Isaca Certification CDPSE Reddit Questions

Requiring independent audits of the providers’ data privacy controls is the best way to ensure third-party providers that process an organization’s personal data are addressed as part of the data privacy strategy. Independent audits can verify that the providers are complying with the applicable data privacy laws and regulations, as well as the organization’s own policies and standards. Independent audits can also identify any gaps or weaknesses in the providers’ data privacy controls and recommend corrective actions or improvements.

References:

• What Is Your Privacy and Data Protection Strategy? - ISACA
• Why data privacy and third-party risk teams need to work together - OneTrust

Domain name system (DNS) sinkhole is a technology that redirects malicious or unwanted domain names to alternative destinations, such as a fake or harmless website, a warning page, or a null address. DNS sinkhole is the most effective technology deployed at an enterprise level to block malicious tracking of user internet browsing, as it would prevent users from accessing websites that use tracking technologies, such as cookies, web beacons, or fingerprinting, to collect and analyze user behavior or preferences. DNS sinkhole would also protect users from other malicious activities, such as malware distribution, phishing attempts, or botnet command and control. The other options are not as effective as DNS sinkhole in blocking malicious tracking of user internet browsing at an enterprise level. Web application firewall (WAF) is a technology that monitors and filters incoming and outgoing web traffic to protect web applications from attacks, such as cross-site scripting (XSS), SQL injection, or denial-of-service (DoS), but it does not block malicious tracking of user internet browsing. Website URL blacklisting is a method of blocking access to websites that are known or suspected to be malicious or harmful, but it does not block malicious tracking of user internet browsing from unknown or legitimate websites that use tracking technologies. Desktop antivirus software is a technology that scans and removes viruses, malware, spyware, or other threats from desktop computers or devices, but it does not block malicious tracking of user internet browsing from websites that use tracking technologies1, p. 92 References: 1: CDPSE Review Manual (Digital Version)