CIPT - Body of Knowledge Questions and answers 100% Guaranteed PASS

IT Risks: Security Policy and Personnel - ANSWEREncryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - ANSWERPrivileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - ANSWERMalware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - ANSWERCloud, Apps, Web, DB, Tapes, Files, Hardware IT Risks: Common Mistakes by Organizations - ANSWERPoor Policies and Training, Disjointed Practices, 3rd Party Contracts, Complacency Role of IT Professionals: Privacy Professionals - ANSWERResponsible for the company's overall privacy program. Define policies, standards, guidelines, auditing, Controls, training and internal/external relationships. Role of IT Professionals: Company Executives - ANSWERResponsible for supporting privacy programs through words and actions. Role of IT Professionals: Lawyers - ANSWERResponsible for creating privacy statements, writing contracts, ensuring compliance with laws and regulations and addressing formal inquiries from regulators. Role of IT Professionals: Marketers - ANSWERMust follow company's privacy practices in their exchanges Role of IT Professionals: All Employees - ANSWEREmployees are ambassadors to privacy and must ensure compliance with company policies. Outline of a Privacy Notice - ANSWERInformation Lifecycle + Common Privacy Principles, Marketing Contact, Use of Cookies, Resolving Privacy Issues, Release Date of Privacy Notice, Changes to Privacy Notice Multilayered Privacy Notice - ANSWERProvide an abbreviated form of an organizations privacy notice while providing links to more detailed information. Internal Privacy Policy Considerations - ANSWERData Classification, Data Collection, Data Protection, Retention, Treatment of Sensitive Data, Sharing Data, Privacy Policy Review, Responding to Privacy Inquiries and Data Requests. Data Classification - ANSWERClassification is based on the level of sensitivity of the data Data Retention - ANSWERAn agreed upon maximum period of time should be established. Regulatory requirements may influence retention periods if applicable. Data Deletion - ANSWERDeletion can be triggered by: Termination of a contract, acquisitions, completion of a transaction, regulatory requirements, deletion request by data subjects. Organization Security Policy Requirements - ANSWERAccess Control, Encryption, Password Control, Machine Access Restriction, Intrusion Detection Access Control: Discretionary Access Control - ANSWERThe use has complete control over the resources he owns. Access Control: Mandatory Access Control - ANSWEROnly the administrator can assign access rights to a resource. Access Control: Role-Based Access Control (RBAC) - ANSWERAccess is based on organizational roles Access Control: Attribute-based Access Control (ABAC) - ANSWERRBAC + the addition of attributes to gain access. Attributes could be time, location, nationality, age, etc. Encryption: TLS vs SSL - ANSWERTLS (Transport Layer Security): Protects emails between email servers. SSL (Secure Socket Layer): Protects Communications between browser and server. Incident Response Program - ANSWERIRP should consist of: IR Center, web form, email address, phone number, and representatives from PR, Legal and Privacy. Security and Privacy in the SDLC - ANSWERPrivacy by Design should be considered to save time in the long run. Privacy Impact Assessments - ANSWERHelps to identify privacy risks and measure the critical of each risk. Privacy review statistics should be included in a PIA. Triggers for a Privacy Impact Assessment - ANSWER1) Creation of a new service. 2) New or Updated program for processing data. 3) Merger or acquisition. 4) Creation of a new data center. 5) Onboarding new data. 6) Movement of data to a different country. 7) Changes in regulations covering data use. Four Ways to Address Risk - ANSWERAvoid, Mitigate, Accept, Transfer