Which of the following is the best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records?
Correct Answer: C
Explanation:
The best reason for a health organization to use desktop virtualization to implement stronger access control to systems containing patient records is that it can improve data integrity and reduce effort for privacy audits. Desktop virtualization is a technology that allows users to access a virtual desktop environment that is hosted on a remote server, rather than on their local device. Desktop virtualization can enhance data privacy by providing stronger access control to systems containing patient records, such as requiring authentication, authorization, encryption, logging, etc. Desktop virtualization can also improve data integrity by ensuring that patient records are stored and processed in a centralized and secure location, rather than on multiple devices that may be vulnerable to loss, theft, damage, or corruption. Desktop virtualization can also reduce effort for privacy audits by simplifying the management and monitoring of data privacy compliance across different devices and locations. References: : CDPSE Review Manual (Digital Version), page 153
Question 2
During the design of a role-based user access model for a new application, which of the following principles is MOST important to ensure data privacy is protected?
Correct Answer: D
Explanation:
The need-to-know basis principle is a security principle that states that access to personal data should be limited to those who have a legitimate purpose for accessing it. The need-to-know basis principle helps to protect data privacy by minimizing the exposure of personal data to unauthorized or unnecessary parties, reducing the risk of data breaches, leaks, or misuse. The need-to-know basis principle should be applied when designing a role-based user access model for a new application, by defining clear roles and responsibilities for different users, granting access rights based on their roles and functions, and enforcing access controls and audits to monitor and verify data access. References: : CDPSE Review Manual (Digital Version), page 105
Question 3
A gaming software startup company does not employ penetration testing of its software. This is an
example of:
Correct Answer: C
Explanation:
A software startup in an industry like gaming is going to be highly tolerant of risk: time to market and
signing up new customers will be
its primary objectives. Asthe organization achieves viability, other priorities such as security will be
introduced.
Demo Practice Mode
You are viewing only the questions marked as Demo.