Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam
Go to Exam

Exam CIPM topic 1 question 187 discussion

Actual exam question from IAPP's CIPM
Question #: 187
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Jonathan recently joined a healthcare payment processing solutions company as a senior privacy manager. One morning, Jonathan awakens to several emails informing him that an individual cloud server failed due to a flood in its server room, damaging its hardware and destroying all the data the company had stored on that drive. Jonathan was not aware that the company had this particular cloud account or that any data was being stored there because it was not included in the data mapping or data inventory provided to him by his predecessor. Jonathan's predecessor conducted a data inventory and mapping exercise 4 years ago and updated it on an annual basis.
Renee works in the sales department and tells Jonathan that she doesn't think that account had been used since the company moved to a bigger cloud vendor three years ago. She also advised him that the account was mostly used by Human Resources (HR) and Accounts Payable (AP). Jonathan speaks to both departments and learns that each had met with his predecessor multiple times and explained they saved sensitive personal data on that drive, including health and financial related personal data and "other stuff." Jonathan also learns that the data stored in that account was not backed up pursuant to company policy. Jonathan asks his IT department who had access to that particular account and learns that there were no access controls in place, making the account available to anyone in the company, despite the purported sensitivity of the data being stored there.
Jonathan is panicking as the data can't be recovered, and he can't determine exactly what data was saved on that account or to whom it belongs. Two days later, the company receives 32 data subject access requests and Accounts Payable confirms Jonathan's worry that these data subjects' personal data was likely stored on this account. He searches for the company's data subject access request policy, but later learns it doesn't exist.
Jonathan wants to formalize monitoring to prevent a similar issue from happening again. What scope of monitoring would be most useful?

  • A. Monitoring compliance with data mapping and disaster recovery.
  • B. Monitoring new privacy legislation and industry standards for information security.
  • C. Monitoring the vulnerabilities across environments containing sensitive personal data.
  • D. Monitoring of vendor contracts to ensure security controls are systematically addressed.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by emily0922 at Aug. 15, 2023, 11:48 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Ssourav
1 year, 2 months ago
Selected Answer: A
A. Monitoring compliance with data mapping and disaster recovery. In this scenario, the critical issue that led to the data loss was the lack of updated data mapping and disaster recovery. Without accurate data mapping, Jonathan was not aware of the existence of the cloud account, and the lack of disaster recovery measures meant that data could not be recovered after the server failure.
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Selected Answer: A
Should be A
upvoted 1 times
...
emily0922
1 year, 3 months ago
I suggest A, it would help with the current situation Jonathan is facing about issues with not knowing that the cloud even existed and how to deal with things like flooding (disaster recovery)
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel