Which of the following is the BEST way to protect personal data in the custody of a third party?
A. Have corporate counsel monitor privacy compliance.
B. Require the third party to provide periodic documentation of its privacy management program.
C. Include requirements to comply with the organization's privacy policies in the contract.
D. Add privacy-related controls to the vendor audit plan.
Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?
A. Access is logged on the virtual private network (VPN).
B. Multi-factor authentication is enabled.
C. Active remote access is monitored.
D. Access is only granted to authorized users.
Which of the following BEST ensures a mobile application implementation will meet an organization's data security standards?
A. User acceptance testing (UAT)
B. Data classification
C. Privacy impact assessment (PIA)
D. Automatic dynamic code scan
Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?
A. It increases system resiliency.
B. It reduces external threats to data.
C. It reduces exposure of data.
D. It eliminates attack motivation for data.
Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?
A. Focus on developing a risk action plan based on audit reports.
B. Focus on requirements with the highest organizational impact.
C. Focus on global compliance before meeting local requirements.
D. Focus on local standards before meeting global compliance.
Which of the following is the MOST important consideration when writing an organization's privacy policy?
A. Using a standardized business taxonomy
B. Aligning statements to organizational practices
C. Ensuring acknowledgment by the organization's employees
D. Including a development plan for personal data handling
An organization's data destruction guidelines should require hard drives containing personal data to go through which of the following processes prior to being crushed?
A. Low-level formatting
B. Remote partitioning
C. Degaussing
D. Hammer strike
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
A. Application design
B. Requirements definition
C. Implementation
D. Testing
Which of the following helps to ensure the identities of individuals in two-way communication are verified?
A. Virtual private network (VPN)
B. Transport Layer Security (TLS)
C. Mutual certificate authentication
D. Secure Shell (SSH)
Which of the following is the BEST approach to minimize privacy risk when collecting personal data?
A. Use a third party to collect, store, and process the data.
B. Collect data through a secure organizational web server.
C. Collect only the data necessary to meet objectives.
D. Aggregate the data immediately upon collection.
A web-based payment service is adding a requirement for biometric authentication. Which risk factor is BEST mitigated by this practice?
A. User validation failures when reconnecting after lost sessions
B. Zero-day attacks and exploits
C. Identity spoofing by unauthorized users
D. Legal liability from the misuse of accounts
Which of the following is the MOST important privacy consideration for video surveillance in high security areas?
A. Video surveillance recordings may only be viewed by the organization.
B. There is no limitation for retention of this data.
C. Video surveillance data must be stored in encrypted format.
D. Those affected must be informed of the video surveillance.
Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?
A. Including mandatory compliance language in the request for proposal (RFP)
B. Conducting a risk assessment of all candidate vendors
C. Requiring candidate vendors to provide documentation of privacy processes
D. Obtaining self-attestations from all candidate vendors
To ensure security when accessing personal data from a corporate website, which of the following is a prerequisite to implementing Hypertext Transfer Protocol Secure (HTTPS)?
A. Virtual private network (VPN)
B. Load balancer
C. Firewall
D. Transport Layer Security (TLS)
Which of the following is defined and implemented to ensure organizational data privacy protection arrangements are maintained and enforced regardless of jurisdiction?
A. Rules for data subject requests
B. Binding corporate rules
C. Privacy notice and consent rules D. Rules for managing complaints