CIPT Exam Questions with 100% Correct Answers 2024

CIPT Exam Questions with 100% Correct Answers 2024 Which of the following may pose a "client side" privacy risk? A. An employee loading personal data on a company laptop B. Failure of a firewall that is protecting the company's network C. A distributed denial of service (DDoS) attack on the org D. A remote employee placing communication software on a company server - answerA. An employee loading personal data on a company laptop You are browsing the web and shopping for new furniture. You then open your favorite social media to scroll through the posts. While doing so, you start noticing ads for furniture. This is an example of what? A. Direct Marketing B. Individual advertising C. Behavioral advertising D. Indirect Marketing - answerC. Behavioral advertising Which of the following privacy practices would be most useful to users who are not knowledgeable about protecting their personal information? A. Choice B. Control C. Notice D. Consent - answerC. Notice Which of the following privacy-related principles would be the main concern during the data usage stage of the data life cycle? A. Transparency B. Data Minimization C. Storage Limitation D. Purpose Limitation - answerD. Purpose Limitation Under the EU's General Data Protection Regulation (GDPR), which of the following types of information would NOT require notification to a supervisory authority in the event of a personal data breach? A. Pseudonymized data B. Anonymized data C. Reidentified data D. Deidentified data - answerB. Anonymized data Authentication can be accomplished by a variety of mechanisms. Which are the four main categories? A. What you know, when you know, where you are, what you are B. What you know, what you have, when you know, where you are C. What you know, what you have, where you are, what you are D. What you know, what you have, where you are, when you know - answerC. What you know, what you have, where you are, what you are The acronym PGP stands for: - answerPretty Good Privacy Julie needs to securely transfer a file containing personal data to Katelyn. They decide to use asymmetric encryption. What are the correct steps they should follow? - answerJulie encrypts the file using Katelyn's public key, Katelyn decrypts using her private key When purchasing a product from TripeType's website, a customer must enter basic information into a purchase form. A link to TripeType's privacy statement is provided on the purchase form. However, it does not disclose that it will use personal information for other purposes. The statement provides that TT will store the customer information in its database. A month later, TT's sales team wants to generate new leads and decides to use the information collected from customers. This is an example of what? A. Secondary Use B. Involuntary use C. Disapproved Use D. Selective Use - answerA. Secondary Use Which of the following explains why it is difficult to regulate what individually identifiable data is? A. Many people mistakenly expose personal information online B. Personal information means different things to different people C. Most legislative bodies are hesitant to enact laws about identifiable data D. Data that is not overly identifiable can be combined to identify individuals - answerD. Data that is not overly identifiable can be combined to identify individuals Ubiquitous computing can raise significant concerns about the sheer volume of data that can be collected by a system. Each of the following are necessary considerations when utilizing a data collection process that falls into this category EXCEPT which? A. The system should provide end-users with both feedback and control B. The system should have obvious value C. The retention of data by the system should be limited D. The data collected by system should be aggregated and made available to all users - answerD. The data collected by system should be aggregated and made available to all users In creating a registration form for a mobile app directed at grade school children, what privacy engineering objective is addressed by asking for grade level instead of data of birth? A. Disassociability B. Manageability C. Security D. Predictability - answerA. Disassociability Which of the following is NOT an example of automated decision making? A. Receiving an answer to a support question utilizing a chat bot B. Obtaining approval for insurance through an online application C. Requesting an emailed catalog from an online retailer D. Setting airfare based on browser history and date of purchase - answerC. Requesting an emailed catalog from an online retailer Which of the following circumstances would best be addressed by utilizing radio frequency identification (RFID) technology? A. An org has a high error rate for entering credit card data into POS system B. An org requires two-way communication between its discoverable devices C. An org needs to develop an encryption-supported network D. An org's inventory process is taking too long - answerD. An org's inventory process is taking too long What type of interference occurs when false or inaccurate information on a credit application results in denial of credit? A. Decisional B. Intrusion C. Disclosure D. Appropriation - answerA. Decisional Which of the following is an objective for privacy engineering? A. Encryption B. Anonymization C. Manageability D. Audit - answerC. Manageability Which of the following technologies allows individuals to participate in a salary survey without revealing the specific salary or personal information of any of the participants? A. Secure multiparty computation B. Digital rights management C. Ciphertext D. Homomorphic encryption - answerA. Secure multiparty computation An organization wants to enter into a contract with a third-party cloud provider for storage of client personal information. The business head is entering into this agreement to eliminate risk associated with a data breach by transferring the information to the third-party processor. She asks you if this a good way to eliminate breach risk. Please choose the BEST response from the choices below: A. Third party processors have sole liability for the data they process, because the data is in their possession. We can rely on the security program of the third party since they did not report a data breach in the previous 12 months B. Under most privacy and data protection laws, following a data breach, an organization retains liability for personal data that it has collected and transferred to third party processors. Third party processors may share liability for the breach as well. We should routinely validate data prot - answerB. Under most privacy and data protection laws, following a data breach, an organization retains liability for personal data that it has collected and transferred to third party processors. Third party processors may share liability for the breach as well. We should routinely validate data protection controls of third parties we are doing business with to make sure our client data is protected properly When creating a data inventory, it is important to include a range of detailed information on the company's data assets. This information should include how the data is accessed and by whom, how the data is managed, who owns it, where the data is stored, and the ____ that defines the individual data records and what they contain A. Structured data B. Schema C. Metadata D. Dictionary - answerC. Metadata Testing during software dev