business taxonomy
C. Privacy policy
D. Business analytics
Correct Answer: B
QUESTION 49
Which of the following principles is MOST important to apply when granting access to an enterprise resource planning (ERP) system that contains a significant amount of personal data?
A. Read-only access
B. Least privilege
C. Segregation of duties
D. Data minimization
Correct Answer: D
QUESTION 50
A privacy risk assessment identified that a third-party collects personal data on the organization’s behalf. This finding could subject the organization to a regulatory fine for not disclosing this relationship. What should the organization do NEXT?
A. Amend the privacy policy to include a provision that data might be collected by trusted third parties.
B. Disclose the relationship to those affected in jurisdictions where such disclosures are required.
C. Update the risk assessment process to cover only required disclosures.
D. Review the third-party relationship to determine who should be collecting data.
Correct Answer: D
QUESTION 51
Who is ULTIMATELY accountable for the protection of personal data collected by an organization?
A. Data protection officer
B. Data custodian
C. Data processor
D. Data owner
Correct Answer: D
QUESTION 52
Which of the following MOST significantly impacts an organization’s ability to respond to data subject access requests?
A. Availability of application data flow diagrams is limited.
B. Third-party service level agreement (SLA) data is not always available.
C. The organization’s data retention schedule is complex.
D. Logging of systems and application data is limited.
Correct Answer: C
QUESTION 53
Which of the following is the MOST important consideration for determining the operational life of an encryption key?
A. Length of key and complexity of algorithm
B. Volume and sensitivity of data protected
C. Number of digitally signed documents in force
D. Number of entities involved in communication
Correct Answer: B
QUESTION 54
Which of the following has the GREATEST impact on the treatment of data within the scope of an organization’s privacy policy?
A. Data flow diagram
B. Data processing agreement
C. Data protection impact assessment (DPIA)
D. Data classification
Correct Answer: C
QUESTION 55
Which of the following information would MOST likely be considered sensitive personal data?
A. Contact phone number
B. Bank account login ID
C. Ethnic origin
D. Mailing address
Correct Answer: C
QUESTION 56
Which of the following BEST illustrates privacy by design in the development of a consumer mobile application?
A. The application shares personal information upon request.
B. The application only stores data for 24 hours.
C. The application only stores data locally.
D. The application requires consent before sharing locations.
Correct Answer: D
QUESTION 57
A health organization experienced a breach of a database containing pseudonymized personal data. Which of the following should be of MOST concern to the IT privacy practitioner?
A. The data is subject to regulatory fines.
B. The data may be re-identified.
C. The data was proprietary.
D. The data was classified as confidential.
Correct Answer: B
QUESTION 58
An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data leakage?
A. Separate credentials are used for the mobile application.
B. Single sign-on is enabled for the mobile application.
C. Download of data to the mobile devices is disabled.
D. Data stored in the cloud-based solution is encrypted.
Correct Answer: D
QUESTION 59
Which of the following BEST protects against unauthorized access to stored personal data?
A. Intrusion detection system (IDS)
B. Advanced Encryption Standard (AES)
C. Transport Layer Security (TLS)
D. Data loss prevention (DLP)
Correct Answer: B
QUESTION 60
Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?
A. Allowing individuals to have direct access to their data
B. Establishing a data privacy customer service bot for individuals
C. Allowing system administrators to manage data access
D. Providing system engineers the ability to search and retrieve data
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.