Question 1

What is the privacy impact rating of an application that stores personally identifiable information, monitors users with ongoing transfers of anonymous data, and changes settings without notifying the user?

Options :

A : P1 high privacy risk

B : P2 moderate privacy risk

C : P3 low privacy risk

D : P4 no privacy risk

Answer: A

Question 2

While performing functional testing of the ordering feature in the new product, a tester noticed that the order

object was transmitted to the POST endpoint of the API as a human-readable JSON object.

How should existing security controls be adjusted to prevent this in the future?

Options :

A : Ensure passwords and private information are not logged

B : Ensure sensitive transactions can be traced through an audit log

C : Ensure the contents of authentication cookies are encrypted

D : Ensure all requests and responses are encrypted

Answer: D

Question 3

Which step in the change management process includes modifying the source code?

Options :

A : Patch management

B : Installation management

C : Privacy implementation assessment

D : Policy compliance analysis

Answer: A

Question 4

Which privacy impact statement requirement type defines how personal information will be protected when authorized or independent external entities are involved?

Options :

A : Personal information retention requirements

B : User controls requirements

C : Third party requirements

D : Data integrity requirements

Answer: C

Question 5

A recent security review has identified an aging credential recovery/forgotten password component that

emails temporary passwords to users who claim to have forgotten their application password.

How should the organization remediate this vulnerability?

Options :

A : Lock a User Account After Multiple Failed Authentication Attempts

B : Ensure All Authorization Requests Are Logged

C : Implement Multifactor Authentication

D : Implement Role-Based Authorization

Answer: C