Free Access to ISACA.CDPSE.v2024-03-22.q117 with Valid Practice Test (Page 16)

Question 71

Which of the following should be done FIRST to address privacy risk when migrating customer relationship management (CRM) data to a new system?

A.Conduct a legitimate interest analysis (LIA).
B.Develop a data migration plan.
C.Perform a privacy impact assessment (PIA).
D.Obtain consent from data subjects.

Question 72

An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

A.Race, age, and gender
B.Education and profession
C.Height, weight, and activities
D.Sleep schedule and calorie intake

Question 73

An organization has initiated a project to enhance privacy protections by improving its information security controls. Which of the following is the MOST useful action to help define the scope of the project?

A.Review recent audit reports on the internal control environment
B.Identify databases that contain personal data
C.Identify databases that do not have encryption in place.
D.Review proposed privacy rules that govern the processing of personal data

Question 74

Which of the following scenarios should trigger the completion of a privacy impact assessment (PIA)?

A.Updates to data quality standards
B.New inter-organizational data flows
C.New data retention and backup policies
D.Updates to the enterprise data policy

Question 75

What is the BES T way for an organization to maintain the effectiveness of its privacy breach incident response plan?
Require security management to validate data privacy security practices.
Conduct annual data privacy tabletop exercises

A.Hire a third party to perform a review of data privacy processes.
B.Involve the privacy office in an organizational review of the incident response plan.

Question 71

Question 72

Question 73

Question 74

Question 75

Download PDF File