EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following is MOST important when developing an organizational data privacy program?

Question2: What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

Question3: Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

Question4: Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

Question5: Which of the following is the BEST way to protect the privacy of data stored on a laptop in case of loss or theft?

Question6: Which of the following is the BEST way to distinguish between a privacy risk and compliance risk?

Question7: Which of the following BEST enables an IT privacy practitioner to ensure appropriate protection for personal data collected that is required to provide necessary services?

Question8: Which types of controls need to be applied to ensure accuracy at all stages of processing, storage, and deletion throughout the data life cycle?

Question9: Which of the following would MOST effectively reduce the impact of a successful breach through a remote access solution?

Question10: Of the following, who should be PRIMARILY accountable for creating an organization's privacy management strategy?

Question11: Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

Question12: Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?

Question13: Which of the following is the PRIMARY reason that a single cryptographic key should be used for only one purpose, such as encryption or authentication?

Question14: An online business posts its customer data protection notice that includes a statement indicating information is collected on how products are used, the content viewed, and the time and duration of online activities. Which data protection principle is applied?

Question15: An organization want to develop an application programming interface (API) to seamlessly exchange personal data with an application hosted by a third-party service provider. What should be the FIRST step when developing an application link?

Question16: Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

Question17: Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

Question18: Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

Question19: An organization wants to ensure that endpoints are protected in line with the privacy policy. Which of the following should be the FIRST consideration?

Question20: An organization is concerned with authorized individuals accessing sensitive personal customer information to use for unauthorized purposes. Which of the following technologies is the BEST choice to mitigate this risk?

Question21: Which of the following is the BEST approach for a local office of a global organization faced with multiple privacy-related compliance requirements?

Question22: Which of the following is the BEST way to limit the organization's potential exposure in the event of consumer data loss while maintaining the traceability of the data?

Question23: Which of the following is MOST important to consider when managing changes to the provision of services by a third party that processes personal data?

Question24: Which of the following helps to ensure the identities of individuals in two-way communication are verified?

Question25: Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization's privacy notice. Which of the following is the BEST way to address this concern?

Question26: Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

Question27: Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

Question28: Which of the following zones within a data lake requires sensitive data to be encrypted or tokenized?

Question29: To ensure effective management of an organization's data privacy policy, senior leadership MUST define:

Question30: Which of the following should an IT privacy practitioner do FIRST before an organization migrates personal data from an on-premise solution to a cloud-hosted solution?

Question31: It is MOST important to consider privacy by design principles during which phase of the software development life cycle (SDLC)?

Question32: Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

Question33: Which of the following is MOST likely to present a valid use case for keeping a customer's personal data after contract termination?

Question34: Which of the following is the BEST way for an organization to limit potential data exposure when implementing a new application?

Question35: An organization is creating a personal data processing register to document actions taken with personal dat a. Which of the following categories should document controls relating to periods of retention for personal data?

Question36: Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

Question37: Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

Question38: Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

Question39: Which of the following BEST ensures a mobile application implementation will meet an organization's data security standards?

Question40: When configuring information systems for the communication and transport of personal data, an organization should:

Question41: An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

Question42: Which of the following BEST ensures data confidentiality across databases?