Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?

• A.Privacy policy
• B.Network security standard
• C.Multi-factor authentication
• D.Virtual private network (VPN)

Comment: *

Name: *

Email: *

Verification: *

A project manager for a new data collection system had a privacy impact assessment (PIA) completed before the solution was designed. Once the system was released into production, an audit revealed personal data was being collected that was not part of the PIA What is the BEST way to avoid this situation in the future?

• A.Conduct a privacy post-implementation review.
• B.Document personal data workflows in the product life cycle
• C.Require management approval of changes to system architecture design.
• D.Incorporate privacy checkpoints into the secure development life cycle

Comment: *

Name: *

Email: *

Verification: *

Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

• A.Develop and communicate a data security plan.
• B.Ensure strong encryption is used.
• C.Perform a privacy impact assessment (PIA).
• D.Conduct a security risk assessment.

Comment: *

Name: *

Email: *

Verification: *

Which of the following techniques mitigates design flaws in the application development process that may contribute to potential leakage of personal data?

• A.User acceptance testing (UAT)
• B.Patch management
• C.Software hardening
• D.Web application firewall (WAF)

Comment: *

Name: *

Email: *

Verification: *

Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

• A.Organizations using weak encryption to transmit data
• B.Vulnerabilities existing in authentication pages
• C.End users using weak passwords
• D.End users forgetting their passwords

Comment: *

Name: *

Email: *

Verification: *