CIPT Exam Questions with 100% Correct Answers 2024

CIPT Exam Questions with 100% Correct Answers 2024 Which of the following may pose a "client side" privacy risk? A. An employee loading personal data on a company laptop B. Failure of a firewall that is protecting the company's network C. A distributed denial of service (DDoS) attack on the org D. A remote employee placing communication software on a company server - answerA. An employee loading personal data on a company laptop You are browsing the web and shopping for new furniture. You then open your favorite social media to scroll through the posts. While doing so, you start noticing ads for furniture. This is an example of what? A. Direct Marketing B. Individual advertising C. Behavioral advertising D. Indirect Marketing - answerC. Behavioral advertising Which of the following privacy practices would be most useful to users who are not knowledgeable about protecting their personal information? A. Choice B. Control C. Notice D. Consent - answerC. Notice Which of the following privacy-related principles would be the main concern during the data usage stage of the data life cycle? A. Transparency B. Data Minimization C. Storage Limitation D. Purpose Limitation - answerD. Purpose Limitation Under the EU's General Data Protection Regulation (GDPR), which of the following types of information would NOT require notification to a supervisory authority in the event of a personal data breach? A. Pseudonymized data B. Anonymized data C. Reidentified data D. Deidentified data - answerB. Anonymized data Authentication can be accomplished by a variety of mechanisms. Which are the four main categories? A. What you know, when you know, where you are, what you are B. What you know, what you have, when you know, where you are C. What you know, what you have, where you are, what you are D. What you know, what you have, where you are, when you know - answerC. What you know, what you have, where you are, what you are The acronym PGP stands for: - answerPretty Good Privacy Julie needs to securely transfer a file containing personal data to Katelyn. They decide to use asymmetric encryption. What are the correct steps they should follow? - answerJulie encrypts the file using Katelyn's public key, Katelyn decrypts using her private key When purchasing a product from TripeType's website, a customer must enter basic information into a purchase form. A link to TripeType's privacy statement is provided on the purchase form. However, it does not disclose that it will use personal information for other purposes. The statement provides that TT will store the customer information in its database. A month later, TT's sales team wants to generate new leads and decides to use the information collected from customers. This is an example of what? A. Secondary Use B. Involuntary use C. Disapproved Use D. Selective Use - answerA. Secondary Use Which of the following explains why it is difficult to regulate what individually identifiable data is? A. Many people mistakenly expose personal information online B. Personal information means different things to different people C. Most legislative bodies are hesitant to enact laws about identifiable data D. Data that is not overly identifiable can be combined to identify individuals - answerD. Data that is not overly identifiable can be combined to identify individuals Ubiquitous computing can raise significant concerns about the sheer volume of data that can be collected by a system. Each of the following are necessary considerations when utilizing a data collection process that falls into this category EXCEPT which? A. The system should provide end-users with both feedback and control B. The system should have obvious value C. The retention of data by the system should be limited D. The data collected by system should be aggregated and made available to all users - answerD. The data collected by system should be aggregated and made available to all users In creating a registration form for a mobile app directed at grade school children, what privacy engineering objective is addressed by asking for grade level instead of data of birth? A. Disassociability B. Manageability C. Security