Of the following, who should be PRIMARILY accountable for creating an organization's privacy management strategy?
A. Chief data officer (CDO)
B. Privacy steering committee
C. Information security steering committee
D. Chief privacy officer (CPO)
Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?
A. End users using weak passwords
B. Organizations using weak encryption to transmit data
C. Vulnerabilities existing in authentication pages
D. End users forgetting their passwords
Which of the following should be used to address data kept beyond its intended lifespan?
A. Data minimization
B. Data anonymization
C. Data security
D. Data normalization
Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?
A. Compartmentalizing resource access
B. Regular testing of system backups
C. Monitoring and reviewing remote access logs
D. Regular physical and remote testing of the incident response plan
A multinational corporation is planning a big data initiative to help with critical business decisions. Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?
A. De-identify all data.
B. Develop a data dictionary.
C. Encrypt all sensitive data.
D. Perform data discovery.
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
A. The right to object
B. The right to withdraw consent
C. The right to access
D. The right to be forgotten
Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?
A. The user's ability to select, filter, and transform data before it is shared
B. Umbrella consent for multiple applications by the same developer
C. User consent to share personal data
D. Unlimited retention of personal data by third parties
A data subject's ability to securely obtain and reuse personal data for their own purposes across different services is known as the right to:
A. data portability.
B. data sanitization.
C. data limitation.
D. data protection.
Which of the following is the BEST example of risk-based data protection?
A. Data encryption
B. Data segmentation
C. Transit-layer encryption
D. Data partitioning
An organization is designing a new human resources (HR) system. Which of the following should be implemented to BEST enable detection of unauthorized access to personal data?
A. Data loss prevention (DLP) solution
B. Security information and event management (SIEM) solution
C. Vulnerability scanning and management software
D. Web application firewall (WAF)
