CDPSE Online Practice Questions and Answers

An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to periods of retention for personal data?

A. Data archiving

B. Data storage

C. Data acquisition

D. Data input

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

A. The system architecture is clearly defined.

B. A risk assessment has been completed.

C. Security controls are clearly defined.

D. Data protection requirements are included.

Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

A. Evaluate the impact resulting from this change.

B. Revisit the current remote working policies.

C. Implement a virtual private network (VPN) tool.

D. Enforce multi-factor authentication for remote access.

During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

A. Functional testing

B. Development

C. Production

D. User acceptance testing (UAT)

Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

A. Possession factor authentication

B. Knowledge-based credential authentication

C. Multi-factor authentication

D. Biometric authentication

When a government's health division establishes the complete privacy regulation for only the health market, which privacy protection reference model is being used?

A. Co-regulatory

B. Sectoral

C. Comprehensive

D. Self-regulatory

Which of the following is MOST important to establish within a data storage policy to protect data privacy?

A. Data redaction

B. Data quality assurance (QA)

C. Irreversible disposal

D. Collection limitation

Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?

A. Mandatory access control

B. Network segmentation

C. Dedicated access system

D. Role-based access control

Which of the following is the BEST approach when providing data subjects with access to their personal data?

A. Use an email address to automatically generate a unique ID.

B. Create a profile page where users can view their information.

C. Disable user profile data modification so there is no possibility to introduce mistakes.

D. Only allow users to edit data fields that are not derived from their personal information.

Which of the following statements BEST differentiates sensitive personal data from other types of confidential data?

A. The legal department is accountable for protecting sensitive personal data.

B. Masking techniques are only applicable to the protection of sensitive personal data.

C. Sensitive personal data merits a higher level of protection.

D. Sensitive personal data requires deletion beyond the retention period by law.