PECB Exam GDPR Topic 1 Question 4 Discussion

Actual exam question for PECB's GDPR exam

Question #: 4
Topic #: 1

[All GDPR Questions]

An organization suffered a personal data breach. The attackers gained access to their database through a user account that had unlimited access to dat

a. What should the DPO advise the organization to do in order to prevent the recurrence of similar scenarios?

AReview if the access control system allows the creation, approval, review, and deletion of user accounts

BUse cloud computing services to mitigate the risk of personal data breaches

CCreate and use shared accounts for several users in order to minimize the number of user accounts

Show Suggested Answer

Suggested Answer: A

GDPR Article 32(1)(b) emphasizes implementing access controls to ensure data security. Reviewing and restricting account permissions using the principle of least privilege (PoLP) helps prevent unauthorized access. Shared accounts (option C) increase security risks, and using cloud computing (option B) does not directly address access control vulnerabilities.

by Chara at Mar 24, 2025, 12:15 PM

Limited Time Offer

25%

Off

Get Premium GDPR Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Brinda

4 days ago

C? Seriously? Shared accounts are a security nightmare waiting to happen. A is the way to go.

upvoted 0 times

...

Lynelle

7 days ago

Creating and using shared accounts for several users might not be a good idea as it can lead to security vulnerabilities.

upvoted 0 times

...

Lenita

9 days ago

I believe using cloud computing services could also help mitigate the risk of personal data breaches.

upvoted 0 times

...

Barbra

11 days ago

I can already hear the DPO sighing heavily at the mere suggestion of C. 'Do you want to get hacked again? No? Then we're doing A.'

upvoted 0 times

Maryln

12 hours ago

A) Review if the access control system allows the creation, approval, review, and deletion of user accounts

upvoted 0 times

...

Annamaria

12 days ago

I agree with Ivette. It's important to ensure user accounts are created, approved, reviewed, and deleted properly.

upvoted 0 times

...

Ivette

16 days ago

I think the DPO should advise the organization to review the access control system.

upvoted 0 times

...

Ruth

20 days ago

A seems like the obvious choice here. Reviewing the access control system is key to preventing similar breaches.

upvoted 0 times

...