ISACA CDPSE 시험

Question No : 1

Which of the following poses the GREATEST privacy risk for client-side application processing?

• A.Failure of a firewall protecting the company network
• B.An employee loading personal information on a company laptop
• C.A remote employee placing communication software on a company server
• D.A distributed denial of service attack (DDoS) on the company network

답을 확인하기

정답:

Question No : 2

Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

• A.It increases system resiliency.
• B.It reduces external threats to data.
• C.It reduces exposure of data.
• D.It eliminates attack motivation for data.

답을 확인하기

정답:

Question No : 3

Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

• A.Maintenance of archived data
• B.Disclosure of how the data is analyzed
• C.Transparency about the data being collected
• D.Continuity with business requirements

답을 확인하기

정답:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-6/an-ethical-approach-to-data-privacy-protection

Question No : 4

Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?

• A.Web application firewall (WAF)
• B.Website URL blacklisting
• C.Domain name system (DNS) sinkhole
• D.Desktop antivirus software

답을 확인하기

정답:

Question No : 5

An organization is planning a new implementation for tracking consumer web browser activity .
Which of the following should be done FIRST?

• A.Seek approval from regulatory authorities.
• B.Conduct a privacy impact assessment (PIA).
• C.Obtain consent from the organization’s clients.
• D.Review and update the cookie policy.

답을 확인하기

정답:

Question No : 6

Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

• A.Degaussing the drive
• B.Factory resetting the drive
• C.Crypto-shredding the drive
• D.Reformatting the drive

답을 확인하기

정답:
Explanation:
Reference: https://allgreenrecycling.com/what-is-data-destruction/

Question No : 7

To ensure effective management of an organization’s data privacy policy, senior leadership MUST define:

• A.training and testing requirements for employees handling personal data.
• B.roles and responsibilities of the person with oversights.
• C.metrics and outcomes recommended by external agencies.
• D.the scope and responsibilities of the data owner.

답을 확인하기

정답:

Question No : 8

An organization wants to ensure that endpoints are protected in line with the privacy policy .
Which of the following should be the FIRST consideration?

• A.Detecting malicious access through endpoints
• B.Implementing network traffic filtering on endpoint devices
• C.Managing remote access and control
• D.Hardening the operating systems of endpoint devices

답을 확인하기

정답:

Question No : 9

It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?

• A.Application design
• B.Requirements definition
• C.Implementation
• D.Testing

답을 확인하기

정답:
Explanation:
Reference: https://securityboulevard.com/2019/10/incorporating-privacy-by-design-in-a-software-development-life-cycle/

Question No : 10

Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

• A.The right to object
• B.The right to withdraw consent
• C.The right to access
• D.The right to be forgotten

답을 확인하기

정답:
Explanation:
Reference: https://en.wikipedia.org/wiki/Right_to_be_forgotten

Question No : 11

Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

• A.Conduct an audit.
• B.Report performance metrics.
• C.Perform a control self-assessment (CSA).
• D.Conduct a benchmarking analysis.

답을 확인하기

정답:

Question No : 12

Which of the following is the BEST way to protect personal data in the custody of a third party?

• A.Have corporate counsel monitor privacy compliance.
• B.Require the third party to provide periodic documentation of its privacy management program.
• C.Include requirements to comply with the organization’s privacy policies in the contract.
• D.Add privacy-related controls to the vendor audit plan.

답을 확인하기

정답:
Explanation:
In GDPR parlance, organizations that use third-party service providers are often, but not always, considered data controllers, which are entities that determine the purposes and means of the processing of personal data, which can include directing third parties to process personal data on their behalf. The third parties that process data for data controllers are known as data processors.

Question No : 13

Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

• A.Detailed documentation of data privacy processes
• B.Strategic goals of the organization
• C.Contract requirements for independent oversight
• D.Business objectives of senior leaders

답을 확인하기

정답:
Explanation:
Reference: https://www.isaca.org/resources/isaca-journal/issues/2020/volume-5/building-a-privacy-culture

Question No : 14

An organization is concerned with authorized individuals accessing sensitive personal
customer information to use for unauthorized purposes .
Which of the following technologies is the BEST choice to mitigate this risk?

• A.Email filtering system
• B.Intrusion monitoring
• C.Mobile device management (MDM)
• D.User behavior analytics

답을 확인하기

정답:

Question No : 15

Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?

• A.Perform a privacy risk audit.
• B.Conduct a privacy risk assessment.
• C.Validate a privacy risk attestation.
• D.Conduct a privacy risk remediation exercise.

답을 확인하기

정답: