Download Latest CDPSE Questions

The most useful information for prioritizing database selection for encryption is the asset classification scheme. An asset classification scheme is a system of organizing and categorizing assets based on their value, sensitivity, criticality, or risk level. An asset classification scheme helps to determine the appropriate level of protection or handling for each asset. For example, an asset classification scheme may assign labels such as public, internal, confidential, or secret to different types of data based on their impact if compromised. Databases that contain higher-classified data should be prioritized for encryption to prevent unauthorized access, disclosure, or modification.

Database administration audit logs, historical security incidents, or penetration test results are also useful information for database security, but they are not the most useful for prioritizing database selection for encryption. Database administration audit logs are records of activities performed by database administrators or other privileged users on the database system. Database administration audit logs help to monitor and verify the actions and changes made by authorized users and detect any anomalies or violations. Historical security incidents are records of events that have compromised or threatened the security of the database system in the past. Historical security incidents help to identify and analyze the root causes, impacts, and lessons learned from previous breaches or attacks. Penetration test results are reports of simulated attacks performed by ethical hackers or security experts on the database system to evaluate its vulnerabilities and defenses. Penetration test results help to discover and exploit any weaknesses or gaps in the database security posture and recommend remediation actions.

References: Data Classification Policy - SANS Institute, Database Security Best Practices - Oracle, [Database Security: An Essential Guide | IBM]

A thin client remote desktop protocol (RDP) is the most effective remote access model for reducing the likelihood of attacks originating from connecting devices, because it minimizes the amount of data and processing that occurs on the remote device. A thin client RDP only sends keyboard, mouse and display information between the remote device and the server, while the actual processing and storage of data happens on the server. This reduces the exposure of sensitive data and applications to potential attackers who may compromise the remote device.

References:

• CDPSE Review Manual, Chapter 2 – Privacy Architecture, Section 2.3 – Privacy Architecture Implementation1.
• CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 2 – Privacy Architecture, Section 2.4 – Remote Access2.

The best approach for a local office of a global organization faced with multiple privacy-related compliance requirements is to focus on the requirements with the highest organizational impact, because this will help prioritize the most critical and urgent privacy issues and risks that may affect the organization’s reputation, operations, or legal obligations. Focusing on the highest impact requirements will also help allocate the resources and efforts more efficiently and effectively, as well as align the local office’s privacy practices with the global organization’s objectives and strategies12.

References:

• CDPSE Exam Content Outline, Domain 1 – Privacy Governance (Governance, Management & Risk Management), Task 3: Participate in the evaluation of privacy policies, programs and policies for their alignment with legal requirements, regulatory requirements and/or industry best practices3.
• CDPSE Review Manual, Chapter 1 – Privacy Governance, Section 1.2 – Privacy Policy4.

From a privacy perspective, it is most important to ensure data backups are encrypted. Encryption is a process of transforming data into an unreadable form using a secret key or algorithm. Encryption can help protect the confidentiality, integrity, and availability of data backups by preventing unauthorized access, disclosure, or modification. Encryption can also help comply with legal and regulatory requirements for data protection, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA). Encryption can be applied to data backups at different levels, such as file-level, disk-level, or network-level encryption.

Incremental backups, differential backups, or pseudonymization are also useful for data backup management, but they are not the most important from a privacy perspective. Incremental backups are backups that only copy the data that has changed since the last backup, whether it was a full, differential, or incremental backup. Incremental backups can help save storage space and time, but they do not directly protect the data from unauthorized access or disclosure. Differential backups are backups that only copy the data that has changed since the last full backup. Differential backups can also help save storage space and time, but they also do not directly protect the data from unauthorized access or disclosure. Pseudonymization is a process of replacing identifying information in data with artificial identifiers or pseudonyms. Pseudonymization can help enhance the privacy of data by reducing the linkability between data and data subjects, but it does not prevent re-identification or inference attacks.

References: Data backups 101: A complete guide for 2023 - Norton, Backup & Secure | U.S. Geological Survey - USGS.gov, The GDPR: How the right to be forgotten affects backups