Professional Documents
Culture Documents
Course Syllabus
NIST Privacy Framework
1. Privacy Risks are associated with privacy events arising from:
a. Loss of Confidentiality
b. Loss of Integrity
c. Data Processing
2. True or False: The NIST Privacy Framework Profiles provide an increasingly granular set
of activities and outcomes that enable an organizational dialogue about managing
privacy risk.
a. True
b. False
3. True or False: A Company’s role within the Data Processing Ecosystem is
predetermined and the same for every company.
a. True
b. False
5. Risk Tolerance measures the level of risk or the degree of uncertainty that is
_________.
a. Risky
b. Acceptable
c. Moderate
6. What is a good way to continue to monitor and review your privacy program?
a. Newsletters & Blogs
b. Privacy Hotline
c. Risk Register
d. All of the Above
7. True or False: A Data Life Cycle is the sequence of stages that a particular unit of data
goes through from its initial generation or capture to its eventual archival and/or
deletion at the end of its useful life?
a. True
b. False
8. Which method is not a way to disassociate data from an individual?
a. Pseudonymity
b. Linkability
c. De-Identification
9. True or False: Privacy Centers Contain Terms of Use along with the Privacy Policy and
other components?
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
2
a. True
b. False
10. Which control is not an implementable control for the principle of least privilege?
a. Review and auditing of user privileges
b. Separate processing domains
c. Divide mission functions among different roles
12. True or False: A company must develop a Current Profile before developing a Target
Profile?
a. True
b. False
13. Which is NOT an implementation tier for the NIST Privacy Framework?
a. Adaptive
b. Repetitive
c. Risk Informed
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
3
14. For the “Ready” phase, the following functions are used?
a. Identify and Control
b. Control and Protect
c. Govern and Protect
d. Identify and Govern
15. True or False: In the Ready, Set, Go approach to adopting the NIST Privacy Framework,
you can go through the phases non-sequentially.
a. True
b. False
16. What is the biggest difference between the NIST Privacy Framework and ISO 27701 and
ISO 29100?
a. Controls
b. Governing Body
c. Cost
d. Maturity Model
17. The Fair Information Practice Principles (FIPP) were codified in what year?
a. 1976
b. 1973
c. 1978
d. 1974
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
4
19. The Secure Controls Framework Privacy Management Principles does NOT map to
which framework?
a. ISO 27001
b. HIPAA Privacy Rule
c. California Consumer Privacy Act (CCPA)
d. Asia-Pacific Economic Cooperation (APEC)
20. Which NIST Privacy Framework Function focuses on developing and implementing
appropriate data processing safeguards?
a. Protect
b. Control
c. Govern
d. Identify
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
5
Answers:
1. c
2. b
3. b
4. c
5. b
6. d
7. a
8. b
9. a
10. c
11. a
12. b
13. b
14. d
15. a
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
6
16. c
17. b
18. c
19. a
20. a
Brought to you by: Develop your team with the fastest growing catalog in the
cybersecurity industry. Enterprise-grade workforce development
management, advanced training features and detailed skill gap and
competency analytics.
7