CDPSE 無料問題集「ISACA Certified Data Privacy Solutions Engineer」

（A）When the data is being archived in the public interest

（B）When the processing is unlawful

（C）When there is an absence of overriding legitimate grounds

（D）When the data is no longer necessary

（A）Managing privacy notices provided to customers

（B）Validating the privacy framework

（C）Establishing employee privacy rights and consent

（D）Approving privacy impact assessments (PIAs)

（A）Data stored in the cloud-based solution is encrypted.

（B）Single sign-on is enabled for the mobile application.

（C）Separate credentials are used for the mobile application.

（D）Download of data to the mobile devices is disabled.

（A）Transmission Control Protocol (TCP)

（B）Secure File Transfer Protocol (SFTP)

（C）Transport Layer Security Protocol (TLS)

（D）Hypertext Transfer Protocol (HTTP)

（A）Implementation

（B）Requirements definition

（C）Application design

（D）Testing

（A）Data minimization

（B）Data encryption

（C）Data truncation

（D）Data masking

（A）the region where the business IS incorporated.

（B）all data sectors in which the business operates

（C）all countries with privacy regulations.

（D）all jurisdictions where corporate data is processed.

（A）A forthcoming campaign to win back customers

（B）Ease of onboarding when the customer returns

（C）For the purpose of medical research

（D）A required retention period due to regulations

（A）Data scrambling

（B）Data sanitization

（C）Data encryption

（D）Data masking

（A）Require an annual internal audit of SDLC processes.

（B）Ensure comprehensive application security testing immediately prior to release.

（C）Include qualified application security personnel as part of the process.

（D）Require an annual third-party audit of new client software solutions.

（A）Ensure data loss prevention (DLP) alerts are turned on.

（B）Encrypt the data while it is being migrated.

（C）Assess the organization's exposure related to the migration.

（D）Conduct a penetration test of the hosted solution.

（A）Data retention period

（B）Transparency

（C）Language localization

（A）API keys could be stored insecurely.

（B）APIs are complex to build and test

（C）APIS could create an unstable environment

（D）APIs are costly to assess and monitor.

（A）Review the findings of a third-party privacy control assessment

（B）Review the findings of an industry benchmarking assessment

（C）Identify trends in the organization's number of privacy incidents.

（D）Identify trends in the organization's amount of compromised personal data

（A）Adjust the risk rating to help ensure it is remediated

（B）Reconfirm the risk during the next reporting period

（C）Determine the risk appetite With management.

（D）Monitor the risk landscape for material changes.

（A）Require the third party to provide periodic documentation of its privacy management program.

（B）Include requirements to comply with the organization's privacy policies in the contract.

（C）Have corporate counsel monitor privacy compliance.

（D）Add privacy-related controls to the vendor audit plan.

（A）Segregation of duties

（B）Data minimization

（C）Read-only access

（D）Least privilege

（A）To meet the organization's security baseline

（B）To prevent possible identity theft

（C）To ensure technical security measures are effective

（D）To reduce the risk of sensitive data breaches