Certified Data Privacy Solutions Engineer (CDPSE) — Question 42

Which of the following should be established FIRST before authorizing remote access to a data store containing personal data?

Answer options

• A. Privacy policy
• B. Network security standard
• C. Multi-factor authentication
• D. Virtual private network (VPN)

Correct answer: D

Explanation

A Virtual Private Network (VPN) should be established first as it provides a secure tunnel for remote access, protecting the personal data during transmission. While a privacy policy and network security standards are important, they do not directly secure the remote access itself. Multi-factor authentication is also critical but is more effective when used in conjunction with a VPN.