C Certs Club
Home
Oracle SAP Microsoft Cisco CompTIA Fortinet Salesforce Nutanix Linux Foundation Amazon View All Vendors →
Login Register

ISACA CDPSE - Certified Data Privacy Solutions Engineer Certification Exam

Download Exam View Entire Exam
Page: 1 / 2
Question #1 (Topic: Demo Questions)

Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?

A.
Limited functions and capabilities of a secured operating environment
B.
Monitored network activities for unauthorized use
C.
Improved data integrity and reduced effort for privacy audits
D.
Unlimited functionalities and highly secured applications
Correct Answer: C
Explanation:
The best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records is that it can improve data integrity and reduce effort for privacy audits. Desktop virtualization is a technology that allows users to access a virtual desktop environment that is hosted on a remote server, rather than on their local device. Desktop virtualization can enhance data privacy by providing stronger access control to systems containing patient records, such as requiring authentication, authorization, encryption, logging, etc. Desktop virtualization can also improve data integrity by ensuring that patient records are stored and processed in a centralized and secure location, rather than on multiple devices that may be vulnerable to loss, theft, damage, or corruption. Desktop virtualization can also reduce effort for privacy audits by simplifying the management and monitoring of data privacy compliance across different devices and locations.  References:  : CDPSE Review Manual (Digital Version), page 153
Question #2 (Topic: Demo Questions)

During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

A.
Segregation of duties
B.
Unique user credentials
C.
Two-person rule
D.
Need-to-know basis
Correct Answer: D
Explanation:
The need-to-know basis principle is a security principle that states that access to personal data should be limited to those who have a legitimate purpose for accessing it. The need-to-know basis principle helps to protect data privacy by minimizing the exposure of personal data to unauthorized or unnecessary parties, reducing the risk of data breaches, leaks, or misuse. The need-to-know basis principle should be applied when designing a role-based user access model for a new application, by defining clear roles and responsibilities for different users, granting access rights based on their roles and functions, and enforcing access controls and audits to monitor and verify data access.  References:  : CDPSE Review Manual (Digital Version), page 105
Question #3 (Topic: Demo Questions)

A gaming software startup company does not employ penetration testing of its software. This is an example of: 

A.
Outsourcing 
B.
Outsourcing 
C.
High tolerance of risk 
D.
Irresponsibility
Correct Answer: C
Explanation:
A software startup in an industry like gaming is going to be highly tolerant of risk: time to market and signing up new customers will be its primary objectives. Asthe organization achieves viability, other priorities such as security will be introduced.
Question #4 (Topic: Demo Questions)

What is usually the primary objective of risk management? 

A.
Improved compliance 
B.
Fewer and less severe privacy and security incidents 
C.
Fewer audit findings
D.
No privacy or security incidents
Correct Answer: B
Explanation:
The most common objective of a risk management program is to reduce the number and severity of privacy and security incidents.
Question #5 (Topic: Demo Questions)

Which of the following is MOST important to ensure when developing a business case for the procurement of a new IT system that will process and store personal information?

A.
The system architecture is clearly defined.
B.
A risk assessment has been completed.
C.
Security controls are clearly defined.
D.
Data protection requirements are included.
Next Question
Correct Answer: D
Explanation:
[Reference: https://www.isaca.org/privacy-policy, The most important thing to ensure when developing a business case for the procurement of a new IT system that will process and store personal information is that data protection requirements are included. This means that the organization should identify and analyze the privacy risks and impacts of the new IT system, and determine the appropriate measures to mitigate or eliminate them. The data protection requirements should cover aspects such as data minimization, consent, access, rectification, erasure, portability, security, breach notification, etc. The data protection requirements should also align with the organization’s privacy policies and applicable privacy regulations. References: : CDPSE Review Manual (Digital Version), page 63]