Certified Data Privacy Solutions Engineer v1.0
Question 1
Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
- A. The organization lacks a hardware disposal policy.
- B. Emails are not consistently encrypted when sent internally.
- C. Privacy training is carried out by a service provider.
- D. The organization’s privacy policy has not been reviewed in over a year.
Answer : D
Question 2
Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?
- A. Offline backup availability
- B. Recovery time objective (RTO)
- C. Recovery point objective (RPO)
- D. Online backup frequency
Answer : A
Question 3
In which of the following should the data record retention period be defined and established?
- A. Data record model
- B. Data recovery procedures
- C. Data quality standard
- D. Data management plan
Answer : D
Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/an-introduction-to-digital-records-management
Question 4
When tokenizing credit card data, what security practice should be employed with the original data before it is stored in a data lake?
- A. Encoding
- B. Backup
- C. Encryption
- D. Classification
Answer : C
Reference: https://cpl.thalesgroup.com/faq
Question 5
Which key stakeholder within an organization should be responsible for approving the outcomes of a privacy impact assessment (PIA)?
- A. Data custodian
- B. Privacy data analyst
- C. Data processor
- D. Data owner
Answer : D
Reference: https://ico.org.uk/media/1042196/trilateral-full-report.pdf
Question 6
Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?
- A. Limited functions and capabilities of a secured operating environment
- B. Monitored network activities for unauthorized use
- C. Improved data integrity and reduced effort for privacy audits
- D. Unlimited functionalities and highly secured applications
Answer : B
Question 7
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
- A. Require security management to validate data privacy security practices.
- B. Involve the privacy office in an organizational review of the incident response plan.
- C. Hire a third party to perform a review of data privacy processes.
- D. Conduct annual data privacy tabletop exercises.
Answer : B
Question 8
Which of the following is MOST important when developing an organizational data privacy program?
- A. Obtaining approval from process owners
- B. Profiling current data use
- C. Following an established privacy framework
- D. Performing an inventory of all data
Answer : B
Question 9
Which of the following should be considered personal information?
- A. Biometric records
- B. Company address
- C. University affiliation
- D. Age
Answer : A
Question 10
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?
- A. Evaluate the impact resulting from this change.
- B. Revisit the current remote working policies.
- C. Implement a virtual private network (VPN) tool.
- D. Enforce multi-factor authentication for remote access.
Answer : B
Question 11
When using anonymization techniques to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
- A. The key must be kept separate and distinct from the data it protects.
- B. The data must be protected by multi-factor authentication.
- C. The key must be a combination of alpha and numeric characters.
- D. The data must be stored in locations protected by data loss prevention (DLP) technology.
Answer : D
Reference: https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/data-loss-preventionnext-steps
Question 12
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?
- A. Privacy rights advocate
- B. Outside privacy counsel
- C. Data protection authorities
- D. The organization’s chief privacy officer (CPO)
Answer : C
Question 13
Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
- A. Understanding the data flows within the organization
- B. Implementing strong access controls on a need-to-know basis
- C. Anonymizing privacy data during collection and recording
- D. Encrypting the data throughout its life cycle
Answer : A
Reference: https://www.isaca.org/resources/isaca-journal/past-issues/2010/data-governance-for-privacy-confidentiality-and-compliance-a-holistic-approach
Question 14
Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?
- A. Online behavioral tracking
- B. Radio frequency identification (RFID)
- C. Website cookies
- D. Beacon-based tracking
Answer : C
Question 15
Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?
- A. Develop and communicate a data security plan.
- B. Perform a privacy impact assessment (PIA).
- C. Ensure strong encryption is used.
- D. Conduct a security risk assessment.
Answer : B