Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

A. The service provider has denied the organization's request for right to audit.

B. Personal data stored on the cloud has not been anonymized.

C. The extent of the service provider's access to data has not been established.

D. The data is stored in a region with different data protection requirements.

Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?

A. Implement a data loss prevention (DLP) system.

B. Use only the data required by the application.

C. Encrypt all data used by the application.

D. Capture the application's authentication logs.

Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

A. It eliminates cryptographic key collision.

B. It minimizes the risk if the cryptographic key is compromised.

C. It is more practical and efficient to use a single cryptographic key.

D. Each process can only be supported by its own unique key management process.

Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

A. Compartmentalizing resource access

B. Regular testing of system backups

C. Monitoring and reviewing remote access logs

D. Regular physical and remote testing of the incident response plan

When a government's health division establishes the complete privacy regulation for only the health market, which privacy protection reference model is being used?

A. Co-regulatory

B. Sectoral

C. Comprehensive

D. Self-regulatory

In addition to lowering costs and improving performance, which of the following is the MOST compelling reason to archive data?

A. Improving business alignment

B. Restricting data access

C. Achieving compliance

D. Improving data confidentiality

Which of the following is the BEST way to address threats to mobile device privacy when using beacons as a tracking technology?

A. Disable location services.

B. Enable Trojan scanners.

C. Enable antivirus for mobile devices.

D. Disable Bluetooth services.

Which of the following is the MOST effective use of data flow diagrams when implementing a data privacy compliance program?

A. Illustrating where personal data resides in systems

B. Identifying where personal data is in transit

C. Processing personal data with clarity and ease

D. Mapping personal data at rest

Which of the following is the BEST way to manage privacy risk associated with outsourcing to a third party?

A. Utilize a variable sourcing strategy.

B. Review and approve the vendor's privacy policies.

C. Require specific controls as part of the contract.

D. Perform privacy audits of the vendor.

A retail company handles payroll accounting for its employees through a Software as a Service (SaaS) provider that uses a data center operator as a subcontractor. Who is responsible for the protection of the employees' personal data?

A. The SaaS provider

B. The external auditing firm

C. The retail company

D. The data center operator