CIPT Exam Questions with 100% Correct Answers 2024

CIPT Exam Questions with 100% Correct Answers 2024 Access Control Entry - answerAn element in an access control list (ACL). Each entry identifies a trustee and specifies the access rights allowed, denied, or audited for that trustee. Access Control List - answerA list of access control entries (ACE) that apply to an object. Each ACE controls or monitors access to an object by a specified user. Discretionary access control list (DACL) - answerThis ACL identifies the trustees that are allowed or denied access to a securable object System access control list (SACL) - answerThis access control list enables administrators to log attempts to access a secured object. Can comprise part of an audit trail Accountability - answerA fair information practices principle: A data controller should be accountable for complying with measures which give effect to the fair information practice principles. Active Data Collection - answerWhere the data subject actively provides their data, typically through the use of web forms, text boxes, check boxes or radio buttons. Passive Data Collection - answerData gathered without the involvement of the data provider. The data subject might not know that the data is being captured. First-party Collection - answerA data subject provides personal data to the data controller directly, through a form or survey that is sent to the collector upon the data subject submitting the information Surveillance Collection - answerCollection by way of observing the data stream produced by a given data subject without interference in the data subject's activity. Repurposing - answerTaking information collected for one purpose and using it for another (secondary) purpose. Third-party Collection - answerTransferring data collected directly from a data subject to another organisation for their use. Risk Controls - answerAdministrative Controls, Technical Controls, & Physical Controls Risk Responses - answerAccept, Transfer, Mitigate, Avoid Functional Requirements - answerSpecific function intended for a system Types of data collection - answer- First party - Surveillance - Repurposing - Third party Nonfunctional Requirements - answerA requirement that specifies criteria that can be used to judge the operation of a system, rather than specific behaviours. Legal Standards - answerNonfunctional requirements or properties that cut across a system's design and functionality Legal Rules - answerSpecific steps to comply with privacy law Childrens Online Privacy Protection Act - COPPA - answerObtain verifiable parental consent before any collection, use, and/or disclosure of personal information from children under 13 Fingerprinting - answer K-Annoynominity - answer"... data with scientific guarantees that the individuals who are the subjects of the data cannot be re-identified while the data remain practically useful." A release of data is said to have the k-anonymity property if the information for each person contained in the release cannot be distinguished from at least k - 1 individuals whose information also appear in the release. Authentication - answer- What you know - What you have - Where you are - What you are AdChoices - answerDigital Advertising Alliance program to promote awareness and choice in advertising for internet users. DAA member websites have AdChoices icon near ads or at the bottom of their pages for users to set preferences for behavioral advertising on that website. Adequate Level of Protection - answerA label that the EU may apply to third-party countries who have committed to protect data through domestic law making or international commitments. Conferring of the label requires a proposal by the European Commission, an Article 29 Working Group Opinion, an opinion of the article 31 Management Committee, a right of scrutiny by the European Parliament and adoption by the European Commission. Advanced Encryption Standard (AES) - answerType of symmetric encryption. An encryption algorithm for security sensitive non-classified material by the U.S. Government. In 2001 to replace the previous algorithm, the Date Encryption Standard (DES). Adverse Action - answerUnder the Fair Credit Reporting Act, the term "adverse action" is defined very broadly to include all business, credit and employment actions affecting consumers that can be considered to have a negative impact, such as denying or canceling credit or insurance, or denying employment or promotion. No adverse action occurs in a credit transaction where the creditor makes a counteroffer that is accepted by the consumer. Such an action requires that the decision maker furnish the recipient of the adverse action with a copy of the credit report leading to the adverse action. Agile Development Model - answerA process of software system and product design that incorporates new system requirements during the actual creation of the system, as opposed to the Plan-Driven Development Model. Anonymization - answerIndividually identifiable data is altered in such a way that it no longer can be related back to a given individual. Suppression - answerType of anonymization removes some identifying values from data to reduce its identifiability. Generalization - answerType of anonymization takes specific identifying values and makes them broader, such as changing a specific age (18) to an age range (18-24). Noise addition - answerType of anonymization takes identifying values from a given data set and switches them with identifying values from another individual in that data set. Note that all of these processes will not guarantee that data is no longer identifiable and have to be performed in such a way that does not harm the usability of the data. Anonymous Data - answerData sets that in no way indicate to whom the data belongs. Antidiscrimination Laws - answerRefers to the right of people to be treated equally. Application-Layer Attacks - answerAttacks that exploit flaws in the network applications installed on network servers. Such weaknesses exist in web browsers, e-mail server software, network routing software and other standard enterprise applications. Regularly applying patches and updates to applications may help prevent such attacks. Asymmetric Encryption - answerA form of data encryption that uses two separate but related keys to encrypt data. The system uses a public key, made available to other parties, and a private key, which is kept by the first party. Decryption of data encrypted by the public key requires the use of the private key; decryption of the data encrypted by the private key requires the public key. Attribute-Based Access Control - answerAn authorization model that provides dynamic access control by assigning attributes to the users, the data, and the context in which the user requests access (also referred to as environmental factors) and analyzes these attributes together to determine access. Audit Trail - answerA chain of electronic activity or sequence of paperwork used to monitor, track, record, or validate an activity. The term originates in accounting as a reference to the chain of paperwork used to validate or invalidate accounting entries. It has since been adapted for more general use in e-commerce, to track customer's activity, or cyber-security, to investigate cybercrimes. Authentication - answerThe process by which an entity (such as a person or computer system) determines whether another entity is who it claims to be. Authentication identified as an individual based on some credential; i.e. a password, biometrics, etc. Authentication is different from authorization. Proper authentication ensures that a person is who he or she claims to be, but it says nothing about the access rights of the individual. Authorization - answerIn the context of information security, it is process of determining if the end user is permitted to have access to the desired resource such as the information asset or the information system containing the asset. Authorization criteria may be based upon a variety of factors such as organizational role, level of security clearance, applicable law or a combination of factors. When effective, authentication validates that the entity requesting access is who or what it claims to be. Basel III - answerA comprehensive set of reform measures, developed by the Basel Committee on Banking Supervision, to strengthen the regulation, supervision and risk management of the banking sector. Behavioral Advertising - answerThe act of tracking users' online activities and then delivering ads or recommendations based upon the tracked activities. The most comprehensive form of targeted advertising. Big Data - answerLarge data sets which exponential growth in the amount and availability of data have allowed organizations to collect. Has been articulated as "the three V's: volume (the amount of data), velocity (the speed at which data may now be collected and analyzed), and variety (the format, structured or unstructured, and type of data, e.g. transactional or behavioral). Biometrics - answerData concerning the intrinsic physical or behavioral characteristics of an individual. Examples include DNA, fingerprints, retina and iris patterns, voice, face, handwriting, keystroke technique and gait. Breach Disclosure - answerThe requirement that a data controller notify regulators and victims of incidents affecting the confidentiality and security of personal data. It is a