01. What would be the BEST reason to include log generation in the design of a system from a privacy perspective?
a) Allow to save the evidence of all operations carried out with the system.
b) Facilitate early detection of abuse or misuse of the data that a system processes.
c) Facilitate the recovery of information in case of system damage.
d) Investigate fraud after it has occurred.
02. An attacker was able to retrieve data from a test and development environment that contained end user information. Which of the following hardening techniques would BEST prevent this attack from turning into a major privacy breach?
a) Data obfuscation
b) Data classification
c) Data dictionary
d) Data normalization
03. Who is accountable for establishing the privacy risk and harm tolerance levels?
a) Chief privacy officer
b) Enterprise risk management committee
c) Privacy steering committee
d) Chief risk officer
04. How should the chief privacy officer of an international enterprise BEST balance the requirements of the enterprise’s privacy standards with local regulations?
a) Prioritize organizational standards over local regulations.
b) Conduct awareness training regarding conflicts between the standards and local regulations.
c) Prioritize local regulations over organizational standards.
d) Create a local version of the organizational standards.
05. What is one of the GREATEST concerns for the privacy professional when using data analytics in an enterprise?
a) Ensure that all questions asked by the business can be answered.
b) Ensure the protection of customer information that is collected.
c) Ensure that the data mart contains client’s historical information.
d) Ensure that tools are available to make inquiries to the data warehouse.
06. What requirements would be BEST to include in a service level agreement when data is regularly moved outside of the enterprise as part of its life cycle?
a) Data persistence requirements
b) Data modeling requirements
c) Data minimization requirements
d) Quality and privacy requirements
07. Which of the following is considered a best practice with regard to event logging?
a) Retain all event logs on the systems that create them.
b) Transmit all event logs to a central log server.
c) Suppress the creation of event logs on all systems.
d) Encrypt all event logs on the systems that create them.
08. Which of the following statements is true about compliance risk?
a) Compliance risk can be tolerated when fines cost less than controls.
b) Compliance risk is just another risk that needs to be measured.
c) Compliance risk can never be tolerated.
d) Compliance risk can be tolerated when it is optional.
09. Which of the following would be classified as the first line of defense from the information security and privacy perspective?
a) Control of changes to applications.
b) Validation of data when entering an application.
c) Identification and authentication of users.
d) Making back-up copies.
10. Which of the following BEST describes transformation rules used in data warehousing? Transformation rules are:
a) Complex for the staging layer but minimal for the presentation layer.
b) Minimal for the staging layer but more complex for the presentation layer.
c) Minimal for both the staging layer and presentation layer.
d) Complex for both the staging layer and presentation layer.