Questions Class 14012025 Students PDF

Summary

This document contains a set of questions on privacy and data security. The questions cover various aspects of personal data handling, including representation, retention periods, minimization principles, and other related concepts. The questions target concepts like data quality, risk management, and security methods.

Full Transcript

1. Which of the following can represent personal data to Insurance Inc? A. The job title of its employees B. Name of an organization that is a vendor to Insurance Inc C. Percentage of clients having bought a product in the last year D. Contact details of individuals that are pote...

1. Which of the following can represent personal data to Insurance Inc? A. The job title of its employees B. Name of an organization that is a vendor to Insurance Inc C. Percentage of clients having bought a product in the last year D. Contact details of individuals that are potential clients received by Insurance Inc from a marketing company 2. Which of the following can represent personal data to Company A? A. Internal ID used for individuals that are clients of Company A B. Internal ID used for organizations that are business partners C. Risk rating for an individual that is a client of Company A D. Voice recordings of calls in contact center by its clients 3. What does retention period mean in the context of privacy by design? A. The period for which data can be kept on a server, after which it must be moved to another server B. The amount of time a user’s session can be kept active C. The period of time after which logs containing personal data should be deleted D. The period of time after which notifications are sent to user about their request to be forgotten 4. What does the minimization principle entail? A. Sending to third parties personal data limited to the purpose for which they are processing data B. Receiving from third parties only personal data needed for the organization’s data processing C. Collecting personal data from individuals only as needed for the respective data processing D. A data processor receiving data limited to the instructions received from its data controller 5. What does the need-to-know principle entail? A. Developers that are employees of vendors have access to development, testing and production environments B. The accounting department only has users that can view/edit the accounting needed documentation C. An external auditor needs to conduct an audit and is granted access to the relevant data for the period of the audit D. When an employee leaves the organization, his access to data is revoked 6. Which of the following actions represent processing of personal data? A. Gathering from LinkedIn data of potential candidates for a position B. Creating a back-up to the database C. Sending data to another company within the same group D. Looking-up company headquarters, registration number and activity scope in the National Company Registry 7. Which of the below represents actions that represent privacy by design principles? A. Not collecting any data about individuals without their consent B. Not transferring any data about individuals without their consent C. Sending a verification email to the email addressed mentioned by the client D. Informing individuals about the processing of the personal data collected from them within one year from the collection of personal data 8. When Insurance Company A is considering granting access to third parties to its API (connected to the core insurance system), which of the below should it analyze in terms of privacy by design? A. The need for the third party to retrieve certain types of personal data B. The authentication mechanism used for accessing the data C. Whether individuals whose data is being transferred have been informed about the processing D. Whether the third parties have consented to receiving the data 9. Which of the following represents data quality actions in terms of personal data? A. Input validation for data entered by individuals in an application B. Ensuring that data is replicated properly in the IT systems of the organization C. Ensuring that the current contact details of clients is sent to the company delivering the communications to the clients D. Ensuring the list of vendors is accurate and up to date 10. Which of the below represents valid right to be forgotten requests that will be granted by the organization which has a retention period of 10 years as of the ceasing of the client relationship? A. A client (individual) ceases a contract with the organization and, in the same day, requests deletion of their data B. A client (individual) of the organization requests deletion of his/her data. C. A former client (company) requests deletion of its data 11 years after ceasing his/her relationship with the company 11. Which of the following represents proper implementation of the transparency principle? A. An information notice about the processing performed by a mobile application is found only on the organization’s website B. The information notice acknowledgement tick box is pre-ticked when shown to the customer C. The information notice, after login of the customer, is found in the profile section in the app D. The information notice’s updates are sent via push notifications and email to the customers 12. In a mobile application, which of the below represents proper implementation of the privacy by design principles? A. Users can revoke their consent B. Users can download their app data directly from the app C. Users can talk to a customer call center directly from the app D. Users can see all their accounts and those pertaining to their family members automatically in the app when signing-up 13. According to the privacy by design principles, how should logs containing personal data held on server side be handled? A. Delete logs when user closes the application or logs out B. Delete logs 10 years after they were created C. Delete logs after a retention period established based on legal requirements and business needs D. Sending to the audit department the logs pertaining to privileged accounts 14. What privacy by design aspects should be analyzed when purchasing off-the shelf software that interconnects with a company IT system? A. Whether retention periods can be set B. Whether data can be anonymized for testing environments C. Whether the data collected by the software is only the data necessary to achieve the scope of the company D. Whether the company that produced the software can provide the source code in escrow 15. What is the name of the process for choosing and implementing measures to reduce risk? A. Risk Response through mitigation B. Control C. Risk Assessment through analysis D. Risk Management 16. An information security risk analysis BEST assists an organization in ensuring that: A. there is an appropriate level of access control to the organizational infrastructure. B. cost-effective decisions are taken with respect to which assets require protection C. a proper level of budgeting is approved for security processes. D. the organization implements appropriate security tools 17. An administrator observed that certain users have been logging in from suspicious IP addresses. After asking the users about the logins, the administrator concludes that those employees did not login from those suspicious IP addresses. Thus, he decides to reset the passwords of the respective users. Which of the following aspects should the administrator implement to prevent this type of attack in the future? A. Multifactor authentication B. Permissions assignment C. Access management D. Password complexity 18. A security analyst is analyzing alerts in SIEM in relation to potential malicious network traffic generated by an employee’s company provided laptop. The security analyst determined he needed for the investigation additional data about the executable running on the machine. Which of the following logs should be used by the security analyst as a data source? A. Application level B. IPS/IDS C. Network level D. Endpoint level 19. An IT manager informs the help desk department that only the IT manager and the help desk lead will have access to the administrator console of the help desk software. Which of the following security controls is the IT manager setting up? A. Hardening B. Employee monitoring C. Configuration enforcement D. Least privilege 20. Which of the following process/procedure should a security administrator adhere to when creating a new set of rules for the firewall? A. Disaster recovery plan B. Incident response procedure C. Business continuity plan D. Change management procedure 21. Which of the following would an information security professional use to identify changes to content, particularly unauthorized changes? A. File Integrity Checker B. Security information and event management (SIEM) system C. Audit Logs D. Intrusion detection system (IDS) 22. Which entity is responsible for the security of the physical infrastructure and virtualization platform? A. The cloud consumer B. The majority of the security is covered by the consumer C. It depends on the cloud service agreement D. The responsibility is divided equally E. The cloud provider 23. Which of the following cryptographic system services ensures that encrypted data will not be disclosed to any unauthorized person? A. Authentication B. Integrity C. Non-repudiation D. Confidentiality 24. Which of the following elements ensures that no intentional or unintentional unauthorized change is made to data held in the IT systems of an organization? A. Non-repudiation B. Integrity C. Authentication D. Confidentiality 25. Which of the following consequences can occur when encryption is not properly applied or insecure data in transit approach are used? A. Security misconfiguration B. Insecure direct object references C. Sensitive data exposure D. Unvalidated redirects and forwards 26. Which of the following accurately defines the primary responsibility difference for IaaS, PaaS, and SaaS? In PaaS, the cloud customer manages the hardware and network infrastructure In SaaS, the cloud customer is responsible for managing and updating the application itself In IaaS, the cloud customer manages applications, data, runtime, and OS In IaaS, the cloud provider manages both the infrastructure and applications 27. Which risk response strategy includes taking proactive steps to reduce the impact or probability of a risk? A. Transfer B. Mitigation C. Avoid D. Accept 28. Which of the following is the BEST method to protect consumer confidential information for a customer-facing web application? A. Implement authentication with username and password to online accounts B. Encrypt consumer data in transit and at rest C. Use secure encrypted transport layer D. Apply a masking policy to the consumer data 29. What is a primary reason that effective cloud risk management is critical for an organization? A. To reduce the cost of cloud services B. To enhance employee productivity C. To reduce the need for internal IT professionals D. To mitigate potential security incidents and ensure compliance with applicable legislation 30. Threat and vulnerability assessments are PRIMARILY important because they are: A. used to establish the level of security investments. B. needed to identify, analyze and rate the level of risk. C. the basis for establishing control objectives. D. components of the organization's security controls. 31. Which of the following best mitigates the risk of an unauthorized access incident in a cloud environment? A. Relying solely on strong passwords B. Implementing multi-factor authentication (MFA) C. Encrypting data at rest D. Regularly updating software 32. What is a key practice in securing servers? A. Regularly applying patches and updates B. Disabling unused ports C. Ignoring alerts from the servers D. Avoiding security policy implementation

Use Quizgecko on...
Browser
Browser