CDPSE Exam Prep Free practice test →

Free CDPSE Practice Questions

10 free, exam-style Certified Data Privacy Solutions Engineer (CDPSE) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CDPSE practice test to study every exam domain.

Question 1

Which of the following BEST describes the difference between personal data and personally identifiable information (PII)?

  1. Personal data is a broader term used in EU regulations, while PII is commonly used in US contexts
  2. PII includes only direct identifiers, while personal data includes indirect identifiers
  3. Personal data applies only to digital information, while PII covers all formats
  4. There is no meaningful difference between the two terms
Show answer & explanation

Correct answer: A - Personal data is a broader term used in EU regulations, while PII is commonly used in US contexts

Question 2

Under GDPR, which of the following would be classified as 'special category' data requiring explicit consent?

  1. Email address
  2. Employee ID number
  3. Trade union membership
  4. Home address
Show answer & explanation

Correct answer: C - Trade union membership

Question 3

A privacy engineer is reviewing data collected by an application. Which characteristic BEST distinguishes pseudonymized data from anonymized data?

  1. Pseudonymized data is encrypted while anonymized data is not
  2. Pseudonymized data can be re-identified with additional information while anonymized data cannot
  3. Anonymized data requires consent while pseudonymized data does not
  4. Pseudonymized data is stored in a separate database while anonymized data is not
Show answer & explanation

Correct answer: B - Pseudonymized data can be re-identified with additional information while anonymized data cannot

Question 4

An organization classifies its data into four levels: Public, Internal, Confidential, and Restricted. Employee social security numbers should be classified as:

  1. Public
  2. Internal
  3. Confidential
  4. Restricted
Show answer & explanation

Correct answer: D - Restricted

Question 5

Which of the following data types would require explicit consent for processing under GDPR?

  1. Customer purchase history
  2. Business contact information
  3. Genetic data
  4. IP addresses
Show answer & explanation

Correct answer: C - Genetic data

Question 6

A data analyst proposes using anonymized customer data for market research. What is the PRIMARY advantage of truly anonymized data from a privacy compliance perspective?

  1. It can be processed faster than other data types
  2. It falls outside the scope of most privacy regulations
  3. It requires less storage space
  4. It can be shared freely with any third party
Show answer & explanation

Correct answer: B - It falls outside the scope of most privacy regulations

Question 7

When implementing a data classification scheme, which factor is MOST important to consider?

  1. The cost of implementing classification labels
  2. The sensitivity of the data and potential impact if disclosed
  3. The age of the data
  4. The format in which data is stored
Show answer & explanation

Correct answer: B - The sensitivity of the data and potential impact if disclosed

Question 8

An organization replaces customer names with random identifiers but retains a mapping table. This process is known as:

  1. Anonymization
  2. Pseudonymization
  3. Encryption
  4. Tokenization
Show answer & explanation

Correct answer: B - Pseudonymization

Question 9

Which of the following is NOT typically considered sensitive personal data under most privacy regulations?

  1. Religious beliefs
  2. Sexual orientation
  3. Professional email address
  4. Health information
Show answer & explanation

Correct answer: C - Professional email address

Question 10

A privacy practitioner discovers that pseudonymized data can be easily re-identified using publicly available information. What is the MOST appropriate action?

  1. Accept the risk as pseudonymization provides sufficient protection
  2. Implement additional technical measures to prevent re-identification
  3. Delete all pseudonymized data immediately
  4. Notify all affected data subjects
Show answer & explanation

Correct answer: B - Implement additional technical measures to prevent re-identification

Ready for the real thing?

Practice hundreds more CDPSE questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing