What Validated CDPSE Test Is

NEW QUESTION 1
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

• A. The right to object
• B. The right to withdraw consent
• C. The right to access
• D. The right to be forgotten

Answer: D

NEW QUESTION 2
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?

• A. Accuracy
• B. Granularity
• C. Consistency
• D. Reliability

Answer: B

NEW QUESTION 3
An organization’s data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

• A. Low-level formatting
• B. Remote partitioning
• C. Degaussing
• D. Hammer strike

Answer: A

NEW QUESTION 4
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?

• A. Application design
• B. Requirements definition
• C. Implementation
• D. Testing

Answer: D

NEW QUESTION 5
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

• A. Evaluate the impact resulting from this change.
• B. Revisit the current remote working policies.
• C. Implement a virtual private network (VPN) tool.
• D. Enforce multi-factor authentication for remote access.

Answer: B

NEW QUESTION 6
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?

• A. Detecting malicious access through endpoints
• B. Implementing network traffic filtering on endpoint devices
• C. Managing remote access and control
• D. Hardening the operating systems of endpoint devices

Answer: B

NEW QUESTION 7
Before executive leadership approves a new data privacy policy, it is MOST important to ensure:

• A. a training program is developed.
• B. a privacy committee is established.
• C. a distribution methodology is identified.
• D. a legal review is conducted.

Answer: B

NEW QUESTION 8
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

• A. The system architecture is clearly defined.
• B. A risk assessment has been completed.
• C. Security controls are clearly defined.
• D. Data protection requirements are included.

Answer: D

NEW QUESTION 9
Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?

• A. Web application firewall (WAF)
• B. Website URL blacklisting
• C. Domain name system (DNS) sinkhole
• D. Desktop antivirus software

Answer: A

NEW QUESTION 10
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

• A. Require security management to validate data privacy security practices.
• B. Involve the privacy office in an organizational review of the incident response plan.
• C. Hire a third party to perform a review of data privacy processes.
• D. Conduct annual data privacy tabletop exercises.

Answer: A

Explanation:
Because many privacy incidents are also security incidents, the development of a privacy incident response plan should be performed in close cooperation with the security manager to avoid duplication of effort and to utilize existing response plan resources and practices.

NEW QUESTION 11
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

• A. To assess privacy risks
• B. To evaluate effectiveness of data controls
• C. To determine data integration gaps
• D. To comply with regulations

Answer: A

NEW QUESTION 12
Which of the following is the MOST important consideration when determining retention periods for personal data?

• A. Sectoral best practices for the industry
• B. Notice provided to customers during data collection
• C. Data classification standards
• D. Storage capacity available for retained data

Answer: A

NEW QUESTION 13
Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?

• A. Perform a privacy risk audit.
• B. Conduct a privacy risk assessment.
• C. Validate a privacy risk attestation.
• D. Conduct a privacy risk remediation exercise.

Answer: A

NEW QUESTION 14
Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

• A. The service provider has denied the organization’s request for right to audit.
• B. Personal data stored on the cloud has not been anonymized.
• C. The extent of the service provider’s access to data has not been established.
• D. The data is stored in a region with different data protection requirements.

Answer: D

NEW QUESTION 15
Which of the following is MOST important when developing an organizational data privacy program?

• A. Obtaining approval from process owners
• B. Profiling current data use
• C. Following an established privacy framework
• D. Performing an inventory of all data

Answer: D

NEW QUESTION 16
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

• A. Data integrity and confidentiality
• B. System use requirements
• C. Data use limitation
• D. Lawfulness and fairness

Answer: A

NEW QUESTION 17
Which of the following protocols BEST protects end-to-end communication of personal data?

• A. Transmission Control Protocol (TCP)
• B. Transport Layer Security Protocol (TLS)
• C. Secure File Transfer Protocol (SFTP)
• D. Hypertext Transfer Protocol (HTTP)

Answer: B

NEW QUESTION 18
Which of the following describes a user’s “right to be forgotten”?

• A. The data is being used to comply with legal obligations or the public interest.
• B. The data is no longer required for the purpose originally collected.
• C. The individual objects despite legitimate grounds for processing.
• D. The individual’s legal residence status has recently changed.

Answer: A

NEW QUESTION 19
Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

• A. Detailed documentation of data privacy processes
• B. Strategic goals of the organization
• C. Contract requirements for independent oversight
• D. Business objectives of senior leaders

Answer: B

NEW QUESTION 20
Which of the following MUST be available to facilitate a robust data breach management response?

• A. Lessons learned from prior data breach responses
• B. Best practices to obfuscate data for processing and storage
• C. An inventory of previously impacted individuals
• D. An inventory of affected individuals and systems

Answer: A

NEW QUESTION 21
......