A third-party vendor collects and analyzes data for a paint supply retailer website. The retailer
specifically asks for information, such as what colors customers are searching for regularly and what
quantity customers request the most. Which of the following best describes the third-party vendor?
Data processor
Data custodian
Data owner
Data controller
A logistics detail facility must maintain transportation data up to 365 days after transaction closeout. At
the creation of the transaction, the logistics planner tags the information contained in the file according
to classification. The transaction data is protected until disposal. Which data model does this best
represent?
Waterfall development
Data loss prevention
Information life cycle
Non-disclosure agreement
An employee is responsible for protecting the privacy and rights of data used and transmitted by an
organization. The employee dictates the procedures and purpose of data usage. A role is created at an
organization to protect the privacy and rights of any data that is used and transmitted. Which role
governs and dictates the procedures and purpose of data usage?
Data owner
Data controller
Data processor
DPO
A hacker uses a spear phishing technique to infiltrate an Information Technology (IT) company’s network
to steal sensitive data pertaining to new and developing technologies. What is the hacker's goal?
IP theft
Identity theft
Chain of custody
Social engineering
An application maintains social security numbers and birth dates in a database to track medical records
across multiple offices. To maintain the personally identifiable information (PII), which of the following
de-identification methods should the application adopt?
Data masking
Code obfuscation
Tokenization
Hashing
While reviewing an audit log, a financial institution employee notices that several attempts were made
by a user to bypass the authentication process. The user attempted to log in ten times in twenty
minutes using various methods, though the user never gained visible access. Which of the following
describes what the employee should do next?
Nothing, the user did not gain access.
Clear the audit log, in case of error.
Continue to monitor the log until the user authenticates.
Escalate the information to a security manager.
Which of the following can be consequences of a data breach? (Select all that apply.)
Reputation damage
Fines
Escalation
Identity theft
Hackers infiltrated a home furnishings store’s network six months ago. The hackers obtained customer
information to include account and payment data. Since the breach, sales have gone down, and
customers have closed accounts with the store. Which of the following consequences is a direct result of
the breach?
Reputation damage
Identity theft
Escalation
Fines
A website allows a user to apply for a home loan with multiple vendors so that the user can compare
lenders' rates. The process requires personal data entered to verify creditworthiness. The website states
that the data entered can only obtain loan estimates and shall not be shared with outside agencies or
used for any other purpose. Which of the following describes the intent of the statement?
SLA
Terms of agreement
Privacy notice
Public disclosure