ISACA CDPSE認定試験問題集には122練習テスト問題があります [Q42-Q67]

Share

ISACA CDPSE認定試験問題集には122練習テスト問題があります

最新CDPSE試験問題集には高得点で一発合格


ISACA CDPSE 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • プライバシーを強化するテクノロジーの進歩と規制環境の変化を評価する
  • データ分類手順に従って適切なプライバシーとセキュリティの制御を特定、検証、および
  • または実装する
トピック 2
  • 組織のデータライフサイクル慣行に関連する内部および外部のプライバシー要件を特定する
  • プライバシートレーニングに参加し、プライバシー慣行の認識を促進する
トピック 3
  • 改善が必要な問題とプロセス改善の機会を特定する
  • プライバシーポリシーとビジネスニーズに沿った手順の開発に参加する
トピック 4
  • インベントリとデータフローの記録を最新の状態に保つためのプロセスと手順を設計、実装、および
  • または監視する
  • プライバシーインシデント管理プロセスに参加する
トピック 5
  • データ分類手順に従って適切なプライバシーおよびセキュリティ管理を特定、検証、および
  • または実装する
  • プライバシーポリシーおよびビジネスニーズに沿ったプライバシー管理手順の開発に参加する
トピック 6
  • プライバシーポリシーとビジネスニーズに沿ったデータライフサイクル手順の開発に参加する
  • プライバシー慣行の優先順位付けプロセスを開発および
  • または実装する
トピック 7
  • プライバシーポリシーに沿ったプライバシーアーキテクチャに関連する手順を実装する
  • プライバシーポリシーに沿った手順を実装する
トピック 8
  • プライバシープログラムと慣行の状況と結果を関連する利害関係者に報告する
  • プライバシーポリシーに沿ったデータライフサイクルに関連する手順を実装する
トピック 9
  • プライバシーポリシーに沿ったデータライフサイクルに関連する手順を実装する
  • プライバシー影響評価(PIA)およびその他のプライバシーに焦点を当てた評価を調整および
  • または実行する

 

質問 42
Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?

  • A. Gather privacy requirements from legal counsel.
  • B. Obtain executive support.
  • C. Create a comprehensive data inventory.
  • D. Develop a data privacy policy.

正解: C

 

質問 43
Which of the following MUST be available to facilitate a robust data breach management response?

  • A. An inventory of affected individuals and systems
  • B. Best practices to obfuscate data for processing and storage
  • C. Lessons learned from prior data breach responses
  • D. An inventory of previously impacted individuals

正解: C

 

質問 44
When configuring information systems for the communication and transport of personal data, an organization should:

  • A. implement the least restrictive mode.
  • B. enable essential capabilities only.
  • C. review configuration settings for compliance.
  • D. adopt the default vendor specifications.

正解: C

 

質問 45
An email opt-in form on a website applies to which privacy principle?

  • A. Accuracy
  • B. Integrity
  • C. Transparency
  • D. Consent

正解: D

 

質問 46
Which of the following is the PRIMARY objective of privacy incident response?

  • A. To mitigate the impact of privacy incidents
  • B. To reduce privacy risk to the lowest possible level
  • C. To ensure data subjects impacted by privacy incidents are notified.
  • D. To optimize the costs associated with privacy incidents

正解: A

 

質問 47
Which of the following deployed at an enterprise level will MOST effectively block malicious tracking of user Internet browsing?

  • A. Domain name system (DNS) sinkhole
  • B. Desktop antivirus software
  • C. Web application firewall (WAF)
  • D. Website URL blacklisting

正解: C

 

質問 48
Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

  • A. Perform a privacy impact assessment (PIA).
  • B. Obtain consent from data subjects.
  • C. Develop a data migration plan.
  • D. Conduct a legitimate interest analysis (LIA).

正解: C

 

質問 49
Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

  • A. Enforce multi-factor authentication for remote access.
  • B. Implement a virtual private network (VPN) tool.
  • C. Evaluate the impact resulting from this change.
  • D. Revisit the current remote working policies.

正解: D

 

質問 50
Which of the following should be done FIRST to establish privacy to design when developing a contact-tracing application?

  • A. Identify privacy controls for the application.
  • B. Conduct a development environment review.
  • C. Conduct a privacy impact assessment (PIA).
  • D. Identify differential privacy techniques.

正解: D

 

質問 51
Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

  • A. Regulatory compliance requirements
  • B. Subject matter expertise
  • C. Location of data
  • D. Type of media

正解: A

 

質問 52
Which of the following is the MOST important consideration when determining retention periods for personal data?

  • A. Notice provided to customers during data collection
  • B. Data classification standards
  • C. Sectoral best practices for the industry
  • D. Storage capacity available for retained data

正解: C

 

質問 53
Which party should data subject contact FIRST if they believe their personal information has been collected and used without consent?

  • A. Outside privacy counsel
  • B. Data protection authorities
  • C. Privacy rights advocate
  • D. The organization's chief privacy officer (CPO)

正解: B

 

質問 54
Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?

  • A. Strong authentication controls
  • B. Regular backups
  • C. Endpoint encryption
  • D. Remote wipe

正解: D

 

質問 55
Which of the following system architectures BEST supports anonymity for data transmission?

  • A. Front-end
  • B. Peer-to-peer
  • C. Client-server
  • D. Plug-in-based

正解: C

 

質問 56
An organization's data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?

  • A. Degaussing
  • B. Low-level formatting
  • C. Hammer strike
  • D. Remote partitioning

正解: B

 

質問 57
When a government's health division established the complete privacy regulation for only the health market, which privacy protection reference model is being used?

  • A. Self-regulatory
  • B. Comprehensive
  • C. Co-regulatory
  • D. Sectoral

正解: B

 

質問 58
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?

  • A. Data masking tools are complex and difficult to implement.
  • B. Personal data across the various interconnected systems cannot be easily identified.
  • C. Complex relationships within and across systems must be retained for testing.
  • D. Access to personal data is not strictly controlled in development and testing environments.

正解: A

 

質問 59
Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?

  • A. Multi-factor authentication
  • B. Network security standard
  • C. Virtual private network (VPN)
  • D. Privacy policy

正解: D

 

質問 60
Which of the following is an IT privacy practitioner's BEST recommendation to reduce privacy risk before an organization provides personal data to a third party?

  • A. Tokenization
  • B. Anonymization
  • C. Aggregation
  • D. Encryption

正解: B

 

質問 61
Which of the following is the BEST way to limit the organization's potential exposure in the event of consumer data loss while maintaining the traceability of the data?

  • A. Use a unique hashing algorithm.
  • B. Encrypt the data at rest.
  • C. De-identify the data.
  • D. Require a digital signature.

正解: D

 

質問 62
Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

  • A. To determine data integration gaps
  • B. To evaluate effectiveness of data controls
  • C. To comply with regulations
  • D. To assess privacy risks

正解: D

 

質問 63
Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

  • A. It eliminates attack motivation for data.
  • B. It reduces external threats to data.
  • C. It reduces exposure of data.
  • D. It increases system resiliency.

正解: B

 

質問 64
Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?

  • A. Use only the data required by the application.
  • B. Capture the application's authentication logs.
  • C. Encrypt all data used by the application.
  • D. Implement a data loss prevention (DLP) system.

正解: D

 

質問 65
Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?

  • A. To comply with consumer regulatory requirements
  • B. To understand privacy risks
  • C. To establish privacy breach response procedures
  • D. To classify personal data

正解: A

 

質問 66
Which of the following features should be incorporated into an organization's technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

  • A. Allowing individuals to have direct access to their data
  • B. Providing system engineers the ability to search and retrieve data
  • C. Establishing a data privacy customer service bot for individuals
  • D. Allowing system administrators to manage data access

正解: A

解説:
Any organization collecting information about EU residents is required to operate with transparency in collecting and using their personal information. Chapter III of the GDPR defines eight data subject rights that have become foundational for other privacy regulations around the world:
Right to access personal data. Data subjects can access the data collected on them.

 

質問 67
......

無料提供中CDPSEブレーン問題集とCDPSEリアル試験問題を試そう:https://jp.fast2test.com/CDPSE-premium-file.html

ISACA CDPSE実際の問題とブレーン問題集:https://drive.google.com/open?id=18pRgYEm9jCp7vgu5XaAA6HNLEz5E3GqU


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어