EMT Practice Test

1. Question Content...


Question List

Question1: Which of the following vulnerabilities would have the GREATEST impact on the privacy of information?

Question2: During which of the following system lifecycle stages is it BEST to conduct a privacy impact assessment (PIA) on a system that holds personal data?

Question3: Which of the following is the MOST important consideration to ensure privacy when using big data analytics?

Question4: Which of the following is the PRIMARY reason to complete a privacy impact assessment (PIA)?

Question5: An organization uses analytics derived from archived transaction data to create individual customer profiles for customizing product and service offerings. Which of the following is the IT privacy practitioner's BEST recommendation?

Question6: An organization Wishes to deploy strong encryption to its most critical and sensitive databases. Which of the following is the BEST way to safeguard the encryption keys?

Question7: Using hash values With stored personal data BEST enables an organization to

Question8: What is the BEST way for an organization to maintain the effectiveness of its privacy breach incident response plan?

Question9: Which of the following is the BEST approach to minimize privacy risk when collecting personal data?

Question10: Which of the following is MOST important to review before using an application programming interface (API) to help mitigate related privacy risk?

Question11: A multinational corporation is planning a big data initiative to help with critical business decisions. Which of the following is the BEST way to ensure personal data usage is standardized across the entire organization?

Question12: Which of the following is a foundational goal of data privacy laws?

Question13: To ensure effective management of an organization's data privacy policy, senior leadership MUST define:

Question14: A software development organization with remote personnel has implemented a third-party virtualized workspace to allow the teams to collaborate. Which of the following should be of GREATEST concern?

Question15: Which of the following should be of GREATEST concern when an organization wants to store personal data in the cloud?

Question16: Which of the following helps define data retention time is a stream-fed data lake that includes personal data?

Question17: Which of the following MOST effectively protects against the use of a network sniffer?

Question18: Which of the following is the PRIMARY objective of privacy incident response?

Question19: Which of the following is the MOST effective way to support organizational privacy awareness objectives?

Question20: A migration of personal data involving a data source with outdated documentation has been approved by senior management. Which of the following should be done NEXT?

Question21: Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

Question22: The MOST effective way to incorporate privacy by design principles into applications is to include privacy requirements in.

Question23: Which of the following scenarios poses the GREATEST risk to an organization from a privacy perspective?

Question24: Which of the following should an IT privacy practitioner do FIRST following a decision to expand remote working capability to all employees due to a global pandemic?

Question25: Which of the following is the BEST way to ensure third-party providers that process an organization's personal data are addressed as part of the data privacy strategy?

Question26: Which of the following is the MOST important attribute of a privacy policy?
* Breach notification period

Question27: What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

Question28: Which of the following is the GREATEST benefit of adopting data minimization practices?

Question29: Which of the following poses the GREATEST privacy risk for client-side application processing?

Question30: Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?

Question31: Which of the following is the MOST important privacy consideration for video surveillance in high security areas?

Question32: Which of the following BEST enables an organization to ensure consumer credit card numbers are accurately captured?

Question33: Which of the following is the PRIMARY benefit of implementing policies and procedures for system hardening?

Question34: An organization has initiated a project to enhance privacy protections by improving its information security controls. Which of the following is the MOST useful action to help define the scope of the project?

Question35: Which of the following is the MOST important consideration when choosing a method for data destruction?

Question36: Before executive leadership approves a new data privacy policy, it is MOST important to ensure:

Question37: Which of the following is MOST important when developing an organizational data privacy program?

Question38: An email opt-in form on a website applies to which privacy principle?

Question39: Which of the following helps to ensure the identities of individuals in a two-way communication are verified?

Question40: Which of the following is the PRIMARY reason that organizations need to map the data flows of personal data?

Question41: An online retail company is trying to determine how to handle users' data if they unsubscribe from marketing emails generated from the website. Which of the following is the BEST approach for handling personal data that has been restricted?

Question42: Which of the following is the PRIMARY consideration to ensure control of remote access is aligned to the privacy policy?

Question43: Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

Question44: Which of the following BEST ensures a mobile application implementation will meet an organization's data security standards?

Question45: Within a business continuity plan (BCP), which of the following is the MOST important consideration to ensure the ability to restore availability and access to personal data in the event of a data privacy incident?

Question46: Which of the following is the BEST way for senior management to verify the success of its commitment to privacy by design?

Question47: Which of the following is a role PRIMARILY assigned to an internal data owner?

Question48: Which of the following is the MOST important action to protect a mobile banking app and its data against manipulation and disclosure?

Question49: Which of the following vulnerabilities is MOST effectively mitigated by enforcing multi-factor authentication to obtain access to personal information?

Question50: When is the BEST time during the secure development life cycle to perform privacy threat modeling?

Question51: An organization's work-from-home policy allows employees to access corporate IT assets remotely Which of the following controls is MOST important to mitigate the risk of potential personal data compromise?

Question52: As part of a major data discovery initiative to identify personal data across the organization, the project team has identified the proliferation of personal data held as unstructured data as a major risk. What should be done FIRST to address this situation?

Question53: Which of the following BEST ensures data confidentiality across databases?

Question54: Which of the following is the BEST way to reduce the risk of compromise when transferring personal information using email?

Question55: Which of the following is the PRIMARY reason to use public key infrastructure (PRI) for protection against a man-in-the-middle attack?

Question56: Which of the following practices BEST indicates an organization follows the data minimization principle?

Question57: Which of the following is the best way to reduce the risk of compromised credentials when an organization allows employees to have remote access?

Question58: Which of the following should be done NEXT after a privacy risk has been accepted?

Question59: A multi-national organization has decided that regional human resources (HR) team members must be limited in their access to employee data only within their regional office. Which of the following is the BEST approach?

Question60: Which of the following is MOST important to establish within a data storage policy to protect data privacy?

Question61: Which of the following is the BEST way to explain the difference between data privacy and data security?

Question62: Which of the following is the MOST effective remote access model for reducing the likelihood of attacks originating from connecting devices?

Question63: Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?

Question64: To ensure the protection of personal data, privacy policies should mandate that access to information system applications be authorized by the.

Question65: What is the BEST method to protect customers' personal data that is forwarded to a central system for analysis?

Question66: Which of the following should be done FIRST to establish privacy to design when developing a contact-tracing application?

Question67: Which of the following is a PRIMARY objective of performing a privacy impact assessment (PIA) prior to onboarding a new Software as a Service (SaaS) provider for a customer relationship management (CRM) system?

Question68: Which of the following hard drive sanitation methods provides an organization with the GREATEST level of assurance that data has been permanently erased?

Question69: An organization is developing a wellness smartwatch application and is considering what information should be collected from the application users. Which of the following is the MOST legitimate information to collect for business reasons in this situation?

Question70: An organization is planning a new implementation for tracking consumer web browser activity. Which of the following should be done FIRST?

Question71: An organization is creating a personal data processing register to document actions taken with personal data.
Which of the following categories should document controls relating to periods of retention for personal data?

Question72: Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization's privacy notice. Which of the following is the BEST way to address this concern?

Question73: Which of the following is the GREATEST obstacle to conducting a privacy impact assessment (PIA)?

Question74: Which of the following BEST supports an organization's efforts to create and maintain desired privacy protection practices among employees?

Question75: Which of the following is the BEST way to address privacy concerns when an organization captures personal data from a third party through an open application programming interface (API)?

Question76: Which of the following BEST ensures an effective data privacy policy is implemented?

Question77: What is the PRIMARY means by which an organization communicates customer rights as it relates to the use of their personal information?

Question78: Which of the following BEST enables an organization to ensure privacy-related risk responses meet organizational objectives?

Question79: Which of the following is the BEST method of data sanitization when there is a need to balance the destruction of data and the ability to recycle IT assets?

Question80: Which of the following should be done FIRST when developing an organization-wide strategy to address data privacy risk?

Question81: Which of the following should an IT privacy practitioner review FIRST to understand where personal data is coming from and how it is used within the organization?

Question82: Which of the following is a responsibility of the audit function in helping an organization address privacy compliance requirements?

Question83: Which of the following is the BEST course of action to prevent false positives from data loss prevention (DLP) tools?

Question84: Which of the following is the BEST method to ensure the security of encryption keys when transferring data containing personal information between cloud applications?

Question85: Which of the following tracking technologies associated with unsolicited targeted advertisements presents the GREATEST privacy risk?

Question86: Which of the following is MOST important when designing application programming interfaces (APIs) that enable mobile device applications to access personal data?

Question87: Which of the following should an organization do FIRST to ensure it can respond to all data subject access requests in a timely manner?

Question88: Which of the following MUST be available to facilitate a robust data breach management response?

Question89: Which of the following is the BEST way for an organization to gain visibility into Its exposure to privacy-related vulnerabilities?

Question90: Which of the following is the BEST control to secure application programming interfaces (APIs) that may contain personal information?

Question91: Which of the following is the MOST important consideration for developing data retention requirements?

Question92: Which of the following is the BEST way to validate that privacy practices align to the published enterprise privacy management program?

Question93: Which of the following rights is an important consideration that allows data subjects to request the deletion of their data?

Question94: Which of the following provides the BEST assurance that a potential vendor is able to comply with privacy regulations and the organization's data privacy policy?