CDPSE Online Practice Questions and Answers

Which of the following BEST represents privacy threat modeling methodology?

A. Mitigating inherent risks and threats associated with privacy control weaknesses

B. Systematically eliciting and mitigating privacy threats in a software architecture

C. Reliably estimating a threat actor's ability to exploit privacy vulnerabilities

D. Replicating privacy scenarios that reflect representative software usage

What type of personal information can be collected by a mobile application without consent?

A. Full name

B. Geolocation

C. Phone number

D. Accelerometer data

Which of the following is an IT privacy practitioner's BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?

A. Tokenization

B. Aggregation

C. Anonymization

D. Encryption

Information should only be considered personal information if it:

A. relates directly or indirectly to an individual.

B. appears in a digital or electronic format.

C. is classified as sensitive and confidential.

D. is objectively accurate or verifiable.

Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?

A. Including mandatory compliance language in the request for proposal (RFP)

B. Conducting a risk assessment of all candidate vendors

C. Requiring candidate vendors to provide documentation of privacy processes

D. Obtaining self-attestations from all candidate vendors

What is the BEST method for protecting data transmissions to devices in the field?

A. Multi-factor authentication

B. Transport Layer Security (TLS)

C. Application level authentication

D. Hypertext Transfer Protocol Secure (HTTPS)

To ensure security when accessing personal data from a corporate website, which of the following is a prerequisite to implementing Hypertext Transfer Protocol Secure (HTTPS)?

A. Virtual private network (VPN)

B. Load balancer

C. Firewall

D. Transport Layer Security (TLS)

Which of the following is MOST important to consider when setting priorities for privacy data management objectives?

A. IT portfolios

B. Industry benchmarks

C. Business strategies

D. Technical vulnerabilities

Which of the following is the BEST course of action to manage privacy risk when a significant vulnerability is identified in the operating system (OS) that supports an organization's customer relationship management (CRM) system?

A. Apply OS patching to fix the vulnerability immediately.

B. Manage system permissions and access more strictly.

C. Enable comprehensive logging of activities at the OS level.

D. Perform a vulnerability assessment to determine the impact.

To increase productivity, an organization is planning to implement movement tracking devices in the vehicles of field employees. Which of the following MUST be in place before installing the devices?

A. Bring your own device (BYOD) policy

B. Mobile device management (MDM)

C. Location accuracy mechanisms

D. End user agreements