Isaca CDPSE - Certified Data Privacy Solutions Engineer

Inferred data is the type of data that is produced by using a more complex method of analytics to find correlations between data sets and using them to categorize or profile people. Inferred data is not directly observed or collected from the data subjects, but rather derived from other sources of data, such as behavioral, transactional, or demographic data. Inferred data can be used to make assumptions or predictions about the data subjects’ preferences, interests, behaviors, or characteristics12.

References:

CDPSE Review Manual, Chapter 3 – Data Lifecycle, Section 3.1 – Data Classification3.

CDPSE Certified Data Privacy Solutions Engineer All-in-One Exam Guide, Chapter 3 – Data Lifecycle, Section 3.2 – Data Classification4.

A privacy impact assessment (PIA) is a systematic process to identify and evaluate the potential privacy impacts of a system, project, program or initiative that involves the collection, use, disclosure or retention of personal data. A PIA should be done first to address privacy risk when migrating customer relationship management (CRM) data to a new system, as it would help to ensure that privacy risks are identified and mitigated before the migration is executed. A PIA would also help to ensure compliance with privacy principles, laws and regulations, and alignment with customer expectations and preferences. The other options are not as important as performing a PIA when addressing privacy risk when migrating CRM data to a new system. Developing a data migration plan is a process of defining and documenting the objectives, scope, approach, methods and steps for transferring data from one system to another, but it does not necessarily address privacy risk or impact. Conducting a legitimate interest analysis (LIA) is a process of assessing whether there is a legitimate interest for processing personal data that outweighs the rights and interests of the data subjects, but it is only applicable in certain jurisdictions and situations where legitimate interest is a valid legal basis for processing. Obtaining consent from data subjects is a process of obtaining their permission or agreement before collecting, using, disclosing or transferring their personal data for specific purposes, but it may not be required or sufficient for migrating CRM data to a new system, depending on the context and nature of the migration and the applicable laws and regulations1, p. 67 References: 1: CDPSE Review Manual (Digital Version)

Biometric records are personal information that can be used to identify an individual based on their physical or behavioral characteristics, such as fingerprints, facial recognition, iris scans, voice patterns, etc. Biometric records are considered sensitive personal information that require special protection and consent from the data subject. Biometric records can be used for various purposes, such as authentication, identification, security, etc., but they also pose privacy risks, such as unauthorized access, use, disclosure, or transfer of biometric data. References: : CDPSE Review Manual (Digital Version), page 25

The best answer is D. Mutual certificate authentication.

A comprehensive explanation is:

Mutual certificate authentication is a method of mutual authentication that uses public key certificates to verify the identities of both parties in a two-way communication. A public key certificate is a digital document that contains information about the identity of the certificate holder, such as their name, organization, domain name, etc., as well as their public key, which is used for encryption and digital signature. A public key certificate is issued and signed by a trusted authority, called a certificate authority (CA), that vouches for the validity of the certificate.

Mutual certificate authentication works as follows:

Both parties have a public key certificate issued by a CA that they trust.

When they initiate a communication, they exchange their certificates with each other.

They verify the signatures on the certificates using the CA’s public key, which they already have or can obtain from a trusted source.

They check that the certificates are not expired, revoked, or tampered with.

They extract the public keys from the certificates and use them to encrypt and decrypt messages or to generate and verify digital signatures.

They confirm that the identities in the certificates match their expectations and intentions.

By using mutual certificate authentication, both parties can be confident that they are communicating with the intended and legitimate party, and that their communication is secure and confidential.

Mutual certificate authentication is often used in conjunction with Transport Layer Security (TLS), a protocol that provides encryption and authentication for network communications. TLS supports both one-way and two-way authentication. In one-way authentication, only the server presents a certificate to the client, and the client verifies it. In two-way authentication, also known as mutual TLS or mTLS, both the server and the client present certificates to each other, and they both verify them. Mutual TLS is commonly used for secure web services, such as APIs or webhooks, that require both parties to authenticate each other.

Virtual private network (VPN), Secure Shell (SSH), and Transport Layer Security (TLS) are all technologies that can help to ensure the identities of individuals in a two-way communication are verified, but they are not methods of mutual authentication by themselves. They can use mutual certificate authentication as one of their options, but they can also use other methods, such as username and password, pre-shared keys, or tokens. Therefore, they are not as specific or accurate as mutual certificate authentication.

References:

What is mutual authentication? | Two-way authentication1

How to prove and verify someone’s identity2

Identity verification - Information Security & Policy3

Ensuring appropriate data classification should be done next after a migration of personal data involving a data source with outdated documentation has been approved by senior management, as it helps to identify the types, locations, and owners of the data, and to apply the appropriate privacy controls and measures based on the data classification level. Data classification also facilitates the data discovery, data minimization, data retention, and data disposal processes15. References: 1 Domain 3, Task 2; 5 Page 9

A peer-to-peer (P2P) system architecture is a network model where each node (peer) can act as both a client and a server, and communicate directly with other peers without relying on a centralized authority or intermediary. A P2P system architecture best supports anonymity for data transmission, by providing the following advantages:

It can hide the identity and location of the peers, by using encryption, pseudonyms, proxies, or onion routing techniques, such as Tor1 or I2P2. These techniques can prevent eavesdropping, tracking, or censorship by third parties, such as Internet service providers, governments, or hackers.

It can distribute the data across multiple peers, by using hashing, replication, or fragmentation techniques, such as BitTorrent3 or IPFS4. These techniques can reduce the risk of data loss, corruption, or tampering by malicious peers, and increase the availability and resilience of the data.

It can enable the peers to control their own data, by using consensus, validation, or incentive mechanisms, such as blockchain5 or smart contracts. These mechanisms can ensure the integrity and authenticity of the data transactions, and enforce the privacy policies and preferences of the data owners.

National data privacy legislative and regulatory requirements in each relevant jurisdiction are the most important data protection consideration for a global organization that is planning to implement a customer relationship management (CRM) system to be used in offices based in multiple countries, as they would determine the legal obligations and responsibilities of the organization with respect to the collection, use, disclosure and transfer of customer personal data across different jurisdictions. National data privacy legislative and regulatory requirements may vary significantly from country to country, depending on the type or nature of personal data or data processing activities, and may impose different rules and standards for obtaining consent, providing notice, ensuring security, enforcing rights, reporting breaches, appointing representatives or transferring data. The organization would need to comply with the national data privacy legislative and regulatory requirements in each relevant jurisdiction where it operates or where its customers are located, and to implement appropriate measures and safeguards to ensure compliance. The other options are not as important as national data privacy legislative and regulatory requirements in each relevant jurisdiction as data protection considerations for a global organization that is planning to implement a CRM system to be used in offices based in multiple countries. Industry best practice related to information security standards in each relevant jurisdiction may provide some guidance or benchmarks for ensuring security of customer personal data, but they may not reflect the specific context or needs of the organization or the customers, or comply with the legal obligations and responsibilities of the organization. Identity and access management mechanisms to restrict access based on need to know may help to protect customer personal data from unauthorized access, modification or disclosure by internal or external parties, but they may not address other aspects of data protection, such as consent, notice, rights, breaches, representatives or transfers. Encryption algorithms for securing customer personal data at rest and in transit may help to protect customer personal data from unauthorized access, modification or disclosure by internal or external parties, but they may not address other aspects of data protection, such as consent, notice, rights, breaches, representatives or transfers1, p. 63-64 References: 1: CDPSE Review Manual (Digital Version)

After a privacy risk has been accepted, the next step is to monitor the risk landscape for material changes. This means that the organization should keep track of any internal or external factors that may affect the likelihood or impact of the risk, such as new threats, vulnerabilities, regulations, technologies, or business processes. Monitoring the risk landscape can help the organization identify if the risk acceptance decision is still valid, or if it needs to be revisited or revised. Monitoring can also help the organization prepare for potential incidents or consequences that may arise from the accepted risk.

The primary consideration to ensure control of remote access is aligned to the privacy policy is that access is only granted to authorized users. This means that the organization should implement and enforce policies and procedures to identify, authenticate, and authorize users who need to access personal data remotely, such as employees, contractors, or service providers. The organization should also define and communicate the roles and responsibilities of remote users, and the terms and conditions of remote access, such as the purpose, scope, duration, and security measures. By granting access only to authorized users, the organization can protect data privacy by preventing unauthorized or unnecessary access, use, disclosure, or transfer of personal data. References: : CDPSE Review Manual (Digital Version), page 107