QUESTION 161
Of the following, who is BEST suited to verify the quality of personal data following a merger and acquisition integration?
A. Database administrator (DBA)
B. Data owner
C. Data processor
D. Data migration team
Correct Answer: B
QUESTION 162
Which privacy-enhancing technology (PET) BEST enables third parties to process and manipulate data in its encrypted form?
A. Secure enclaves
B. End-to-end encryption
C. Homomorphic encryption
D. Federated learning
Correct Answer: C
QUESTION 163
Which of the following is the GREATEST benefit of adopting data minimization practices?
A. Storage and encryption costs are reduced.
B. The associated threat surface is reduced.
C. Compliance requirements are met.
D. Data retention efficiency is enhanced.
Correct Answer: B
QUESTION 164
Which of the following is the FIRST step to protect data subject privacy when planning the deployment of a public monitoring system?
A. Inform data protection authorities.
B. Draft a privacy breach response plan.
C. Conduct a privacy impact assessment (PIA).
D. Inform the public of the project.
Correct Answer: C
QUESTION 165
Which of the following is the MOST important privacy consideration when selecting a system architecture for a human resources information system?
A. Compliance requirements for system monitoring
B. Regulatory requirements for data protection
C. Business requirements for system functionality
D. IT requirements for system maintenance and support
Correct Answer: B
QUESTION 166
Which of the following is the MOST important function of a solution that manages the consent of subjects browsing an organization’s website, particularity concerning the handling of personal data?
A. Processing data according to user preferences
B. Deleting personal data when consent is withdrawn
C. Ensuring strict access controls
D. Ensuring data encryption
Correct Answer: A
QUESTION 167
Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?
A. Conduct an audit.
B. Conduct a benchmarking analysis.
C. Perform a control self-assessment (CSA).
D. Report performance metrics.
Correct Answer: A
QUESTION 168
An organization hosts data collected from its customers in the cloud and needs accurate data processing from its third parties without disclosing sensitive data. Which of the following privacy-enhancing technologies (PETS) is MOST appropriate for this situation?
A. Zero-knowledge proofs
B. Communication anonymizer
C. Trusted execution environments
D. Homomorphic encryption
Correct Answer: D
QUESTION 169
Which of the following is the BEST method for data protection throughout the technology stack?
A. Hashing
B. Encryption
C. Obfuscation
D. Tokenization
Correct Answer: B
QUESTION 170
Which of the following is MOST important to consider when setting priorities for privacy data management objectives?
A. IT portfolios
B. Technical vulnerabilities
C. Industry benchmarks
D. Business strategies
Correct Answer: D
QUESTION 171
Which of the following metrics is BEST to use for assessing the effectiveness of a privacy training program?
A. Improvement in employee exam scores after training
B. Percentage of employees that completed privacy training
C. Number of privacy training sessions conducted annually
D. Increase in the number of reported privacy incidents
Correct Answer: A
QUESTION 172
Which of the following is the PRIMARY reason to establish maximum idle virtual private network (VPN) times?
A. To protect data from unauthorized access
B. To improve system performance
C. To prevent online tracking or monitoring
D. To limit the number of concurrent licenses
Correct Answer: A
QUESTION 173
Which of the following is the MOST secure method for receiving personal data from potential customers via a web form?
A. File Transfer Protocol (FTP)
B. Transmission Control Protocol/Internet Protocol (TCP/P)
C. Hypertext Transmission Protocol Secure (HTTPS)
D. Secure File Transfer Protocol (SFTP)
Correct Answer: C
QUESTION 174
An assessment of an organization’s cloud infrastructure has determined that for some services, the metadata of some transactions is transmitted through different jurisdictions. Which of the following should be done FIRST?
A. Invoke the privacy incident response plan.
B. Assess the mitigating controls in place to protect metadata.
C. Review the organization’s risk appetite and tolerance.
D. Assess the risk associated with the metadata being transmitted.
Correct Answer: D
QUESTION 175
Which of the following metrics would BEST demonstrate how privacy compliance can be achieved throughout the supply chain?
A. The number of reported privacy violations at third-party vendors
B. The average time taken to process and fulfill data subject rights
C. The number of privacy audits conducted on third-party vendors
D. The number of projects that undergo a privacy impact assessment (PIA)
Correct Answer: C
QUESTION 176
Which of the following BEST mitigates the risk associated with credential-based attacks?
A. Multi-factor authentication (MFA)
B. Complex passwords
C. Intruder lockout functionality
D. Password expiration policy
Correct Answer: A
QUESTION 177
Which of the following is MOST important for employees to know when utilizing a public generative Al model?
A. Performance will be optimized through trying multiple large language models (LLMs).
B. The model’s results should not be fully trusted.
C. Data quality will improve as more information is loaded into the model.
D. Personal information should not be uploaded into the model.
Correct Answer: D
QUESTION 178
A privacy practitioner has recommended new techniques that add noise to the output of an Al model in order to protect data privacy. Which of the following techniques is the practitioner utilizing?
A. Pseudonymization
B. Model poisoning
C. K-anonymity
D. Differential privacy
Correct Answer: D
QUESTION 179
When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?
A. Data residing in another country
B. Privacy training for backup users
C. Data classification labeling
D. Volume of data stored
Correct Answer: A
QUESTION 180
Which of the following is MOST important to include in the consent statement of a membership application?
A. The names of all third parties and the purpose for sharing personal data
B. Default consent for notification of future products and services
C. The collection of telemetry data to improve products and services
D. The terms and conditions for the application
Correct Answer: A
We use cookies to improve your experience, including essential cookies required for the website to function. By continuing, you agree to our use of cookies. Learn more.
We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.
Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.
Advertisement cookies are used to provide visitors with customised advertisements based on the pages you visited previously and to analyse the effectiveness of the ad campaigns.
Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.