Which of the following is the MOST important attribute of a privacy policy?
Correct Answer: C
Transparency is the most important attribute of a privacy policy because it informs the users about how their personal data is collected, used, shared, and protected by the organization. Transparency also helps to build trust and confidence with the users, and to comply with legal and ethical obligations regarding data privacy. Reference: ISACA Certified Data Privacy Solutions Engineer Study Guide, Domain 2: Privacy Governance, Task 2.1: Develop and implement privacy policies and procedures, p. 49-50. What is a Privacy Policy? | Privacy Policies
Question 122
Which of the following is the BEST way to ensure that application hardening is included throughout the software development life cycle (SDLC)?
Correct Answer: B
The best way to ensure that application hardening is included throughout the software development life cycle (SDLC) is to include qualified application security personnel as part of the process. Application hardening is the process of applying security measures and techniques to an application to reduce its attack surface, vulnerabilities, and risks. Application hardening should be integrated into every stage of the SDLC, from planning and design to development and testing to deployment and maintenance. Including qualified application security personnel as part of the process helps to ensure that application hardening is performed effectively and consistently, as well as to provide guidance, feedback, and support to the developers, testers, and project managers. The other options are not as effective or sufficient as including qualified application security personnel as part of the process, as they do not address the root cause of the lack of application hardening, which is the gap in skills and knowledge among the SDLC participants.
Question 123
Which of the following is the MOST important consideration for determining the operational life of an encryption key?
Correct Answer: C
Explanation The most important consideration for determining the operational life of an encryption key is the volume and sensitivity of data protected by the key. The operational life of an encryption key is the period of time during which the key can be used securely and effectively to encrypt and decrypt data. The operational life of an encryption key depends on various factors, such as the length and complexity of the key, the strength and speed of the encryption algorithm, the number and frequency of encryption operations, the number of entities involved in communication, and the number of digitally signed documents in force. However, among these factors, the volume and sensitivity of data protected by the key is the most critical, as it affects the risk and impact of a potential compromise or exposure of the key. The higher the volume and sensitivity of data protected by the key, the shorter the operational life of the key should be, as this reduces the window of opportunity for an attacker to access or misuse the data. References: CDPSE Review Manual, 2021, p. 117
Question 124
It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?
Correct Answer: A
Explanation Requirements definition is a phase of the software development life cycle (SDLC) that involves gathering, analyzing and documenting the functional and non-functional requirements of the software system or application, such as features, performance, security and usability. It is most important to consider privacy by design principles during this phase, as it would help to ensure that privacy is embedded and integrated into the software system or application from the outset, rather than as an afterthought or an add-on. Considering privacy by design principles during requirements definition would also help to avoid costly rework or delays later in the SDLC, as well as to enhance customer trust and satisfaction, and comply with privacy laws and regulations. The other options are not as important as requirements definition in considering privacy by design principles. Application design is a phase of the SDLC that involves creating and specifying the architecture, components, interfaces and data models of the software system or application, based on the requirements defined in the previous phase. Implementation is a phase of the SDLC that involves coding, testing and debugging the software system or application, based on the design specifications created in the previous phase. Testing is a phase of the SDLC that involves verifying and validating that the software system or application meets the requirements and expectations of the users and stakeholders, as well as identifying and fixing any defects or errors1, p. 88-89 References: 1: CDPSE Review Manual (Digital Version)
Question 125
In which of the following should the data record retention period be defined and established?
Correct Answer: D
Reference: A data management plan is a document that describes how data will be collected, stored, processed, shared, and disposed of throughout the data lifecycle. A data management plan should include information such as the purpose and scope of data processing, the data sources and types, the data quality and integrity standards, the data security and privacy measures, the data retention and destruction periods, the data ownership and governance structure, etc. A data management plan should also align with the organization's privacy policies and applicable privacy regulations and standards. Therefore, a data management plan is where the data record retention period should be defined and established. Reference: : CDPSE Review Manual (Digital Version), page 169
