What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?
A. Cross-border data transfer
B. Support staff availability and skill set
C. User notification
D. Global public interest
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?
A. Segregation of duties
B. Unique user credentials
C. Two-person rule
D. Need-to-know basis
Which of the following helps define data retention time in a stream-fed data lake that includes personal data?
A. Information security assessments
B. Privacy impact assessments (PIAs)
C. Data privacy standards
D. Data lake configuration
Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?
A. It eliminates cryptographic key collision.
B. It minimizes the risk if the cryptographic key is compromised.
C. It is more practical and efficient to use a single cryptographic key.
D. Each process can only be supported by its own unique key management process.
An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings. Which of the following is the IT privacy practitioner's BEST recommendation?
A. Anonymize personal data.
B. Discontinue the creation of profiles.
C. Implement strong access controls.
D. Encrypt data at rest.
Which of the following is MOST important to capture in the audit log of an application hosting personal data?
A. Last logins of privileged users
B. Last user who accessed personal data
C. Application error events
D. Server details of the hosting environment
To ensure security when accessing personal data from a corporate website, which of the following is a prerequisite to implementing Hypertext Transfer Protocol Secure (HTTPS)?
A. Virtual private network (VPN)
B. Load balancer
C. Firewall
D. Transport Layer Security (TLS)
Which of the following needs to be identified FIRST to define the privacy requirements to use when assessing the selection of IT systems?
A. Type of data being processed
B. Applicable control frameworks
C. Applicable privacy legislation
D. Available technology platforms
Which of the following should be the FIRST consideration prior to implementing an audit trail of access to personal data?
A. Vulnerability and threat assessments
B. Service level agreements (SLAs)
C. Cost-benefit analysis
D. Sensitivity and regulatory requirements
Which of the following is the MOST effective way to support organizational privacy awareness objectives?
A. Funding in-depth training and awareness education for data privacy staff
B. Implementing an annual training certification process
C. Including mandatory awareness training as part of performance evaluations
D. Customizing awareness training by business unit function