QUESTION 121
Which of the following is the MOST effective way to prevent employees from inappropriately accessing customer information?
A. Enforce an acceptable use policy.
B. Implement role-based user provisioning.
C. Require organization-wide data privacy training.
D. Engage in employee monitoring.
Correct Answer: B
QUESTION 122
Which of the following is MOST important when creating a data retention policy?
A. Requesting and obtaining board approval
B. Identifying and classifying information assets
C. Identifying and scoping regulatory requirements
D. Reviewing and updating current procedures
Correct Answer: C
QUESTION 123
Which type of flaw in an application programming interface (API) allows an attacker to manipulate legitimate standard functionality?
A. Lack of resources and rate limiting
B. Broken object level authorization
C. Excessive data exposure
D. Business logic misconfiguration
Correct Answer: D
QUESTION 124
A visitor approaches the security desk of a global bank to gain access to attend a m The security desk personnel ask for an official form coidentity which of the following is the BEST practice with regard to document company record-keeping?
A. Maintain a record of identity verification but not a copy of the ID document itself.
B. Ask for the visitor’s consent to make copy of the ID document.
C. Ask the visitor to send a copy of the ID document directly to the meeting host.
D. Post a written notice that explains copies of IDs are stored in a secure system.
Correct Answer: B
QUESTION 125
Which of the following is the BEST way to prevent dangerous SQL write statements from being executed on data?
A. Restrict access to row-specific data.
B. Exclude access to specific tables or columns of data.
C. Create a read-only data warehouse.
D. Create encrypted versions of the data.
Correct Answer: C
QUESTION 126
Which of the following should be done FIRST when responding to a mandate to protect a critical application that was developed in-house?
A. Develop a proprietary encryption scheme.
B. Apply dynamic application security testing (DAST).
C. Implement the maximum level of protection.
D. Perform a threat assessment.
Correct Answer: D
QUESTION 127
Which of the following is the PRIMARY benefit of data flow mapping?
A. It provides a holistic view of the operational procedures for each business process.
B. helps to optimize cost savings through more efficient storage solutions.
C. It creates a data catalogue for the enterprise.
D. It provides visibility into the data footprint across the organization.
Correct Answer: D
QUESTION 128
Which of the following documents should be communicated to customers to establish accountability for the use and protection of personal information?
A. Privacy consent form
B. Privacy notice
C. Privacy standards
D. Privacy procedures
Correct Answer: B
QUESTION 129
When using pseudonymization to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
A. The key must be a combination of alpha and numeric characters.
B. The data must be protected by multi-factor authentication (MFA).
C. The identifier must be kept separate and distinct from the data it protects.
D. The data must be stored in locations protected by data loss prevention (DLP) technology.
Correct Answer: C
QUESTION 130
Which of the following is the BEST information to use as a framework to evaluate an organization’s data management practices?
A. Benchmarking studies
B. Capability maturity model
C. Privacy policies and procedures
D. Regulatory changes
Correct Answer: B
QUESTION 131
An organization is considering the use of generative Al to create realistic marketing content, such as personalized product descriptions. Which of the following is the MOST important privacy consideration when using generative Al for marketing purposes?
A. Hallucinations resulting from the use of large customer datasets
B. The inadvertent disclosure of sensitive information in the generated content
C. The lack of transparency around the inner workings of the generative Al model
D. The potential for bias in the generated content
Correct Answer: B
QUESTION 132
Which strategy would be MOST effective for an organization to enhance privacy in machine learning (ML) model deployment?
A. Outsourcing model training to third-party vendors specialized in Al and ML
B. Utilizing pre-trained models without further customization
C. Sharing model parameters openly with external stakeholders for transparency
D. Implementing differential privacy techniques during both model training and inference
Correct Answer: D
QUESTION 133
An organization is implementing database servers that will store personal data within a hosting environment Which of the following is MOST important to incorporate to help ensure the privacy of the data?
A. Log monitoring
B. Device antivirus protection
C. Host-based firewall
D. System hardening
Correct Answer: D
QUESTION 134
Which of the following BEST enables an organization to manage privacy risk consistently over time?
A. Appointing the legal team to own privacy risk
B. Including privacy risk in the enterprise risk profile
C. Inventorying all databases containing personal data
D. Devising a structured approach to track risk mitigation activities
Correct Answer: D
QUESTION 135
Which of the following is the BEST source for forensic and analytic information when an organization is investigating suspicious activities from corporate-owned laptops?
A. Web application firewall (WAF)
B. Endpoint detection and response (EDR)
C. Mobile device management (MDM)
D. Device inventory and classification
Correct Answer: B
QUESTION 136
Which of the following artifacts is MOST important for demonstrating compliance with privacy regulations when deploying off-prerinse cloud solutions?
A. Privacy impact assessment (PIA)
B. Third-party audit results
C. Lack of data breaches
D. Comprehensive data catalog
Correct Answer: A
QUESTION 137
An organization identifies a risk that data subject access requests may not be managed within the regulatory timeline. The organization decides to outsource the data subject access request process to a third party. Which risk response is this an example of?
A. Risk reduction
B. Risk acceptance
C. Risk avoidance
D. Risk transfer
Correct Answer: D
QUESTION 138
A request for consent to collect personal data MUST:
A. be a condition of using the service.
B. ask consumers to take steps to opt out.
C. be limited to persons of legal age.
D. be separate from general terms and conditions.
Correct Answer: D
QUESTION 139
Zero-knowledge proofs, secure multi-party computation, and homomorphic encryption are examples of:
A. privacy by design concepts.
B. privacy-enhancing technologies (PETs).
C. Zero Trust security technologies.
D. pseudonymization techniques.
Correct Answer: B
QUESTION 140
A multinational corporation is planning a big data initiative to help with critical business decisions. Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?
A. Perform data discovery.
B. De-identify all data.
C. Develop a data dictionary.
D. Encrypt all sensitive data.
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.