Which authentication practice is being used when an organization requires a photo on a government-issued identification card to validate an in-person credit card purchase?

A. Possession factor authentication

B. Knowledge-based credential authentication

C. Multi-factor authentication

D. Biometric authentication

Which of the following MOST effectively protects against the use of a network sniffer?

A. Network segmentation

B. Transport layer encryption

C. An intrusion detection system (IDS)

D. A honeypot environment

Which of the following is the BEST way to manage different IT staff access permissions for personal data within an organization?

A. Mandatory access control

B. Network segmentation

C. Dedicated access system

D. Role-based access control

Which of the following is the BEST way for an organization to gain visibility into its exposure to privacy-related vulnerabilities?

A. Review historical privacy incidents in the organization.

B. Monitor inbound and outbound communications.

C. Perform an analysis of known threats.

D. Implement a data loss prevention (DLP) solution.

Which of the following should an IT privacy practitioner do FIRST when assessing the potential impact of new privacy legislation on the organization?

A. Identify systems and processes that contain privacy components.

B. Research and identify privacy legislation in other countries that may contain similar requirements.

C. Share operational plans for achieving compliance with regulatory entities.

D. Restrict the collection of personal information until there is assurance the organization is compliant.