exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam

Exam CIPM topic 1 question 64 discussion

Actual exam question from IAPP's CIPM
Question #: 64
Topic #: 1
[All CIPM Questions]

For an organization that has just experienced a data breach, what might be the least relevant metric for a company's privacy and governance team?

  • A. The number of security patches applied to company devices.
  • B. The number of privacy rights requests that have been exercised.
  • C. The number of Privacy Impact Assessments that have been completed.
  • D. The number of employees who have completed data awareness training.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
daniel.ross.1919
3 months ago
B. This may well be immaterial and unrelated.
upvoted 1 times
...
MaritzTee
6 months, 3 weeks ago
Selected Answer: B
B. The number of privacy rights requests that have been exercised. In the context of an organization that has just experienced a data breach, the least relevant metric for a company's privacy and governance team would likely be the number of privacy rights requests that have been exercised. This metric pertains more to the ongoing management of data subject rights under privacy laws (such as GDPR or CCPA) rather than the immediate response and mitigation efforts following a data breach. The other metrics directly relate to the organization's security posture and preparedness, which are more critical in addressing the aftermath of a breach.
upvoted 1 times
...
DPRamone
9 months, 3 weeks ago
Selected Answer: B
A, C, and D provide metrics providing clues as to where gaps contributing to the breach may be identified. B doesn't.
upvoted 2 times
...
humhain
10 months ago
Selected Answer: A
The number of security patches applied to company devices might be the least relevant metric for a company’s privacy and governance team after a data breach. While security patches are important for preventing future breaches, they do not directly measure the impact or response of the current breach. The other metrics are more relevant for assessing how the company handled the breach, such as how it complied with the privacy rights of affected individuals, how it evaluated the privacy risks of its systems, and how it trained its employees on data awareness.
upvoted 1 times
...
carlosbui
1 year, 1 month ago
should be A
upvoted 1 times
...
[Removed]
1 year, 3 months ago
Selected Answer: B
Should be B
upvoted 1 times
...
Ssourav
1 year, 4 months ago
Selected Answer: B
While privacy rights requests (like data access or deletion requests) are important indicators of how an organization is responding to data subject rights, they do not directly address the factors leading to or mitigating a data breach. The other metrics listed pertain more directly to preventative measures or understanding vulnerabilities.
upvoted 4 times
...
Adyyogi
1 year, 4 months ago
Governance, risk, and compliance tools (GRC) is an umbrella term whose scope touches the privacy office, as well as other departments, including HR, IT, compliance, and the C-suite. But A is the answer
upvoted 1 times
...
DracoL
1 year, 7 months ago
Selected Answer: A
A is correct. Vulnerabilities tracking should be a cyber security responsibilities.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago