When is the BEST time during the secure development life cycle to perform privacy threat modeling?
Which of the following is the BEST indication of an effective records management program for personal data?
Which of the following is MOST important when developing an organizational data privacy program?
What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?
Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?
When using pseudonymization to prevent unauthorized access to personal data, which of the following is the MOST important consideration to ensure the data is adequately protected?
Which of the following is the BEST way for senior management to verify the success of its commitment to privacy by design?
Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?
Which of the following is the MOST effective way to support organizational privacy awareness objectives?
A mortgage lender has created an online application that collects borrower information and delivers a mortgage decision automatically based on criteria set by the
lender. Which fundamental data subject right does this process infringe upon?
Which of the following MUST be available to facilitate a robust data breach management response?
Which of the following helps define data retention time is a stream-fed data lake that includes personal data?
Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?
Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?
Which of the following is the BEST indication of a highly effective privacy training program?
Which of the following is the BEST approach to minimize privacy risk when collecting personal data?
Which of the following helps to ensure the identities of individuals in two-way communication are verified?
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content
viewed, and the time and duration of online activities. Which data protection principle is applied?
Which of the following helps define data retention time in a stream-fed data lake that includes personal data?
When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?
Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?
Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?
Which of the following is the BEST practice to protect data privacy when disposing removable backup media?
Which of the following MOST significantly impacts an organization's ability to respond to data subject access requests?
The BEST way for a multinational organization to ensure the comprehensiveness of its data privacy policy is to perform an annual review of changes to privacy
regulations in.
Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?
Which of the following is MOST important to establish within a data storage policy to protect data privacy?
An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?
How can an organization BEST ensure its vendors are complying with data privacy requirements defined in their contracts?
A global organization is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries. Which of the following is the MOST important data protection consideration for this project?
Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?
Which of the following is the BEST way to address threats to mobile device privacy when using beacons as a tracking technology?
An organization's work-from-home policy allows employees to access corporate IT assets remotely Which of the following controls is MOST important to mitigate the
risk of potential personal data compromise?
Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?
Which of the following poses the GREATEST privacy risk for client-side application processing?
Which of the following is an example of data anonymization as a means to protect personal data when sharing a database?
Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?
Which of the following technologies BEST facilitates protection of personal data?
Which of the following is an IT privacy practitioner’s BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?
A privacy risk assessment identified that a third-party collects personal data on the organization's behalf. This finding could subject the organization to a regulatory fine for not disclosing this relationship. What should the organization do NEXT?
An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?
Which of the following is the BEST way to ensure privacy considerations are included when working with vendors?
Which of the following is the BEST way to ensure an organization's enterprise risk management (ERM) framework can protect the organization from privacy harms?
Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?
An organization has a policy requiring the encryption of personal data if transmitted through email. Which of the following is the BEST control to ensure the effectiveness of this policy?
Within a regulatory and legal context, which of the following is the PRIMARY purpose of a privacy notice sent to customers?
Which of the following is the MOST important privacy consideration when developing a contact tracing application?
Which of the following should be used to address data kept beyond its intended lifespan?
Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?
A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?
Which of the following BEST ensures a mobile application implementation will meet an organization’s data security standards?
Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?
Which of the following MOST effectively protects against the use of a network sniffer?
Which cloud deployment model is BEST for an organization whose main objectives are to logically isolate personal data from other tenants and adopt custom privacy controls for the data?
Which of the following is MOST important to capture in the audit log of an application hosting personal data?