CIPT Exam Questions and Answers
Graded A+
Under the Family Educational Rights and Privacy Act (FERPA), releasing
personally identifiable information from a student's educational record requires
written permission from the parent or eligible student in order for information to
be?
A. Released to a prospective employer.
B. Released to schools to which a student is transferring.
C. Released to specific individuals for audit or evaluation purposes.
D. Released in response to a judicial order or lawfully ordered subpoena. - Correct
answer-A. Released to a prospective employer.
https://www.cdc.gov/phlp/php/resources/family-educational-rights-and-privacy-
act-
ferpa.html#:~:text=Schools%20need%20written%20permission%20from%20the%
20parent%20or,not%20comply%20with%20FERPA%20risk%20losing%20federal
%20funding.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Revocation and reissuing of compromised credentials is impossible for which of
the following authentication techniques?
a) Personal identification number.
b) Picture passwords.
c) Biometric data.
d) Radio frequency identification. - Correct answer-c) Biometric data, Biometric
recognition systems are generally user-friendly and designed for ease of use, as
they rely on inherent physical or behavioral traits like fingerprints or facial
features. The other options, such as requiring more maintenance and support (A),
being expensive (B), and having limited compatibility across systems (C), are well-
documented drawbacks of biometric systems.
What is a main benefit of data aggregation?
A. It is a good way to perform analysis without needing a statistician.
B. It applies two or more layers of protection to a single data record.
C. It allows one to draw valid conclusions from small data samples.
D. It is a good way to achieve de-identification and unlinkabilty. - Correct answer-
D. It is a good way to achieve de-identification and unlinkabilty. Data aggregation
involves collecting and summarizing data from multiple sources, which can help
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,protect individual privacy by presenting information in a consolidated form. This
process can effectively de-identify data by removing or obscuring individual-level
details, making it more difficult to link specific information back to particular
individuals35. By aggregating data, organizations can preserve privacy and
security while still gaining valuable insights from the summarized information3.
After committing to a Privacy by Design program, which activity should take place
first?
A. Create a privacy standard that applies to all projects and services.
B. Establish a retention policy for all data being collected.
C. Implement easy to use privacy settings for users.
D. Perform privacy reviews on new projects. - Correct answer-A. Create a privacy
standard that applies to all projects and services. The first activity in a Privacy by
Design program should involve conducting a Privacy Impact Assessment (PIA) to
identify existing privacy practices, risks, and compliance gaps12. This foundational
step allows the organization to understand how personal data is handled and
ensures privacy considerations are integrated into the design of systems and
processes from the outset. Creating a privacy standard (A) is important but
typically comes after assessing current practices and risks.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, When releasing aggregates, what must be performed to magnitude data to ensure
privacy?
A. Value swapping.
B. Noise addition.
C. Basic rounding.
D. Top coding. - Correct answer-B. Noise addition
What term describes two re-identifiable data sets that both come from the same
unidentified individual?
A. Pseudonymous data.
B. Anonymous data.
C. Aggregated data.
D. Imprecise data. - Correct answer-A. Pseudonymous data.Pseudonymous data
refers to information that does not directly identify an individual but can be linked
back to them through additional information or by combining multiple data sets5.
This type of data retains a unique identifier that allows for re-identification when
combined with other information, which aligns with the scenario described in the
question.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
Graded A+
Under the Family Educational Rights and Privacy Act (FERPA), releasing
personally identifiable information from a student's educational record requires
written permission from the parent or eligible student in order for information to
be?
A. Released to a prospective employer.
B. Released to schools to which a student is transferring.
C. Released to specific individuals for audit or evaluation purposes.
D. Released in response to a judicial order or lawfully ordered subpoena. - Correct
answer-A. Released to a prospective employer.
https://www.cdc.gov/phlp/php/resources/family-educational-rights-and-privacy-
act-
ferpa.html#:~:text=Schools%20need%20written%20permission%20from%20the%
20parent%20or,not%20comply%20with%20FERPA%20risk%20losing%20federal
%20funding.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,Revocation and reissuing of compromised credentials is impossible for which of
the following authentication techniques?
a) Personal identification number.
b) Picture passwords.
c) Biometric data.
d) Radio frequency identification. - Correct answer-c) Biometric data, Biometric
recognition systems are generally user-friendly and designed for ease of use, as
they rely on inherent physical or behavioral traits like fingerprints or facial
features. The other options, such as requiring more maintenance and support (A),
being expensive (B), and having limited compatibility across systems (C), are well-
documented drawbacks of biometric systems.
What is a main benefit of data aggregation?
A. It is a good way to perform analysis without needing a statistician.
B. It applies two or more layers of protection to a single data record.
C. It allows one to draw valid conclusions from small data samples.
D. It is a good way to achieve de-identification and unlinkabilty. - Correct answer-
D. It is a good way to achieve de-identification and unlinkabilty. Data aggregation
involves collecting and summarizing data from multiple sources, which can help
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
,protect individual privacy by presenting information in a consolidated form. This
process can effectively de-identify data by removing or obscuring individual-level
details, making it more difficult to link specific information back to particular
individuals35. By aggregating data, organizations can preserve privacy and
security while still gaining valuable insights from the summarized information3.
After committing to a Privacy by Design program, which activity should take place
first?
A. Create a privacy standard that applies to all projects and services.
B. Establish a retention policy for all data being collected.
C. Implement easy to use privacy settings for users.
D. Perform privacy reviews on new projects. - Correct answer-A. Create a privacy
standard that applies to all projects and services. The first activity in a Privacy by
Design program should involve conducting a Privacy Impact Assessment (PIA) to
identify existing privacy practices, risks, and compliance gaps12. This foundational
step allows the organization to understand how personal data is handled and
ensures privacy considerations are integrated into the design of systems and
processes from the outset. Creating a privacy standard (A) is important but
typically comes after assessing current practices and risks.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
, When releasing aggregates, what must be performed to magnitude data to ensure
privacy?
A. Value swapping.
B. Noise addition.
C. Basic rounding.
D. Top coding. - Correct answer-B. Noise addition
What term describes two re-identifiable data sets that both come from the same
unidentified individual?
A. Pseudonymous data.
B. Anonymous data.
C. Aggregated data.
D. Imprecise data. - Correct answer-A. Pseudonymous data.Pseudonymous data
refers to information that does not directly identify an individual but can be linked
back to them through additional information or by combining multiple data sets5.
This type of data retains a unique identifier that allows for re-identification when
combined with other information, which aligns with the scenario described in the
question.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 4
