無料問題集DCPLA 資格取得
質問 1:
Privacy enhancing tools aim to allow users to take one or more of the following actions related to their personal data that is sent to, and used by online service providers, merchants or other users:
I) Increase control over their personal data
II) Choose whether to use services anonymously or not
III) Obtain informed consent about sharing their personal data
IV) Opt-out of behavioral advertising or any other use of data
A. I, II, III and IV
B. Only I and II
C. Only II
D. Only I
正解:A
質問 2:
Which of the following is not in line with the modem definition of Consent?
A. Consenting individual should have the ability to withdraw consent
B. Consent is taken by clear and affirmative action
C. Consent should be bundled in nature
D. Purpose of processing should be informed to the individual before consenting
正解:C
質問 3:
Classify the following scenario as major or minor non-conformity.
"The organization is aware of the PI dealt by it at a broad level based on the business services provided but does not have the detailed view of which business functions, processes or relationships deal with what types of PI including usage, access, transmission, storage, etc."
A. Minor
B. Both Major & Minor
C. Major
D. None of the above
正解:C
質問 4:
Which of the following is not an objective of POR?
A. Identify all the activities, functions and operations that can be attributed to the privacy initiatives of an organization
B. Evaluate the role of corporate function in legal compliance management, its relations with IT, and security functions. Evaluate the role of legal function in compliance matters
C. Create an inventory of business processes, enterprise and operational functions, client relationships that deal with personal information
D. Establish a privacy function to address the activities, functions and operations that are required to manage the privacy initiatives
正解:B
質問 5:
FILL BLANK
PPP
Based on the visibility exercise, the consultants created a single privacy policy applicable to all the client relationships and business functions. The policy detailed out what PI company deals with, how it is used, what security measures are deployed for protection, to whom it is shared, etc. Given the need to address all the client relationships and business functions, through a single policy, the privacy policy became very lengthy and complex. The privacy policy was published on company's intranet and also circulated to heads of all the relationships and functions. W.r.t. some client relationships, there was also confusion whether the privacy policy should be notified to the end customers of the clients as the company was directly collecting PI as part of the delivery of BPM services. The heads found it difficult to understand the policy (as they could not directly relate to it) and what actions they need to perform. To assuage their concerns, a training workshop was conducted for 1 day. All the relationship and function heads attended the training. However, the training could not be completed in the given time, as there were numerous questions from the audiences and it took lot of time to clarify.
(Note: Candidates are requested to make and state assumptions wherever appropriate to reach a definitive conclusion) Introduction and Background XYZ is a major India based IT and Business Process Management (BPM) service provider listed at BSE and NSE. It has more than 1.5 lakh employees operating in 100 offices across 30 countries. It serves more than 500 clients across industry verticals - BFSI, Retail, Government, Healthcare, Telecom among others in Americas, Europe, Asia-Pacific, Middle East and Africa. The company provides IT services including application development and maintenance, IT Infrastructure management, consulting, among others. It also offers IT products mainly for its BFSI customers.
The company is witnessing phenomenal growth in the BPM services over last few years including Finance & Accounting including credit card processing, Payroll processing, Customer support, Legal Process Outsourcing, among others and has rolled out platform based services. Most of the company's revenue comes from the US from the BFSI sector. In order to diversify its portfolio, the company is looking to expand its operations in Europe. India, too has attracted company's attention given the phenomenal increase in domestic IT spend esp. by the government through various large scale IT projects. The company is also very aggressive in the cloud and mobility space, with a strong focus on delivery of cloud services. When it comes to expanding operations in Europe, company is facing difficulties in realizing the full potential of the market because of privacy related concerns of the clients arising from the stringent regulatory requirements based on EU General Data Protection Regulation (EU GDPR).
To get better access to this market, the company decided to invest in privacy, so that it is able to provide increased assurance to potential clients in the EU and this will also benefit its US operations because privacy concerns are also on rise in the US. It will also help company leverage outsourcing opportunities in the Healthcare sector in the US which would involve protection of sensitive medical records of the US citizens.
The company believes that privacy will also be a key differentiator in the cloud business going forward. In short, privacy was taken up as a strategic initiative in the company in early 2011.
Since XYZ had an internal consulting arm, it assigned the responsibility of designing and implementing an enterprise wide privacy program to the consulting arm. The consulting arm had very good expertise in information security consulting but had limited expertise in the privacy domain. The project was to be driven by CIO's office, in close consultation with the Corporate Information Security and Legal functions.
Given the confusion among relationship and function heads, how would you proceed to address the problem and ensure that policy is well understood and deployed? (250 to 500 words)
正解:
In order to address the confusion among relationship and function heads, it is important to ensure that the privacy policy is effectively communicated and understood by all stakeholders. The following steps can be taken towards this end:
1. Awareness Campaigns - In order to educate the stakeholders about the importance of data privacy, various awareness campaigns should be launched through digital media, print media, and seminars. These campaigns must include topics such as why data privacy is important, the consequences of not adhering to the policy, and how to comply with it.
2. Training - In addition to awareness campaigns, proper training should be provided to all stakeholders on data privacy policies and procedures. The training should also focus on best practices such as secure coding, encryption techniques etc., so that they understand the importance of these security measures in protecting data from unauthorized access.
3. Policies and Procedures - All stakeholders should have access to a clear set of policies and procedures governing their actions related to data privacy. Such guidelines should include information about the types of sensitive information which needs to be kept confidential, what constitutes a violation of the policy, and how to take corrective measures if a violation occurs.
4. Auditing - The effectiveness of all the policies and procedures should be regularly audited in order to ensure that the data privacy policy is being followed properly. Any discrepancies or violations must be reported immediately so that appropriate action can be taken.
5. Reporting Mechanism - A reporting mechanism should also be put into place for stakeholders to report any suspected errors or breaches in data privacy policies. This will help in identifying potential risks early on and taking corrective action as soon as possible.
These initiatives will not only reduce confusion among relationship and function heads but will also help build trust with customers by ensuring proper implementation of enterprise-wide privacy program, which in turn will help the company in leveraging outsourcing opportunities. Lastly, by following all these measures, the company will be able to demonstrate its commitment towards privacy and create a secure environment for its customers.
In conclusion, in order to ensure that policy is well understood and deployed, it is important to take appropriate steps such as launching awareness campaigns, providing training to stakeholders on data privacy policies, auditing policies and procedures regularly, and setting up a reporting mechanism for errors or breaches. Doing so will reduce confusion among relationship and function heads and help build trust with customers by ensuring proper implementation of an enterprise-wide privacy program.
質問 6:
__________ calls for inclusion of data protection from the onset of the designing of systems.
A. Privacy by Design
B. Safeguarding Approach
C. Agile Model
D. Logical Design
正解:A
質問 7:
Which of the following are classified as Sensitive Personal Data or Information under Section 43A of ITAA, 2008? (Choose all that apply.)
A. Caste and religious beliefs
B. Biometric information
C. Medical records and history
D. Sexual orientation
E. Financial information
F. Password
正解:B,C,D,E
TopExamは君にDCPLAの問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。
一年間の無料更新サービスを提供します
君が弊社のDSCI DCPLAをご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたDSCI DCPLAをお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のDSCI DCPLAを持っていることを保証します。
弊社は失敗したら全額で返金することを承諾します
我々は弊社のDCPLA問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のDSCI DCPLAを利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。
弊社は無料DSCI DCPLAサンプルを提供します
お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料DCPLAサンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのDCPLA問題集は自分に適するかどうか判断して購入を決めることができます。
DCPLA試験ツール:あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。
安全的な支払方式を利用しています
Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のDCPLA問題集は全部Credit Cardで支払われることができます。
領収書について:社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。
弊社のDSCI DCPLAを利用すれば試験に合格できます
弊社のDSCI DCPLAは専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はDCPLA問題集の質問と答えが間違いないのを保証いたします。
この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100%の合格率を保証します。我々の高質量のDSCI DCPLAを利用すれば、君は一回で試験に合格できます。
DSCI Certified Privacy Lead Assessor DCPLA certification 認定 DCPLA 試験問題:
1. In the landmark case _______________ the Honourable Supreme Court of India reaffirmed the status of Right to Privacy as a Fundamental Right under Part III of the constitution.
A) M. P. Sharma and others vs. Satish Chandra, District Magistrate, Delhi, and others
B) Justice K. S. Puttaswamy (Retd.) and Anr. vs. Union of India And Ors
C) Olga Tellis vs. Bombay Municipal Corporation
D) Maneka Gandhi vs. Union of India
2. Entities should collect personal information from user that is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This Privacy Principle is called:
A) Storage Limitation
B) Use Limitation
C) Collection Limitation
D) Accountability
3. FILL BLANK
RCI and PCM
Given its global operations, the company is exposed to multiple regulations (privacy related) across the globe and needs to comply mostly through contracts for client relationships and directly for business functions. The corporate legal team is responsible for managing the contracts and understanding, interpreting and translating the legal requirements. There is no formal tracking of regulations done. The knowledge about regulations mainly comes through interaction with the client team. In most of the contracts, the clients have simply referred to the applicable legislations without going any further in terms of their applicability and impact on the company. Since business expansion is the priority, the contracts have been signed by the company without fully understanding their applicability and impact. Incidentally, when the privacy initiatives were being rolled out, a major data breach occurred at one of the healthcare clients located in the US. The US state data protection legislation required the client to notify the data breach. During investigations, it emerged that the data breach happened because of some vulnerability in the system owned by the client but managed by the company and the breach actually happened 5 months back and came to notice now. The system was used to maintain medical records of the patients. This vulnerability had been earlier identified by a third party vulnerability assessment of the system and the closure of vulnerability was assigned to the company. The company had made the requisite changes and informed the client. The client, however, was of the view that the changes were actually not made by the company and they therefore violated the terms of contract which stated that - "the company shall deploy appropriate organizational and technology measures for protection of personal information in compliance with the XX state data protection legislation." The company could not produce necessary evidences to prove that the configuration changes were actually made by it (including when these were made).
(Note: Candidates are requested to make and state assumptions wherever appropriate to reach a definitive conclusion) Introduction and Background XYZ is a major India based IT and Business Process Management (BPM) service provider listed at BSE and NSE. It has more than 1.5 lakh employees operating in 100 offices across 30 countries. It serves more than 500 clients across industry verticals - BFSI, Retail, Government, Healthcare, Telecom among others in Americas, Europe, Asia-Pacific, Middle East and Africa. The company provides IT services including application development and maintenance, IT Infrastructure management, consulting, among others. It also offers IT products mainly for its BFSI customers.
The company is witnessing phenomenal growth in the BPM services over last few years including Finance & Accounting including credit card processing, Payroll processing, Customer support, Legal Process Outsourcing, among others and has rolled out platform based services. Most of the company's revenue comes from the US from the BFSI sector. In order to diversify its portfolio, the company is looking to expand its operations in Europe. India, too has attracted company's attention given the phenomenal increase in domestic IT spend esp. by the government through various large scale IT projects. The company is also very aggressive in the cloud and mobility space, with a strong focus on delivery of cloud services. When it comes to expanding operations in Europe, company is facing difficulties in realizing the full potential of the market because of privacy related concerns of the clients arising from the stringent regulatory requirements based on EU General Data Protection Regulation (EU GDPR).
To get better access to this market, the company decided to invest in privacy, so that it is able to provide increased assurance to potential clients in the EU and this will also benefit its US operations because privacy concerns are also on rise in the US. It will also help company leverage outsourcing opportunities in the Healthcare sector in the US which would involve protection of sensitive medical records of the US citizens.
The company believes that privacy will also be a key differentiator in the cloud business going forward. In short, privacy was taken up as a strategic initiative in the company in early 2011.
Since XYZ had an internal consulting arm, it assigned the responsibility of designing and implementing an enterprise wide privacy program to the consulting arm. The consulting arm had very good expertise in information security consulting but had limited expertise in the privacy domain. The project was to be driven by CIO's office, in close consultation with the Corporate Information Security and Legal functions.
What should be the learning for the company going forward? What should the consultants suggest? (250 to 500 words)
4. There are several privacy incidents reported in an organization. The organization plans to analyze and learn from these incidents. Which privacy practice will the organization have to implement for the same?
A) Privacy contract management
B) Privacy monitoring and incident management
C) Privacy awareness and training
D) Information usage and access
5. Which of the following is not in line with the modem definition of Consent?
A) Consenting individual should have the ability to withdraw consent
B) Consent is taken by clear and affirmative action
C) Consent should be bundled in nature
D) Purpose of processing should be informed to the individual before consenting
質問と回答:
質問 # 1
正解: B | 質問 # 2
正解: C | 質問 # 3
正解: メンバーにのみ表示されます | 質問 # 4
正解: B | 質問 # 5
正解: C |
PDF版 Demo
品質保証TopExamは我々の専門家たちの努力によって、過去の試験のデータが分析されて、数年以来の研究を通して開発されて、多年の研究への整理で、的中率が高くて99%の通過率を保証することができます。
一年間の無料アップデートTopExamは弊社の商品をご購入になったお客様に一年間の無料更新サービスを提供することができ、行き届いたアフターサービスを提供します。弊社は毎日更新の情況を検査していて、もし商品が更新されたら、お客様に最新版をお送りいたします。お客様はその一年でずっと最新版を持っているのを保証します。
全額返金弊社の商品に自信を持っているから、失敗したら全額で返金することを保証します。弊社の商品でお客様は試験に合格できると信じていますとはいえ、不幸で試験に失敗する場合には、弊社はお客様の支払ったお金を全額で返金するのを承諾します。(
ご購入の前の試用TopExamは無料なサンプルを提供します。弊社の商品に疑問を持っているなら、無料サンプルを体験することができます。このサンプルの利用を通して、お客様は弊社の商品に自信を持って、安心で試験を準備することができます。
