CDPSE Online Practice Questions and Answers

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

A. End users using weak passwords

B. Organizations using weak encryption to transmit data

C. Vulnerabilities existing in authentication pages

D. End users forgetting their passwords

Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?

A. Trusted zone

B. Clean zone

C. Raw zone

D. Temporal zone

Which of the following BEST supports an organization's efforts to create and maintain desired privacy protection practices among employees?

A. Skills training programs

B. Awareness campaigns

C. Performance evaluations

D. Code of conduct principles

Which of the following describes a user's "right to be forgotten"?

A. The data is being used to comply with legal obligations or the public interest.

B. The data is no longer required for the purpose originally collected.

C. The individual objects despite legitimate grounds for processing.

D. The individual's legal residence status has recently changed.

When choosing data sources to be used within a big data architecture, which of the following data attributes MUST be considered to ensure data is not aggregated?

A. Accuracy

B. Granularity

C. Consistency

D. Reliability

Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

A. Encrypting APIs with the organization's private key

B. Requiring nondisclosure agreements (NDAs) when sharing APIs

C. Restricting access to authorized users

D. Sharing only digitally signed APIs

Which of the following is the PRIMARY objective of privacy incident response?

A. To ensure data subjects impacted by privacy incidents are notified.

B. To reduce privacy risk to the lowest possible level

C. To mitigate the impact of privacy incidents

D. To optimize the costs associated with privacy incidents

A web-based payment service is adding a requirement for biometric authentication. Which risk factor is BEST mitigated by this practice?

A. User validation failures when reconnecting after lost sessions

B. Zero-day attacks and exploits

C. Identity spoofing by unauthorized users

D. Legal liability from the misuse of accounts

Which of the following would BEST enable a data warehouse to limit access to individual database objects?

A. Private storage volumes

B. Virtual private database

C. Database privacy firewall

D. Data control dictionary

Which of the following should be the FIRST consideration prior to implementing an audit trail of access to personal data?

A. Vulnerability and threat assessments

B. Service level agreements (SLAs)

C. Cost-benefit analysis

D. Sensitivity and regulatory requirements