Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CDPSEFree trial

By isaca

Verified

25Q per page

Question 26

Which of the following is the BEST way to explain the difference between data privacy and data security?

A: Data privacy protects users from unauthorized disclosure, while data security prevents compromise.
B: Data privacy protects the data subjects, while data security is about protecting critical assets.
C: Data privacy is about data segmentation, while data security prevents unauthorized access.
D: Data privacy stems from regulatory requirements, while data security focuses on consumer rights.

—

Question 27

Which of the following should trigger a review of an organization's privacy policy?

A: Backup procedures for customer data are changed.
B: Data loss prevention (DLP) incidents increase.
C: An emerging technology will be implemented.
D: The privacy steering committee adopts a new charter.

—

Question 28

Which of the following BEST ensures an organization’s data retention requirements will be met in the public cloud environment?

A: Service level agreements (SLAs)
B: Cloud vendor agreements
C: Data classification schemes
D: Automated data deletion schedules

—

Question 29

A web-based payment service is adding a requirement for biometric authentication. Which risk factor is BEST mitigated by this practice?

A: User validation failures when reconnecting after lost sessions
B: Zero-day attacks and exploits
C: Identity spoofing by unauthorized users
D: Legal liability from the misuse of accounts

—

Question 30

Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?

A: Data taxonomy
B: Data classification
C: Data flows
D: Data collection

—

Question 31

Which of the following should be the FIRST consideration when selecting a data sanitization method?

A: Risk tolerance
B: Implementation cost
C: Industry standards
D: Storage type

—

Question 32

Which of the following is the MOST critical action for an organization prior to tracking user activity in its applications?

A: Providing notification to users of the organization’s privacy policies
B: Establishing a data classification scheme
C: Identifying and validating users’ countries of residence
D: Requesting users to read and accept the organization's privacy notice

—

Question 33

Which of the following is the MOST important privacy consideration for video surveillance in high security areas?

A: Video surveillance recordings may only be viewed by the organization.
B: There is no limitation for retention of this data.
C: Video surveillance data must be stored in encrypted format.
D: Those affected must be informed of the video surveillance.

—

Question 34

What should a sender do to send a recipient a file of personal data using asymmetric encryption?

A: Recipient's private key is used to encrypt; recipient's public key is used to decrypt.
B: Sender’s public key is used to encrypt; recipient's public key is used to decrypt.
C: Recipient's public key is used to encrypt; recipient's private key is used to decrypt.
D: Recipient's private key is used to encrypt; sender’s public key is used to decrypt.

—

Question 35

Which of the following MUST be included in a contract with a vendor that will be processing personal data?

A: A clause to hash all data that is processed or stored by the vendor
B: A clause to prohibit the vendor from sending data to third parties
C: A clause to report breaches in a timely manner to the organization
D: A clause to require the vendor to comply with industry best practices

—

Question 36

The identification of all data recipients in a privacy notice to website visitors reflects which privacy principle?

A: Accuracy
B: Consent
C: Integrity
D: Transparency

—

Question 37

Which of the following system architectures BEST supports anonymity for data transmission?

A: Client-server
B: Plug-in-based
C: Front-end
D: Peer-to-peer

—

Question 38

Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?

A: Including mandatory compliance language in the request for proposal (RFP)
B: Conducting a risk assessment of all candidate vendors
C: Requiring candidate vendors to provide documentation of privacy processes
D: Obtaining self-attestations from all candidate vendors

—

Question 39

An organization decides to outsource its customer personal data analytics to a third party to understand spending habits. Which of the following is the MOST important contractual consideration?

A: Platform architecture used to process the data
B: Terms for continuous monitoring of the vendor
C: Clearly defined data responsibilities of all parties
D: The vendor's vulnerability management program

—

Question 40

Which of the following is the BEST way to address threats to mobile device privacy when using beacons as a tracking technology?

A: Disable location services.
B: Enable Trojan scanners.
C: Enable antivirus for mobile devices.
D: Disable Bluetooth services.

—

Question 41

Which of the following is the BEST indication of a highly effective privacy training program?

A: Members of the workforce understand their roles in protecting data privacy.
B: HR has made privacy training an annual mandate for the organization.
C: Recent audits have no findings or recommendations related to data privacy.
D: No privacy incidents have been reported in the last year.

—

Question 42

Which of the following is the BEST way to convert personal information to non-personal information?

A: Encryption
B: Pseudonymization
C: Hashing
D: Anonymization

—

Question 43

What is the BEST method for protecting data transmissions to devices in the field?

A: Multi-factor authentication
B: Transport Layer Security (TLS)
C: Application level authentication
D: Hypertext Transfer Protocol Secure (HTTPS)

—

Question 44

Which of the following is the BEST way for an organization to gain visibility into its exposure to privacy-related vulnerabilities?

A: Review historical privacy incidents in the organization.
B: Monitor inbound and outbound communications.
C: Perform an analysis of known threats.
D: Implement a data loss prevention (DLP) solution.

—

Question 45

Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

A: Chief data officer (CDO)
B: Privacy steering committee
C: Information security steering committee
D: Chief privacy officer (CPO)

—

Question 46

Which of the following is the BEST control to detect potential internal breaches of personal data?

A: Data loss prevention (DLP) systems
B: Classification of data
C: Employee background checks
D: User behavior analytics tools

—

That’s the end of your free questions

You’ve reached the preview limit for CDPSE

Consider upgrading to gain full access!

Page 2 of 10 • Questions 26-50 of 229

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!