New Year Goodies - 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: av5rz84q

Exact2Pass Menu

Question # 4

Which of the following MOST effectively protects against the use of a network sniffer?

A.

Network segmentation

B.

Transport layer encryption

C.

An intrusion detection system (IDS)

D.

A honeypot environment

Full Access
Question # 5

Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

A.

Possession factor authentication

B.

Knowledge-based credential authentication

C.

Multi-factor authentication

D.

Biometric authentication

Full Access
Question # 6

Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?

A.

Mandatory access control

B.

Network segmentation

C.

Dedicated access system

D.

Role-based access control

Full Access
Question # 7

Of the following, who should be PRIMARILY accountable for creating an organization’s privacy management strategy?

A.

Chief data officer (CDO)

B.

Privacy steering committee

C.

Information security steering committee

D.

Chief privacy officer (CPO)

Full Access
Question # 8

Which of the following is the MOST important consideration when using advanced data sanitization methods to ensure privacy data will be unrecoverable?

A.

Subject matter expertise

B.

Type of media

C.

Regulatory compliance requirements

D.

Location of data

Full Access
Question # 9

Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

A.

Develop a data migration plan.

B.

Conduct a legitimate interest analysis (LIA).

C.

Perform a privacy impact assessment (PIA).

D.

Obtain consent from data subjects.

Full Access
Question # 10

What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?

A.

Cross-border data transfer

B.

Support staff availability and skill set

C.

User notification

D.

Global public interest

Full Access
Question # 11

Which of the following BEST represents privacy threat modeling methodology?

A.

Mitigating inherent risks and threats associated with privacy control weaknesses

B.

Systematically eliciting and mitigating privacy threats in a software architecture

C.

Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities

D.

Replicating privacy scenarios that reflect representative software usage

Full Access
Question # 12

Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

A.

To identify controls to mitigate data privacy risks

B.

To classify personal data according to the data classification scheme

C.

To assess the risk associated with personal data usage

D.

To determine the service provider’s ability to maintain data protection controls

Full Access
Question # 13

Which of the following is the BEST way to hide sensitive personal data that is in use in a data lake?

A.

Data masking

B.

Data truncation

C.

Data encryption

D.

Data minimization

Full Access
Question # 14

Which of the following system architectures BEST supports anonymity for data transmission?

A.

Client-server

B.

Plug-in-based

C.

Front-end

D.

Peer-to-peer

Full Access
Question # 15

When evaluating cloud-based services for backup, which of the following is MOST important to consider from a privacy regulation standpoint?

A.

Data classification labeling

B.

Data residing in another country

C.

Volume of data stored

D.

Privacy training for backup users

Full Access
Question # 16

Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

A.

The organization lacks a hardware disposal policy.

B.

Emails are not consistently encrypted when sent internally.

C.

Privacy training is carried out by a service provider.

D.

The organization’s privacy policy has not been reviewed in over a year.

Full Access
Question # 17

Which of the following BEST ensures a mobile application implementation will meet an organization’s data security standards?

A.

User acceptance testing (UAT)

B.

Data classification

C.

Privacy impact assessment (PIA)

D.

Automatic dynamic code scan

Full Access
Question # 18

Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

A.

Degaussing the drive

B.

Factory resetting the drive

C.

Crypto-shredding the drive

D.

Reformatting the drive

Full Access