An organization plans to implement a new cloud-based human resources (HR) solution with a mobile application interface. Which of the following is the BEST control to prevent data leakage?
Correct Answer: A
Explanation The best control to prevent data leakage for a cloud-based HR solution with a mobile application interface is to disable the download of data to the mobile devices. This is because downloading data to the mobile devices increases the risk of data loss, theft, or unauthorized access, especially if the devices are lost, stolen, or compromised. Disabling the download of data to the mobile devices ensures that the data remains in the cloud-based solution, where it can be protected by encryption, access control, and other security measures. The other options are not as effective or sufficient as disabling the download of data to the mobile devices, as they do not address the root cause of the data leakage risk, which is the exposure of data outside the cloud-based solution. References: CDPSE Review Manual, 2021, p. 128
Question 57
When contracting with a Software as a Service (SaaS) provider, which of the following is the MOST important contractual requirement to ensure data privacy at service termination?
Correct Answer: B
Explanation When contracting with a SaaS provider, it is important to ensure that the provider will remove all customer data from their systems and storage devices at the end of the service contract. This will prevent any unauthorized access, use, or disclosure of the customer data by the provider or third parties after the service termination. Removal of customer data means that the data are permanently erased and cannot be recovered or restored by any means. References: ISACA, Data Privacy Audit/Assurance Program, Control Objective 9: Data Disposal, p. 16-171 ISACA, CDPSE Review Manual 2021, Chapter 4: Privacy Incident Response, Section 4.2: Data Disposal and Destruction, p. 151-152.
Question 58
Which of the following system architectures BEST supports anonymity for data transmission?
Correct Answer: A
Question 59
An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?
Correct Answer: D
Explanation The first consideration for ensuring that endpoints are protected in line with the privacy policy is hardening the operating systems of endpoint devices. Hardening is a process of applying security configurations and controls to reduce the attack surface and vulnerabilities of an operating system. Hardening can include disabling unnecessary services and features, applying security patches and updates, enforcing strong passwords and encryption, configuring firewall and antivirus settings, and implementing least privilege principles. Hardening the operating systems of endpoint devices can help prevent unauthorized access, data leakage, malware infection, or other threats that may compromise the privacy of personal data stored or processed on those devices. Detecting malicious access through endpoints, implementing network traffic filtering on endpoint devices, and managing remote access and control are also important aspects of endpoint security, but they are not the first consideration. Rather, they are dependent on or complementary to hardening the operating systems of endpoint devices. For example, detecting malicious access requires having a baseline of normal activity and behavior on the endpoint device, which can be established by hardening. Implementing network traffic filtering requires having a firewall or other network security tool installed and configured on the endpoint device, which is part of hardening. Managing remote access and control requires having authentication and authorization mechanisms in place on the endpoint device, which is also part of hardening. References: Manage endpoint security policies in Microsoft Intune, ENDPOINT SECURITY POLICY, How To Build An Effective Endpoint Security Policy And Prevent Cyberattacks
Question 60
A global financial institution is implementing data masking technology to protect personal data used for testing purposes in non-production environments. Which of the following is the GREATEST challenge in this situation?
