Nest 0 Cart
Nest Account
Popular Exams
All Categories...
Nest
Nest 0
Contact
Log In / Sign Up
Copyright 2024 © store. All rights reserved.
Home ISACA CDPSE

ISACA CDPSE Exam Practice Questions (P. 1)

  • Full Access (337 questions)
  • Six months of Premium Access
  • Access to one million comments
  • Seamless ChatGPT Integration
  • Ability to download PDF files
  • Anki Flashcard files for revision
  • No Captcha & No AdSense
  • Advanced Exam Configuration
Get Contributor Access
Question #1
What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?
  1. A
    Cross-border data transfer
  2. B
    Support staff availability and skill set
  3. C
    User notification
  4. D
    Global public interest

Correct Answer: A ?️

Question #2
Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?
  1. A
    The applicable privacy legislation
  2. B
    The quantity of information within the scope of the assessment
  3. C
    The systems in which privacy-related data is stored
  4. D
    The organizational security risk profile

Correct Answer:
C

Question #3
Which of the following BEST represents privacy threat modeling methodology?
  1. A
    Mitigating inherent risks and threats associated with privacy control weaknesses
  2. B
    Systematically eliciting and mitigating privacy threats in a software architecture
  3. C
    Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities
  4. D
    Replicating privacy scenarios that reflect representative software usage

Correct Answer:
A

Question #4
An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to periods of retention for personal data?
  1. A
    Data archiving
  2. B
    Data storage
  3. C
    Data acquisition
  4. D
    Data input

Correct Answer:
A

Question #5
Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?
  1. A
    Review the privacy policy.
  2. B
    Obtain independent assurance of current practices.
  3. C
    Re-assess the information security requirements.
  4. D
    Validate contract compliance.

Correct Answer:
D

Question #6
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?
  1. A
    Segregation of duties
  2. B
    Unique user credentials
  3. C
    Two-person rule
  4. D
    Need-to-know basis

Correct Answer:
A

Question #7
Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?
  1. A
    Detailed documentation of data privacy processes
  2. B
    Strategic goals of the organization
  3. C
    Contract requirements for independent oversight
  4. D
    Business objectives of senior leaders

Correct Answer:
B

Question #8
Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?
  1. A
    Providing system engineers the ability to search and retrieve data
  2. B
    Allowing individuals to have direct access to their data
  3. C
    Allowing system administrators to manage data access
  4. D
    Establishing a data privacy customer service bot for individuals

Correct Answer:
B

Question #9
Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?
  1. A
    The service provider has denied the organization’s request for right to audit.
  2. B
    Personal data stored on the cloud has not been anonymized.
  3. C
    The extent of the service provider’s access to data has not been established.
  4. D
    The data is stored in a region with different data protection requirements.

Correct Answer:
D

Question #10
When configuring information systems for the communication and transport of personal data, an organization should:
  1. A
    adopt the default vendor specifications.
  2. B
    review configuration settings for compliance.
  3. C
    implement the least restrictive mode.
  4. D
    enable essential capabilities only.

Correct Answer:
B

Next Questions

All Pages