Questions for the CDPSE were updated on : Dec 01 ,2025
Senior management is concerned about data privacy risk resulting from the current use of
duplicative technologies. Which of the following is the BEST way to prevent this problem in the
future?
A
Explanation:
An enterprise architecture (EA) management team ensures technology use is coordinated, reducing
duplication and inconsistency that increase privacy risk. A privacy committee (B) sets governance but
does not address technical duplication; penetration testing (C) identifies vulnerabilities, not
redundancy; training (D) improves awareness but not systemic technology alignment.
“Enterprise architecture ensures consistent, standardized technology deployment, reducing
unnecessary duplication and privacy risks.”
Reference: ISACA CDPSE Review Manual – Domain 1: Privacy Governance (Enterprise Architecture,
Technology Risk Alignment).
Which of the following observations should be of MOST concern to an IT privacy practitioner during
an evaluation of an organization’s privacy practices?
D
Explanation:
Storing tokens of PII directly in database fields undermines the security of tokenization and risks re-
identification, making it the most concerning issue. Shared drives (A) and lack of labels (B) are
governance gaps, and limited third-party access (C) can be controlled contractually, but token misuse
(D) poses direct privacy risk.
“Improper token storage can compromise de-identification, reintroducing privacy risk.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy Architecture (Tokenization, De-
identification Risks).
Which of the following solutions would BEST enable a privacy practitioner to support control over
data processing activities related to personal information?
B
Explanation:
A consent management platform (CMP) directly supports control over personal data processing by
tracking and enforcing individuals’ consent preferences across systems. SIEM (A) monitors security
events, ERP (C) supports operations, and DLP (D) protects against data leakage but does not manage
lawful basis for processing.
“Consent management tools ensure personal data is processed only in line with valid consent or
lawful basis.”
Reference: ISACA CDPSE Review Manual – Domain 3: Privacy Operations (Consent Management).
Which of the following is the MOST important reason for an organization to establish a framework for
privacy audits?
A
Explanation:
The primary purpose of a privacy audit framework is to confirm and demonstrate effectiveness of the
privacy program in achieving objectives and regulatory compliance. Historical breaches (B) and
benchmarking (D) are by-products; maximizing staff effort (C) is about audit efficiency, not program
assurance.
“Privacy audits validate the effectiveness and compliance of the privacy program.”
Reference: ISACA CDPSE Review Manual – Domain 1: Privacy Governance (Monitoring, Auditing, and
Assurance).
Which of the following is the MOST important consideration when introducing a privacy by design
framework in an organization?
C
Explanation:
Privacy by design is effective only when aligned with organizational objectives and operations,
ensuring adoption and sustainability. Early changes (A) are beneficial but not the most important;
prioritizing privacy over security (B) ignores their complementarity; regulatory requirements (D) are
mandatory but must be balanced with operations.
“Privacy controls should be integrated into business processes to achieve compliance and
operational effectiveness.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy by Design (Alignment with Business
Objectives).
Which of the following would BEST support an organization in fulfilling data subject rights?
D
Explanation:
A current and accurate data map enables organizations to locate personal data across systems, which
is essential for responding to access, rectification, erasure, and portability requests. DLP (A) prevents
leakage, not rights fulfillment; breach handling (B) addresses incidents, not rights; contact forms (C)
provide intake but not fulfillment.
“Data maps provide visibility into where and how personal data is processed, enabling rights
fulfillment.”
Reference: ISACA CDPSE Review Manual – Domain 3: Privacy Operations (Data Subject Rights, Data
Mapping & Inventory).
Which of the following is considered a privacy-enhancing technology (PET)?
C
Explanation:
Synthetic data generation is a recognized privacy-enhancing technology (PET) because it allows
realistic model training and analysis without exposing actual personal data. PKI (A) provides
authentication, not privacy preservation; blockchain (B) increases transparency but may conflict with
privacy; identity management (D) supports security but is not a PET by itself.
“Synthetic data preserves patterns while removing identifiable personal information, enabling safe
processing.”
Reference: ISACA CDPSE Review Manual – Domain 2: PETs (Synthetic Data, De-identification
Methods).
Which of the following poses the GREATEST data privacy risk related to the use of large language
models (LLMs)?
A
Explanation:
The use of personal data in model training is the primary privacy risk with LLMs, since once trained,
models may retain, reproduce, or infer personal data without proper controls. Hallucinations (B),
expertise shortages (C), and interoperability issues (D) are operational or performance risks, but not
privacy risks.
“Training models on personal data can result in unintended retention, exposure, or disclosure of
sensitive information.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy Architecture (Emerging Technologies; AI
& LLM Privacy Risks).
The purpose of consent tagging is to:
B
Explanation:
Consent tagging is a metadata-driven process that associates consent preferences with an
individual’s data, enabling organizations to manage consent dynamically across systems. It is not
limited to cookies (A), one-time logging (C), or initial requests (D).
“Consent tagging links an individual’s data with their recorded consent choices for compliant
processing.”
Reference: ISACA CDPSE Review Manual – Domain 3: Privacy Operations (Consent Management &
Consent Tagging).
Which of the following can BEST help an organization ensure that it maintains accurate and up-to-
date data inventory records?
A
Explanation:
Automated data discovery and classification tools provide continuous and systematic identification
of data assets across the enterprise, ensuring accuracy and reducing manual errors. Internal updates
(B) and departmental reporting (D) depend on human diligence; periodic manual audits (C) are time-
bound and may miss changes between reviews.
“Automated discovery ensures a current and reliable data inventory, critical for privacy compliance.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy Architecture (Data Inventory,
Automated Discovery & Classification).
A staffing agency collects a broad scope of data on candidates (including education, credit, and
medical history). This may violate which of the following data privacy principles?
C
Explanation:
Collecting more data than necessary for recruitment violates the principle of data minimization,
which requires limiting collection to what is adequate, relevant, and necessary. Transparency (A)
deals with notice, localization (B) concerns storage jurisdiction, and quality (D) addresses accuracy.
“Data minimization: collect and process only the data that is necessary for the stated purpose.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy by Design & Default (Data Minimization
Principle).
Which of the following is the BEST approach for an organization that wants to transfer risk associated
with a potential breach involving customer personal data?
B
Explanation:
Risk transfer means shifting financial liability or impact to another party. Cyber insurance (B) directly
achieves this by covering breach-related costs. Adopting standards (A) and retaining third parties (C,
D) are risk mitigation/reduction, not transfer.
“Risk transfer is commonly achieved via insurance coverage for breach costs and liabilities.”
Reference: ISACA CDPSE Review Manual – Domain 1: Privacy Governance & Risk Management (Risk
Treatment Options – Avoid, Reduce, Transfer, Accept).
Which of the following is the BEST approach when providing data subjects with access to their
personal data?
C
Explanation:
Providing data subjects direct access through a profile page is the best practice because it supports
transparency and control while fulfilling data subject rights (e.g., access, rectification). Limiting edits
(A) or disabling modifications (D) restricts rights. Using email to generate IDs (B) is unrelated to
enabling data subject access.
“Data subjects should have the ability to view and manage their own information directly.”
Reference: ISACA CDPSE Review Manual – Domain 3: Privacy Operations (Data Subject Rights –
Access & Rectification).
Which of the following is the BEST way to ensure privacy is embedded into the training of an AI
model?
C
Explanation:
Synthetic data is generated artificially to mimic patterns without containing real personal data,
making it the strongest method to embed privacy by design in AI training. De-identification (A)
reduces but does not eliminate reidentification risk; consent (B) addresses lawfulness, not privacy-
preserving training; privacy notices (D) provide transparency but not technical risk reduction.
“Synthetic data allows AI model training without exposing real personal information.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy-Enhancing Technologies (Synthetic
Data, PETs in AI/ML).
Which of the following is the MOST effective use of data flow diagrams when implementing a data
privacy compliance program?
B
Explanation:
Data flow diagrams (DFDs) are most valuable for illustrating the locations and movements of
personal data across systems and processes, which is essential for compliance mapping and controls.
Mapping at rest (C) or transit (D) are subsets of this broader view, while (A) is vague.
“DFDs identify where personal data resides and flows, supporting compliance and risk
management.”
Reference: ISACA CDPSE Review Manual – Domain 2: Privacy Architecture (Data Flow Mapping,
Inventories, Records of Processing).