CIPT Exam Practice Questions with Correct Answers 2024

CIPT Exam Practice Questions with Correct Answers 2024 Active collection - answerData directly from subject Passive collection - answerData without the participant Knowing First Party - answerProviding information directly to collector Surveillance - answerCollecting data through observed behaviors like online searches or websites Repurposing - answerPreviously collected data used for a different purpose Third Party - answerPreviously collected data is transferred to a third party Explicit Consent - answerUser takes an action Implicit Consent - answerDoes not require user permission Privacy by design - answer1. Proactive not reactive, 2. Privacy by Default, 3. Privacy Embedded in Design, 4. Full Functionality (Positive Sum, not zero sum, 5. End to End Securty, 6. Visibility and Transparency, 7. Respect for privacy Fair Information Principles (FIPPS) - answerA privacy risk model that restricts collection of data to only what is needed or for its intended purpose. Do not collect additional data that is not needed for intended purpose. Calo's Subjective/Objective Dichotomy - answerA privacy risk model that focuses on privacy harms based on two categories: Subjective Harm (perceives a harm that may not be observable or measure and can cause fear and anxiety) and Objective Harm (privacy has been violated or direct harm is known and is measurable and observable). interrogation - answerActively questioning an individual or otherwise probing for information Aggregation - answercombining multiple pieces of information about an individual to produce a whole that is greater than the sum of its parts. Contextual Integrity - answerA risk model that states that privacy problems arise out of disruption of informational norms. More specifically, personal information should be in alignment with informational norms that apply to the particular context. Solove's Taxanomy - answerModel that attempts to order different harms that may arise from infringements in privacy. The taxonomy is split into four categories: 1) Information Collection, 2) Information processing, 3) Information dissemination and 4) Invasion. NIST Privacy Risk Model - answerA risk model that is embedded in its Privacy Risk Assessment Methodology (PRAM) and explicitly addrssees vulnerabilities, adverse events and the relative likelihoods and impacts of those events. NICE Framework - answerDivides computer security into the following categories: Securely provision (Tasks to develop software to be secure), Operate and Maintain, Protect and Defend and Investigate (plan for investigating an attack). Factors Analysis in Information Risk (FAIR) - answerModel that breaks down risk by its constituent parts and then breaks it down further to estimate risk. The model asks how often a violation occurs and over what time period and what impact will that violation have? Design Thinking Process - answerFive stages: Empathize (Research user's needs), Define (state users needs and problems, Ideate (challenge assumptions and create ideas), prototype (create solutions) and Test (try out solution). Value-Sensitive Design - answerDesign approach that accounts for ethical values, such as privacy, in addition to usability-oriented design goals. Here are the steps for Value-sensitive design: 1) Clarify project values, 2) Identify the direct and Indirect stakeholders, 3) Identify the benefits and hams for stakeholders, 4) Identify and elicit potential values 5) Develop working definistions of key values, 6) Identify potential value tensions and 7) Value-oriented design and development. Privacy Notices - answerExternal documents that informs users of an organizations practices, values and commitments concerning their personal data. Privacy Policies - answerInternal documents that inform employees on how to protect consumer data. Security Policies - answerDocument that spells out the rules, expectations and overall approach to how an organization will maintain contidentiality, integrity and availability of its data. This will include Data Classification (granting and revoking access to assets and information based on their classification), Data Schema (Contraints on data to seperate customer data), Data Retention (Policies that align with laws and regulation concerning storage) and Data Deletion (Disposal of data and methods for removal and recovery). Defect - answerA flaw in the requirement, design or implementation that can lead to a fault. Fault - answerAn incorrect step, process or data definition in a computer program. Error - answerThe difference between a computed, observed or measured value or condition and the true, specified or theoretically correct value or condition. Failure - answerInability of system or component to perform it required funstions within specified performance requrements. Harm - answerThe actual ill effect to an individual's personal privacy. Information Collection - answerA category of Solove's Taxanomy and involves risk associated with data collection; more specifically it concerns surveillance (data captured through observation or a user's activities) and interrogation (Actively questioning an individual probing for information). Information Processing - answerA category of Solove's Taxanomy and involves aggregation (bringing sensitive data together), Identification (information linked to specific individuals), Insecurity (failure to protect individuals information), Secondary use (using individual's information without consent) and Exclusion (failure to allow the individual to participate or have knowledge of what is done with their information). Information Dissemination - answerA category of Solve's Taxanomy that involves breach of confidentiality, Disclosure (release of truthful information about individual that may negatively affect how others view them), Distortion (spreading of false and inaccurate information), Exposure (revealing private information), accessibility (making an individuals information to easy to obtain), blackmail (using a persons information against their will) and appropiation (using someone elses personal information). Intrusion and Decisional Interference - answerA category of Solove's Taxanomy that deals with intrusion (invasion of an individual's solitude and tranquility and Desisional Interferance (others inserting themselves into a decision-making process that affects the individual's personal affairs). Asymmetric Power Relationship - answerWhen a person is compelled to give up personal information to a person of authority. Existing Relationship - answerAsking personal questions that are out of context within social norms o the relationship. Reverse Flow of Information - answerAn individual oversharing unsolicited information. Dark Patterns - answerSolutions that manipulate individuals to give up information. Trick Questions - answerA dark pattern that involves responding to a question that tricks you into giving an answer you did not intend. Bait and Switch - answerA dark pattern set out to do one thing and something else happens instead (Example: when a user is told they a downloading safe content but it is something malicous) Roach Motel - answerA dark pattern is where you get into something easily but have a hard time getting out (premium subscription service, for example) Privacy zukering - answerA dark pattern where default privacy setting are made complex for the end user by poorly presenting the avaliable setting, encourgaging the user to reveal more informations than intended. Sneak into basket - answerA dark pattern where you making a purchase online, the site sneaks an additional item into your basket. Price comparison prevention - answerA dark pattern where the retailer makes it hard for you to compare prices. Misdirection - answerA dark pattern is a design puposefully focuses your attention on one thing in order to distract your attention from another. Hidden Cost - answerA dark pattern where in the checkout process, unexpected charges have appeared. Confirmshaming - answerA dark patern where guitlting a user to opt into something Disguised ads - answerA dark partern where adverts that are disguised as other kinds of content or navigaion to get you to click on them Forced Continuity - answerA dark patern where a credit card is charged, without warning, after a free tiral ends. Friend Spam - answerA dark pattern where a product asks for your email or social media permission under the pretence it will be used for a desirable outcome, but then spams all your contacts. Presenting privacy settings across several different menus and interfaces within a single application is an example of wich dark pattern? a. Privacy Zuckering b. Immortal accounts c. Information milking