Certified Data Privacy Solutions Engineer (CDPSE) — Question 47

Which of the following is the BEST course of action to manage privacy risk when a significant vulnerability is identified in the operating system (OS) that supports an organization’s customer relationship management (CRM) system?

Answer options

• A. Apply OS patching to fix the vulnerability immediately.
• B. Manage system permissions and access more strictly.
• C. Enable comprehensive logging of activities at the OS level.
• D. Perform a vulnerability assessment to determine the impact.

Correct answer: D

Explanation

The correct answer is D because performing a vulnerability assessment allows the organization to understand the extent and impact of the vulnerability, enabling informed decision-making. While applying patches (A) is important, it should follow an assessment to prioritize actions. Strict access management (B) and logging (C) are useful, but they do not address the core issue of understanding the vulnerability's impact.