QUESTION 61
Which of the following is MOST useful for understanding an organization’s approach towards privacy compliance?
A. Privacy audit reports
B. Data privacy policies
C. Privacy awareness training
D. Data classifications
Correct Answer: B
QUESTION 62
Rounding and nulling are examples of which type of data de-identification function?
A. Salting
B. Hashing
C. Masking
D. Tokenization
Correct Answer: C
QUESTION 63
A bug has been identified in a third-party video library that could expose sensitive user data. Which of the following is the BEST recommendation to address this issue?
A. Perform a full antivirus scan before using the library.
B. Patch the vulnerability before using the library.
C. Sanitize any sensitive data in the library.
D. Require authentication to access the library.
Correct Answer: B
QUESTION 64
Which of the following BEST enables an organization to comply with data privacy laws?
A. Mandating frequent organization-wide privacy training
B. Implementing strong identity and access controls
C. Creating a matrix of data privacy regulations
D. Limiting the data that the organization maintains
Correct Answer: D
QUESTION 65
An organization has confirmed a breach of personal data. Which of the following actions should be done NEXT?
A. Notify all data subjects of the breach as necessary.
B. Review the nature of the breach to determine impacted individuals.
C. Inform regulators of breach details.
D. Implement remediation actions to prevent reoccurrence.
Correct Answer: B
QUESTION 66
Which of the following should an organization do FIRST to mitigate the risk of employees mishanding personal data?
A. Implement a date loss prevention (DLP) tool.
B. Conduct personal data awareness training.
C. Encrypt all personal data.
D. Establish data classification levels.
Correct Answer: B
QUESTION 67
Which of the following is the MOST essential attribute to distinguish between personal data protection and information security?
A. Confidentiality
B. Linkability
C. Integrity
D. Authenticity
Correct Answer: B
QUESTION 68
Which of the following BEST enables an IT privacy practitioner to ensure high quality and accurate personal data collection?
A. Identifying risk scenarios related to record mismatching and personal harm
B. Conducting an annual data inventory and review of data process flows
C. Performing periodic reviews of data repositories and access management
D. Implementing appropriate data validation mechanisms
Correct Answer: D
QUESTION 69
Which of the following is MOST likely to be considered confidential data as opposed to personal information?
A. Driver’s license number
B. Internet Protocol (IP) address
C. Government identification number
D. Customer income level
Correct Answer: D
QUESTION 70
Which of the following is MOST useful for senior management to review when preparing to release a new service involving substantial use of personal data?
A. Privacy policy
B. Privacy impact assessment (PIA)
C. Privacy control self-assessment (CSA)
D. Privacy incident management capability
Correct Answer: B
QUESTION 71
Which of the following types of employee information requires the STRONGEST protection due to its sensitivity?
A. Salary information
B. Sexual orientation
C. Email addresses
D. Year of birth
Correct Answer: B
QUESTION 72
Which of the following is the BEST control to mitigate the impact of credential harvesting attacks?
A. Encryption of network traffic
B. Role-based access control (RBAC)
C. Multi-factor authentication (MFA)
D. Vulnerability scanning
Correct Answer: C
QUESTION 73
Which of the following should be an information security manager’s PRIMARY focus when migrating data between two dissimilar systems?
A. Developing automation to facilitate the migration
B. Determining the amount of effort required
C. Ensuring data controls are maintained
D. Ensuring the integrity of system backups
Correct Answer: C
QUESTION 74
Which of the following roles is responsible for establishing procedures that address the use of personal data for continuous auditing?
A. Data controller
B. Data processor
C. Data architect
D. Data modeler
Correct Answer: A
QUESTION 75
Which of the following is the BEST solution for storing both non-relational and relational personal data from Internet of Things (IoT) devices, web sites, and mobile applications?
A. Data lake
B. Blockchain
C. Block storage
D. Data warehouse
Correct Answer: A
QUESTION 76
As part of network hardening, it is MOST important to set up thresholds to trigger privacy alerts for:
A. data exfiltration.
B. unsuccessful access requests.
C. excessive network connection length.
D. Internet Protocol (IP) masquerading.
Correct Answer: A
QUESTION 77
Which of the following is the BEST way to mitigate privacy risk associated with application programming interfaces (APIs)?
A. Document dependency usage of all APIs.
B. Use only APIs that are developed internally by the organization.
C. Active monitoring of API schema changes.
D. Ensure APIs are included in the scope of the vulnerability management program.
Correct Answer: D
QUESTION 78
A debt collection agency is attempting to locate a debtor and collects information on several people with similar names. During the inquiry, some of these people are discounted. How should the agency decide what data is adequate, relevant, and limited?
A. The agency should keep the data collected and mark an indication on the people removed from the search.
B. The agency should keep only the minimum data needed to form a basic record of people removed from the search.
C. The agency should delete all personal data collected after the debtor is found.
D. The agency should keep the data collected but store in an anonymized format.
Correct Answer: B
QUESTION 79
An audit of an organization’s customer relationship management (CRM) system revealed duplicate user accounts for many customers. Which of the following should be the IT privacy practitioner’s GREATEST concern?
A. Lack of data quality may result in increased audit findings.
B. Lack of data quality violates database integrity rules.
C. Duplicates may lead to increased customer inquiries and communication costs.
D. Critical communications may not reach the correct customer contacts.
Correct Answer: D
QUESTION 80
Which of the following is the BEST course of action to manage privacy risk when a significant vulnerability is identified in the operating system (OS) that supports an organization’s customer relationship management (CRM) system?
A. Apply OS patching to fix the vulnerability immediately.
B. Perform a vulnerability assessment to determine the impact.
C. Manage system permissions and access more strictly.
D. Enable comprehensive logging of activities at the OS level.
Correct Answer: B
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.