ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your team plans to embed a third-party analytics library that transmits device identifiers to the provider's servers. To satisfy privacy requirements concerning third-party data sharing, which action should be implemented in the application?
Display an opt-in prompt before any data is sent and offer an in-app switch to disable sharing at any time.
Enable the library by default and let users email support if they want to stop the data transfer.
Update the privacy policy to mention the library and begin transmitting data without further user interaction.
Hash all device identifiers locally and transmit the hashes without requesting user permission.
Transmitting device identifiers to an external analytics provider constitutes processing of personal data, so the application must have a lawful basis before any data leaves the device. If the team chooses to rely on consent, the GDPR requires that it be freely given, specific, informed, and demonstrated by an unambiguous affirmative action. Article 7 also states that withdrawal of consent must be as easy as giving it. Presenting a clear opt-in dialog prior to any transmission-and providing an in-app switch that immediately stops further sharing-meets these requirements. Updating a privacy policy without an affirmative action, hashing identifiers without user choice (hashes are still personal data when re-identifiable), or forcing users to email support to opt out all fail to provide valid consent or an equally easy withdrawal mechanism.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the GDPR and how does it relate to consent?
Open an interactive chat with Bash
Why is hashing device identifiers without user permission insufficient?
Open an interactive chat with Bash
What makes an opt-in dialog compliant with privacy regulations?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Requirements
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .