23) SELECT THE CORRECT ANSWER: which of the following are optional when creating a Website Web Form

collection point?

18) TRUE OR FALSE: according to the California Consumer Privacy Act (CCPA),

39) SELECT CORRECT ANSWER: what is a Preference Center in the context of the Consent & Preference
Management module?

45) TRUE OR FALSE: under the California Consumer Privacy Act (CCPA), Acceptance of a general or broad terms of
use, or similar

3) TRUE OR FALSE: GRI is a data-driven framework that is recognized globally and provides the world’s most
widely used
8) Which ESG Program Management Key to Success focuses on collection of all Initiative Metric data in one
location?

24) SELECT ALL THAT APPLY: What are some benefits of ESG?

29) SELECT ALL THAT APPLY: Which of the following are you able to bulk create in the ESG Program Reporting &
Disclosures

13) SELECT THE CORRECT ANSWER: when setting up an API call, what is referred to as the payload?
8) SELECT ALL CORRECT ANSWERS: Which languages are supported by the Mobile Application SDK?

29) SELECT THE CORRECT ANSWER: what is the best description of the interaction type Form submission only?

34) TRUE OR FALSE: Before editing the Form Fields Mapping section during the webform integration, you need to
create a new version of the

16) True/False: The LGPD requires DPIAs to be completed at all times.

17) TRUE/FALSE: If an assessment has multiple approvers, you can NOT bypass other approvers if you are a site
admin.

18) True/False: Assessment reports created will dynamically update with any new template questions added since
the report's

19) Which of the following is NOT an advantage of the Self-Service portal?

32) An assessment approver wants to re-open an assessment to additional responses but doesn’t want all
questions to be available to

33) What concept refers to the principle of incorporating minimal data processing and data subject rights from
the initial planning and

34) What items are customizable in the Risk Matrix settings? Choose all that apply.

4)
Column/Row Headings
14) In which Sustainability pillar would the following question be answered: "How are internal controls for
decision-making and

19) The Task Force on Climate-related Financial Disclosures (TCFD) framework...

2) SELECT THE CORRECT ANSWER: what is the triggerld field used for?

30) Which ESG Program Management Key to Success focuses on sending Metric requests to individuals to
populate in an

35) What is the EU Taxonomy also referred to as?

19) SELECT THE CORRECT ANSWER: where would you find the option to turn on Use Hosted SDK Settings or
Enable Collection
24) TRUE OR FALSE: when creating a collection point, is it mandatory to capture additional data elements, other
than the Data

40) SELECT THE CORRECT ANSWER: which collection point type would be the best if you have a webform on your
website and have access to the

1) What fields can be added when pre-flagging a risk on the template? Select all that apply.

2) SELECT ALL CORRECT CHOICES: What kind of actions can be applied through a rule added to a questionnaire
template?
4) SELECT ALL THAT APPLY: Which of the following are included as objectives within the EU Taxonomy?

9) What is a collection of recommendations, metrics, or benchmarks identified by an industry-leading compliance

organization?

20) What is the tool you can use to collect the data tied to your metrics from people within the organization?
25) Which of the following is NOT a way that Metric Groups can be created?

9) SELECT THE CORRECT ANSWER: what is mandatory in order to manage several languages in a preference
center?

14) SELECT THE CORRECT ANSWER: which of the following is NOT a consent call that can be performed in the
context of a custom

22) TRUE OR FALSE: when using the Settings of a preference center you build, you can chose to send notifications
to the user for
30) SELECT THE CORRECT ANSWER: which of the following correctly defines the legal requirements of consent
under the GDPR?

35) SELECT ALL CORRECT ANSWERS: which e-mail notification can a Preference center automatically send if these
settings are

43) SELECT THE CORRECT ANSWER: which one of the following could be described as a purpose?

35) The privacy team wants the ability to show a completed assessment as "approved with conditions." Where
would they go to

36) An assessment has 3 high risks, 2 medium risks, and 1 low risk, but the overall assessment risk score is “Very
High.” What type of

37) TRUE OR FALSE: When more info has been requested on a question, by default the respondent will be able to
come
7) What is defined as "a trackable plan to meet a specific goal related to your organization's ESG practices?"

17) SELECT THE CORRECT ANSWER: what is the accepted format for the date of the consent, in the context of a
bulk import?
38) SELECT THE CORRECT ANSWER: what is the best use case for collection point type: Data Subject Request?

20) SELECT ALL CORRECT CHOICES: Risk Owners are able to perform which of the following?

21) True/False: CPRA introduces new requirements for certain organizations to perform privacy risk assessments
and carry out an

22) When building an assessment dashboard, which report allows for 2 levels of grouping?

2) What is a quantitative unit of information used to report against one or more benchmarks?
10) TRUE OR FALSE: Online consumers prefer to buy from companies that show how they protect consumers.

15) What are related Metrics that represent a Standard/Framework?

23) What is a trackable goal in OneTrust called?

28) Which ESG Program Management Key to Success focuses on comparing your organization's intiatives and
metrics to previous
31) TRUE OR FALSE: Adding a standard/framework to the module will automatically populate the Metric Groups
and Metrics.

36) Which is NOT one of the 3 main functionalities of Metrics in OneTrust?

3) SELECT THE CORRECT ANSWER: according to the EDBP guidelines on consent,

12) SELECT THE CORRECT ANSWER: what is Reqbin?

20) SELECT THE CORRECT ANSWER: which collection point type would be the best if you need to push consent
from an external

25) SELECT THE CORRECT ANSWER: what is one option that is available when integrating a preference center on
your website?

33) SELECT ALL CORRECT ANSWERS: what are examples of custom preferences?

4) TRUE OR FALSE: Manually flagging a risk will automatically send a notification to the respondent?

5) True/False: When assigning an assessment to multiple respondents, approvers cannot hide certain sections
from particular

6) What concept refers to configuring your products or services to only hold and process the minimal amount of
data required at the
30) Which of the following is required under GDPR in certain scenarios?

31) Auser wants to create a very well-designed, simple and user friendly export of a particular DPIA that was
completed this
7) SELECT ALL CORRECT ANSWERS: which can be a type of collection point?

28) SELECT ALL CORRECT ANSWERS: which of the following would be a consideration when choosing whether to
create an

41) SELECT THE CORRECT ANSWER: what is the best description of the interaction type Opt-In Checkbox + Form
submi:
13) An approver wants to automatically have a respondent answer additional questions should certain answers
indicate high

14) What's the best example of when you would want to utilize section assignment within assessments?

15) SELECT ALL CORRECT CHOICES: Risks status can be viewed from which of the following locations in the tool?

38) What options can be added to the Assessment PDF Page? Select all that apply.

39) What reporting area is best used for overviews and statuses of assessments undergoing approval?

40) True/False: Users can disable multiple information requests and allow them to send in a single email.
5) What is greenwashing?

13) Which EU regulation was designed to prevent greenwashing of financial advice?

18) Which of the following is NOT included John Elkington's "Triple Bottom Line?"
21) SELECT ALL THAT APPLY: Select all options that are ESG & Sustainability challenges that OneTrust has
identified.

26) What is used to track individual data points of an initiative?

34) The CDP - Carbon Disclosure Project measures...

39) SELECT ALL THAT APPLY: Select all options that are key stakeholders in ESG & Sustainability.
1) SELECT ALL CORRECT ANSWERS: when does consent expire?

6) SELECT THE CORRECT ANSWER: what should you do if a purpose is changing over time?

10) SELECT THE CORRECT ANSWER: what is the most commonly used Data Subject Identifier?

15) SELECT THE CORRECT ANSWER: what needs to be created before a collection point?

36) SELECT THE CORRECT ANSWER: the API call payload for the initial creation of consent is found in:
31) SELECT THE CORRECT ANSWER: according to the EDBP guidelines on consent,

7) TRUE/FALSE: You can assign approvers to stages when launching an assessment from the Launch Assessments
screen.

8) Auser wants to copy an old inventory assessment but wants to ensure that it includes any changes brought
down from their CMDB

9) What's the best example of why someone would want to “Allow Import Assessment Responses from Excel?”
Select all that may apply.
23) SELECT ALL CORRECT CHOICES: Which of the following are ways in which a risk can be flagged?

24) True/False: A template can utilize both Show Logic and Skip Logic.

25) When the Approver accepts the Exception Requested by a Risk Owner, the risk result becomes:

26) TRUE OR FALSE: Info requests can be compiled and sent to the respondent in bulk?
16) TRUE OR FALSE: Data cannot be deleted, only added or edited within the metric.

37) TRUE OR FALSE: You are able to export the graphs from the ESG dashboard.

4) SELECT ALL CORRECT ANSWERS: in which sections of the Consent & Preference Management module can you
see consents
11) What dictates what buttons a user in OneTrust can click?

32) TRUE OR FALSE: Today's frameworks only cover Environmental reporting. Social and Governance disclosures
are not yet

26) SELECT THE CORRECT ANSWER: custom preferences are directly linked to/associated with?

21) SELECT ALL CORRECT ANSWERS: which of the following are available preference center integrations?

37) SELECT THE CORRECT ANSWER: when it comes to bulk import of consent records, which files are supported?
42) SELECT THE CORRECT ANSWER: is it possible to set up translations for the purposes?

6) In the Sustainability Lifecycle, what's the next step for an organization after goal setting?

27) TRUE OR FALSE: You can edit the data after adding it to the metric.

1) What dictates what data a user in OneTrust can see?

22) SELECT ALL THAT APPLY: When creating a new user, they must be assigned to which of the following?

16) SELECT ALL CORRECT ANSWERS: what would be examples of a clear affirmative act?

11) TRUE OR FALSE: a custom preference can be linked to several purposes?

27) SELECT THE CORRECT ANSWER: the template used to import consent receipts in the context of bulk import is
called...

32) SELECT THE CORRECT ANSWER: what would best describe a collection point?

27) What type of logic would be best for this scenario?

28) TRUE/FALSE: Admins can manually switch between approval workflows?

29) When using the “Send Back” button, to what state will the assessment rollback?

17) In which Sustainability pillar would the following question be answered: "What is the impact of business
operations on the

40) In which Sustainability pillar would the following question be answered: "How are stakeholder needs and
interests met?"
5) SELECT ALL CORRECT ANSWERS: which of the following can be a purpose status?

10) SELECT ALL CORRECT CHOICES: According to the GDPR, a DPIA shall contain which of the following with
respect to the processing

11) Which are NOT options available to help calculate an assessment's overall risk score based on individual risks?
Select all that apply.

12) When building approval workflows, which stage of the workflow are able to allow for multiple approvers?

12) What is replacing the existing Non-Financial Reporting Directive (NFRD)?

33) What is the designation for a business that meets the highest standards of verified social and environmental
performance,

38) How are individuals notified about needing to complete a Delegated Metric Collection (DMC)?