Which of the following is the GREATEST privacy concern for an organization implementing endpoint detection response (EDR) tools on employee laptops?
ALack of an acknowledged user acceptance policy
BUnclear monitoring scope
CPoor controls on privileged access to EDR tools
DLack of up-to-date EDR capability on employee laptops
Which of the following BEST facilitates a privacy impact assessment (PIA)?
ACreating an information flow and repository to identify personal data being collected
BProviding privacy and awareness training for project managers and system owners
CComparing current privacy policies and procedures to industry benchmarks
DIdentifying key systems used for processing and storing personal data
Which of the following BEST represents privacy threat modeling methodology?
AMitigating inherent risks and threats associated with privacy control weaknesses
BSystematically eliciting and mitigating privacy threats in a software architecture
CReliably estimating a threat actor’s ability to exploit privacy vulnerabilities
DReplicating privacy scenarios that reflect representative software usage
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
ARequire security management to validate data privacy security practices.
BInvolve the privacy office in an organizational review of the incident response plan.
CHire a third party to perform a review of data privacy processes.
DConduct annual data privacy tabletop exercises.
Which of the following is MOST important when developing an organizational data privacy program?
AObtaining approval from process owners
BProfiling current data use
CFollowing an established privacy framework
DPerforming an inventory of all data
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
AApplication design
BRequirements definition
CImplementation
DTesting
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?
ATo comply with consumer regulatory requirements
BTo establish privacy breach response procedures
CTo classify personal data
DTo understand privacy risks
Which of the following is the BEST way to convert personal information to non-personal information?
AEncryption
BPseudonymization
CHashing
DAnonymization
What is the BEST method for protecting data transmissions to devices in the field?
AMulti-factor authentication
BTransport Layer Security (TLS)
CApplication level authentication
DHypertext Transfer Protocol Secure (HTTPS)
Which of the following is the BEST control to detect potential internal breaches of personal data?
AData loss prevention (DLP) systems
BClassification of data
CEmployee background checks
DUser behavior analytics tools
Which of the following is the BEST way to ensure third-party providers that process an organization's personal data are addressed as part of the data privacy strategy?
ARequire service level agreements (SLAs) to ensure data integrity while safeguarding confidentiality.
BRequire data dictionaries from service providers that handle the organization's personal data.
COutsource personal data processing to the same third party.
DRequire independent audits of the providers' data privacy controls.
Which of the following is the BEST indication of a highly effective privacy training program?
AMembers of the workforce understand their roles in protecting data privacy.
BHR has made privacy training an annual mandate for the organization.
CRecent audits have no findings or recommendations related to data privacy.
DNo privacy incidents have been reported in the last year.
An organization decides to outsource its customer personal data analytics to a third party to understand spending habits. Which of the following is the MOST important contractual consideration?
APlatform architecture used to process the data
BTerms for continuous monitoring of the vendor
CClearly defined data responsibilities of all parties
DThe vendor's vulnerability management program
Which of the following is the BEST way to address threats to mobile device privacy when using beacons as a tracking technology?
ADisable location services.
BEnable Trojan scanners.
CEnable antivirus for mobile devices.
DDisable Bluetooth services.
Which of the following is the BEST method of data sanitization when there is a need to balance the destruction of data and the ability to recycle IT assets?
AFactory reset
BDegaussing
CCryptographic erasure
DData deletion
Which of the following is MOST important to ensure when reviewing processes associated with the destruction of data?
AThe destruction of data is performed on site.
BThe destruction of data is witnessed.
CThe destruction is performed by a certified provider.
DThe destruction method is approved by the data owner.
Which of the following should be the PRIMARY consideration when evaluating transaction-based cloud solutions?
AService level agreements (SLAs)
BJoint data protection responsibilities
CData protection capabilities
DElasticity of the service offerings
Which of the following is MOST important to address in a privacy policy with respect to big data repositories of sales information?
AOverall data management strategy
BEncryption of data at rest
CTransparency with customers
DRetention of archived information
Which of the following is the PRIMARY privacy concern with the use of a data lake containing transaction data, including personal data?
AThe data lake retains all the organization's data.
BThe data lake supports all operational users.
CThe data lake receives data from all data sources.
DThe data lake supports all types of data structures.
Which of the following needs to be identified FIRST to define the privacy requirements to use when assessing the selection of IT systems?
AType of data being processed
BApplicable control frameworks
CApplicable privacy legislation
DAvailable technology platforms
Which of the following is defined and implemented to ensure organizational data privacy protection arrangements are maintained and enforced regardless of jurisdiction?
ARules for data subject requests
BBinding corporate rules
CPrivacy notice and consent rules
DRules for managing complaints
Which of the following is the MOST effective way to support organizational privacy awareness objectives?
AFunding in-depth training and awareness education for data privacy staff
BImplementing an annual training certification process
CIncluding mandatory awareness training as part of performance evaluations
DCustomizing awareness training by business unit function
In a contract for cloud services, whom should a cloud provider agree to notify in the event of a personal data breach?
AIts client’s end users
BIts client’s insurance carrier
CIts client’s regulatory authority
DIts client
As part of a major data discovery initiative to identify personal data across the organization, the project team has identified the proliferation of personal data held as unstructured data as a major risk. What should be done FIRST to address this situation?
AIdentify sensitive unstructured data at the point of creation.
BClassify sensitive unstructured data.
CIdentify who has access to sensitive unstructured data.
DAssign an owner to sensitive unstructured data.
Which of the following should be done FIRST to establish privacy by design when developing a contact-tracing application?
Preview
