Jun-2022 Free CDPSE Test Questions Real Practice Test Questions [Q14-Q38]

admin CDPSE ISACA June 5, 2022

Rate this post

Jun-2022 Free CDPSE Test Questions Real Practice Test Questions

CDPSE Dumps Updated Jun 05, 2022 WIith 122 Questions

NEW QUESTION 14
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

Height, weight, and activities

Sleep schedule and calorie intake

Education and profession

Race, age, and gender

NEW QUESTION 15
A global organization is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries. Which of the following is the MOST important data protection consideration for this project?

Industry best practice related to information security standards in each relevant jurisdiction

Identity and access management mechanisms to restrict access based on need to know

Encryption algorithms for securing customer personal data at rest and in transit

National data privacy legislative and regulatory requirements in each relevant jurisdiction

NEW QUESTION 16
Which of the following should be done FIRST to establish privacy to design when developing a contact-tracing application?

Conduct a privacy impact assessment (PIA).

Conduct a development environment review.

Identify privacy controls for the application.

Identify differential privacy techniques.

NEW QUESTION 17
Which of the following is MOST likely to present a valid use case for keeping a customer’s personal data after contract termination?

For the purpose of medical research

A forthcoming campaign to win back customers

A required retention period due to regulations

Ease of onboarding when the customer returns

NEW QUESTION 18
Which of the following is the BEST way to limit the organization’s potential exposure in the event of consumer data loss while maintaining the traceability of the data?

De-identify the data.

Require a digital signature.

Use a unique hashing algorithm.

Encrypt the data at rest.

NEW QUESTION 19
What type of personal information can be collected by a mobile application without consent?

Full name

Geolocation

Phone number

Accelerometer data

NEW QUESTION 20
Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

Develop and communicate a data security plan.

Perform a privacy impact assessment (PIA).

Ensure strong encryption is used.

Conduct a security risk assessment.

NEW QUESTION 21
When using pseudonymization to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?

The data must be protected by multi-factor authentication.

The identifier must be kept separate and distinct from the data it protects.

The key must be a combination of alpha and numeric characters.

The data must be stored in locations protected by data loss prevention (DLP) technology.

NEW QUESTION 22
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

The right to object

The right to withdraw consent

The right to access

The right to be forgotten

NEW QUESTION 23
Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?

Approving privacy impact assessments (PIAs)

Validating the privacy framework

Managing privacy notices provided to customers

Establishing employee privacy rights and consent

NEW QUESTION 24
A software development organization with remote personnel has implemented a third-party virtualized workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?

The third-party workspace is hosted in a highly regulated jurisdiction.

Personal data could potentially be exfiltrated through the virtual workspace.

The organization’s products are classified as intellectual property.

There is a lack of privacy awareness and training among remote personnel.

NEW QUESTION 25
What is the BEST method to protect customers’ personal data that is forwarded to a central system for analysis?

Pseudonymization

Deletion

Encryption

Anonymization

NEW QUESTION 26
Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

Encrypting APIs with the organization’s private key

Requiring nondisclosure agreements (NDAs) when sharing APIs

Restricting access to authorized users

Sharing only digitally signed APIs

NEW QUESTION 27
Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

It increases system resiliency.

It reduces external threats to data.

It reduces exposure of data.

It eliminates attack motivation for data.

NEW QUESTION 28
Which of the following is the BEST approach to minimize privacy risk when collecting personal data?

Use a third party to collect, store, and process the data.

Collect data through a secure organizational web server.

Collect only the data necessary to meet objectives.

Aggregate the data immediately upon collection.

NEW QUESTION 29
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?

Access to personal data is not strictly controlled in development and testing environments.

Complex relationships within and across systems must be retained for testing.

Personal data across the various interconnected systems cannot be easily identified.

Data masking tools are complex and difficult to implement.

NEW QUESTION 30
Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

Chief data officer (CDO)

Privacy steering committee

Information security steering committee

Chief privacy officer (CPO)

NEW QUESTION 31
When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?

Accuracy

Granularity

Consistency

Reliability

NEW QUESTION 32
Before executive leadership approves a new data privacy policy, it is MOST important to ensure:

a training program is developed.

a privacy committee is established.

a distribution methodology is identified.

a legal review is conducted.

NEW QUESTION 33
Which of the following is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access?

Enable whole disk encryption on remote devices.

Purchase an endpoint detection and response (EDR) tool.

Implement multi-factor authentication.

Deploy single sign-on with complex password requirements.

NEW QUESTION 34
Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?

Review the privacy policy.

Obtain independent assurance of current practices.

Re-assess the information security requirements.

Validate contract compliance.

NEW QUESTION 35
Which of the following should be used to address data kept beyond its intended lifespan?

Data minimization

Data anonymization

Data security

Data normalization

NEW QUESTION 36
An organization is concerned with authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Which of the following technologies is the BEST choice to mitigate this risk?

Email filtering system

Intrusion monitoring

Mobile device management (MDM)

User behavior analytics

NEW QUESTION 37
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

Require security management to validate data privacy security practices.

Involve the privacy office in an organizational review of the incident response plan.

Hire a third party to perform a review of data privacy processes.

Conduct annual data privacy tabletop exercises.

NEW QUESTION 38
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

Data integrity and confidentiality

System use requirements

Data use limitation

Lawfulness and fairness