CIPT - Certified Information Privacy Technologist Exam Questions with Correct Answers

CIPT - Certified Information Privacy Technologist Exam Questions with Correct Answers Development Lifecycle - answerRelease Planning Definition Development Validation Deployment There are four basic types of countermeasures - answer1. Preventative - These work by keeping something from happening in the first place. Examples of this include: security awareness training, firewall, anti-virus, security guard and IPS. 2. Reactive - Reactive countermeasures come into effect only after an event has already occurred. 3. Detective - Examples of detective counter measures include: system monitoring, IDS, anti-virus, motion detectors and IPS. 4. Administrative - These controls are the process of developing and ensuring compliance with policy and procedures. These use policy to protect an asset. PCI DSS has three main stages of compliance - answerCollecting and Storing - This involves the secure collection and tamper-proof storage of log data so that it is available for analysis. Reporting - This is the ability to prove compliance should an audit arise. The organization should also show evidence that data protection controls are in place. Monitoring and Alerting - This involves implementing systems to enable administrators to monitor access and usage of data. There should also be evidence that log data is being collected and stored. Re-Identification - answerre-identification refers to using data from a single entity holding the data. Symmetric Encryption - answerSymmetric key cryptography refers to using the same key for encrypting as well as decrypting. It is also referred to as shared secret, secret-key or private key. This key is not distributed, rather is kept secret by the sending and receiving parties Asymmetric Encryption - answerAsymmetric cryptography is also referred to as public-key cryptography. Public key depends on a key pair for the processes of encryption and decryption. Unlike private keys, public keys are distributed freely and publicly. Data that has been encrypted with a public key can only be decrypted with a private key. Choice/Consent - answerOpt-in = requires affirmative consent of individual Opt-out = requires implicit consent of individual Mandatory data collection - necessary to complete the immediate transaction (vs. optional data collection, which will not prevent the transaction from being completed) Choice and consent are regulated by CAN-SPAM Act of 2003, European Data Directive (Articles 7 and 8 De-Identification - answerProcess in which sensitive data is treated in such a way that the individual cannot be identified. EULA - answerEnd-user license agreement (AKA software license agreement) EULA = contract between licensor and purchaser; establishes purchaser's right to use the software Cookies - answerSimple text file that contains name-value pairs. Types of cookies include persistent