ExamTopics Logo
Mail Us[email protected]
Menu
 

Isaca CDPSE Actual Exam Questions

Last updated on Nov. 20, 2025.
97% Passed the exam with this material
374 Questions & Answers Included

Topic 1 - Exam A

Question #1 Topic 1

What should be the PRIMARY consideration of a multinational organization deploying a user and entity behavior analytics (UEBA) tool to centralize the monitoring of anomalous employee behavior?

  • A. Cross-border data transfer
  • B. Support staff availability and skill set
  • C. User notification
  • D. Global public interest
Reveal Solution Hide Solution   Discussion   1

Correct Answer: A 🗳️

Question #2 Topic 1

Which of the following should be the FIRST consideration when conducting a privacy impact assessment (PIA)?

  • A. The applicable privacy legislation
  • B. The quantity of information within the scope of the assessment
  • C. The systems in which privacy-related data is stored
  • D. The organizational security risk profile
Reveal Solution Hide Solution   Discussion   3

Correct Answer: C 🗳️

Question #3 Topic 1

Which of the following BEST represents privacy threat modeling methodology?

  • A. Mitigating inherent risks and threats associated with privacy control weaknesses
  • B. Systematically eliciting and mitigating privacy threats in a software architecture
  • C. Reliably estimating a threat actor’s ability to exploit privacy vulnerabilities
  • D. Replicating privacy scenarios that reflect representative software usage
Reveal Solution Hide Solution   Discussion   3

Correct Answer: A 🗳️

Question #4 Topic 1

An organization is creating a personal data processing register to document actions taken with personal data. Which of the following categories should document controls relating to periods of retention for personal data?

  • A. Data archiving
  • B. Data storage
  • C. Data acquisition
  • D. Data input
Reveal Solution Hide Solution   Discussion   1

Correct Answer: A 🗳️

Question #5 Topic 1

Data collected by a third-party vendor and provided back to the organization may not be protected according to the organization’s privacy notice. Which of the following is the BEST way to address this concern?

  • A. Review the privacy policy.
  • B. Obtain independent assurance of current practices.
  • C. Re-assess the information security requirements.
  • D. Validate contract compliance.
Reveal Solution Hide Solution   Discussion   1

Correct Answer: D 🗳️

Question #6 Topic 1

During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?

  • A. Segregation of duties
  • B. Unique user credentials
  • C. Two-person rule
  • D. Need-to-know basis
Reveal Solution Hide Solution   Discussion   3

Correct Answer: A 🗳️

Question #7 Topic 1

Which of the following should FIRST be established before a privacy office starts to develop a data protection and privacy awareness campaign?

  • A. Detailed documentation of data privacy processes
  • B. Strategic goals of the organization
  • C. Contract requirements for independent oversight
  • D. Business objectives of senior leaders
Reveal Solution Hide Solution   Discussion   1

Correct Answer: B 🗳️

Question #8 Topic 1

Which of the following features should be incorporated into an organization’s technology stack to meet privacy requirements related to the rights of data subjects to control their personal data?

  • A. Providing system engineers the ability to search and retrieve data
  • B. Allowing individuals to have direct access to their data
  • C. Allowing system administrators to manage data access
  • D. Establishing a data privacy customer service bot for individuals
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️

Question #9 Topic 1

Which of the following is the GREATEST concern for an organization subject to cross-border data transfer regulations when using a cloud service provider to store and process data?

  • A. The service provider has denied the organization’s request for right to audit.
  • B. Personal data stored on the cloud has not been anonymized.
  • C. The extent of the service provider’s access to data has not been established.
  • D. The data is stored in a region with different data protection requirements.
Reveal Solution Hide Solution   Discussion  

Correct Answer: D 🗳️

Question #10 Topic 1

When configuring information systems for the communication and transport of personal data, an organization should:

  • A. adopt the default vendor specifications.
  • B. review configuration settings for compliance.
  • C. implement the least restrictive mode.
  • D. enable essential capabilities only.
Reveal Solution Hide Solution   Discussion  

Correct Answer: B 🗳️

file Viewing page 1 out of 38 pages.
Viewing questions 1-10 out of 374 questions
Next Questions
Browse atleast 50% to increase passing rate cup
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.