QUESTION 141
Which of the following is the MOST important course of action to establish an effective process for identifying and managing privacy risk across an organization?
A. Develop a privacy risk register.
B. Document risk management procedures.
C. Implement a risk management framework.
D. Raise privacy risk awareness within the organization.
Correct Answer: C
QUESTION 142
Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?
A. Conduct a benchmarking analysis.
B. Conduct an audit.
C. Report performance metrics.
D. Perform a control self-assessment (CSA).
Correct Answer: B
QUESTION 143
Which of the following domains is the foundation for the execution of all other security and privacy operations?
A. Incident management
B. Change management
C. Vulnerability management
D. Asset management
Correct Answer: D
QUESTION 144
A material finding related to the integrity of personal data was discovered during a privacy audit. Which of the following should the privacy practitioner do FIRST?
A. Update the associated data privacy policy.
B. Discuss the matter with the board.
C. Determine the impact to data subjects.
D. Draft a corrective plan for management.
Correct Answer: C
QUESTION 145
When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?
A. Data classification labeling
B. Volume of data stored
C. Data residing in another country
D. Privacy training for backup users
Correct Answer: C
QUESTION 146
During which of the following system life cycle stages is it BEST to identify privacy controls for a machine learning (ML) model that consumes personal data?
A. System deployment
B. System security testing
C. Algorithm design
D. Functional testing
Correct Answer: C
QUESTION 147
Which of the following is MOST important to ensure when reviewing strategic customer decisions driven by predictive Al?
A. Results are verified by a human in the loop.
B. The organization is using a private large language model (LLM).
C. Creativity levels are lowered to reduce hallucinations.
D. The speed of models can be leveraged to expedite business decisions.
Correct Answer: A
QUESTION 148
It is MOOT important to consider privacy by design principles during which phase of the software development life cycle?
A. Implementation
B. Requirements definition
C. Testing
D. Application design
Correct Answer: B
QUESTION 149
An assessment of an organization’s cloud infrastructure has determined that for some services, the metadata of some transactions is transmitted through different jurisdictions. Which of the following should be done FIRST?
A. Assess the risk associated with the metadata being transmitted.
B. Invoke the privacy incident response plan.
C. Assess the mitigating controls in place to protect metadata.
D. Review the organization’s risk appetite and tolerance.
Correct Answer: A
QUESTION 150
Which of the following is the PRIMARY reason asset management is important to a privacy program?
A. It enables data to be stored on approved resources.
B. It enables effective incident response.
C. It ensures employees are working from assigned locations.
D. It ensures data is deleted when an employee resigns.
Correct Answer: B
QUESTION 151
An organization is planning to implement an IT solution based on Internet of Things (IoT) tracking technology. Which of the following is the GREATEST risk associated with this solution?
A. Use of the technology may lead to loss of collected information.
B. Data collected by the solution could be complicated to govern due to its volume.
C. The technology may share personal information from users.
D. The accuracy of collected information could be unreliable.
Correct Answer: C
QUESTION 152
During which stage of the software development life cycle is it MOST critical to conduct a privacy impact assessment (PIA)?
A. Development
B. Implementation
C. Planning
D. Testing
Correct Answer: C
QUESTION 153
Which of the following can BEST identify failures of enterprise architecture (EA) to support privacy by design principles?
A. Privacy impact assessment (PIA)
B. Control self-assessment (CSA)
C. Penetration test
D. Independent audit process
Correct Answer: A
QUESTION 154
A privacy practitioner has been asked to develop a privacy program for a client that has new privacy requirements due to its expansion into a new geographic region. Which of the following is the privacy practitioner’s BEST course of action?
A. Document privacy impacts on the organization.
B. Conduct employee training on the new requirements.
C. Identify relevant regulatory requirements.
D. Update the operating privacy framework.
Correct Answer: C
QUESTION 155
Which of the following is the BEST approach for an organization looking to share privacy risk?
A. Signing contracts with third parties accessing personal information
B. Engaging a third-party audit firm
C. Implementing service level agreements (SLAs)
D. Implementing privacy notice and consent mechanisms
Correct Answer: A
QUESTION 156
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?
A. To determine data integration gaps
B. To evaluate effectiveness of data controls
C. To assess privacy risks
D. To comply with regulations
Correct Answer: C
QUESTION 157
Which of the following strategies BEST mitigates the risks associated with exploiting the capabilities of generative Al for cyberattacks?
A. Implementing robust data validation techniques
B. Reducing the use of generative Al to minimize risks
C. Promoting generative Al awareness campaigns
D. Implementing controls to prevent hallucinations
Correct Answer: A
QUESTION 158
In a system implementation project where production data must be used for testing, which of the following practices would MOST effectively protect customer data privacy?
A. Data minimization
B. Data cleansing
C. Data classification
D. Data obfuscation
Correct Answer: D
QUESTION 159
Which of the following is a privacy-enhancing technology (PET)?
A. Scalability planning solution
B. Data normalization software
C. Usage of low code platforms
D. Synthetic data generator
Correct Answer: D
QUESTION 160
In a contract for cloud services, whom should a cloud provider agree to notify in the event of a personal data breach?
A. Its client’s end users
B. Its client’s regulatory authority
C. Its client
D. Its client’s insurance carrier
Correct Answer: C
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.