The purpose of this Sample Question Set is to provide you with information about the EXIN Privacy and Data Protection Foundation (PDPF) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the PDPF certification test. To get familiar with real exam environment, we suggest you try our Sample EXIN Privacy and Data Protection Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual EXIN Privacy and Data Protection Foundation certification exam.
These sample questions are simple and basic questions that represent likeness to the real EXIN Privacy and Data Protection Foundation exam questions. To assess your readiness and performance with real-time scenario based questions, we suggest you prepare with our Premium EXIN PDPF Certification Practice Exam. When you solve real time scenario based questions practically, you come across many difficulties that give you an opportunity to improve.
EXIN PDPF Sample Questions:
a) Any operation that can be performed on personal data
b) Any operation that can be performed on personal data, except erasing and destroying
c) Only operations in which the personal data is shared or transferred in any way
d) Only operations in which the personal data is used for the purposes for which it was collected
02. Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Which data processing principle is described here?
a) Accuracy
b) Data minimization
c) Lawfulness, fairness, and transparency
d) Purpose limitation
03. What is the main use of a persistent cookie?
a) To ensure that the user’s personal data are stored securely on the server
b) To personalize the user’s experience of the website during a next visit
c) To record every keystroke made by a computer user to find out passwords
d) To save the pages a user has bookmarked in the user’s browser history
04. The GDPR refers to the principles of proportionality and subsidiarity. What does subsidiarity mean?
a) Personal data shall be collected for specified, explicit and legitimate purposes and not further processed.
b) Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary.
c) When processing personal data, a controller will only gather data which is necessary for the purpose.
d) When processing personal data, the means to be used shall be the least infringing upon privacy as possible.
05. A person regularly receives offers from a store where he purchased something five years ago. He wants the company to stop sending offers and to delete his personal data. Which of the data subjects’ rights is he exercising?
a) The right of access
b) The right to object
c) The right to rectification
d) The right to restriction of processing
06. In the legal system of the European Union (EU), different tools are used to reach various goals. Some of these tools are binding, while others let EU Member States decide how to use them, offering them flexibility. Does the GDPR allow this flexibility?
a) Yes, because it is a directive, which sets goals for EU Member States and sets out national measures.
b) Yes, because it is a recommendation that gives advice without further specific legal obligations.
c) No, because it is a decision that is binding only for specific parties and not for all EU Member States.
d) No, because it is a regulation, that applies to all EU Member States and is directly applicable.
07. Further processing, after the original objective is fulfilled, is allowed in a few specific cases, provided that appropriate safeguards for the rights and freedoms of the data subjects are taken. For which purpose is further processing not allowed?
a) For archiving purposes in the public interest
b) For direct marketing and commercial purposes
c) For generalized statistical purposes
d) For scientific or historical research purposes
08. The GDPR describes the principle of data minimization. How can organizations comply with this principle?
a) By applying the concept of least privilege to the personal data collected, stored or otherwise processed
b) By limiting access rights to staff who need the personal data for the intended processing operations
c) By limiting file sizes, through saving all personal data that is processed in the smallest possible format
d) By limiting the personal data to what is adequate, relevant and necessary for the processing purposes
09. How does the GDPR define personal data?
a) Any information relating to a resident of the European Economic Area (EEA)
b) Data that directly relate to an identified or identifiable natural person
c) Any information relating to an identified or identifiable natural person
d) Data that reveal someone's racial or ethnic background, religious views, health, sex life or sexual orientation
10. What is a description of data protection by design and by default?
a) An approach that implements data protection from development
b) An indication of timeframes if processing relates to erasure
c) Data may only be collected for explicit and legitimate purposes
d) Not holding more data than is strictly required for processing
Answers:
|
Question: 01 Answer: a |
Question: 02 Answer: d |
Question: 03 Answer: b |
Question: 04 Answer: d |
Question: 05 Answer: b |
|
Question: 06 Answer: d |
Question: 07 Answer: b |
Question: 08 Answer: d |
Question: 09 Answer: c |
Question: 10 Answer: a |
Note: For any error in EXIN Privacy and Data Protection Foundation certification exam sample questions, please update us by writing an email on feedback@certfun.com.