IAPP-CIPT Exam Questions with Correct Answers

IAPP-CIPT Exam Questions with Correct Answers "Client side" Privacy Risk - Answer-- Represents computers typically used by company employees. - These computers normally connect to the company's server-side systems via wireless and hardwired networks. - Client side can represent a significant threat to the company's systems as well as sensitive data that may be on the client computers. - Employees often download customer files, corporate e-mails and legal documents to their computer for processing. - Employees may even store their personal information on company computers. - Client computer can access resources across the company that could have vast amounts of planning documents that might be of great interest to competitors or corporate spies. Network Sniffer - Answer-- Allows anyone to view or copy unprotected data from a company's wireless network. . /P:count flag - Answer-Format command within Windows OS. Best way to zero the entire disk. cross-enterprise access controls - Answer-Permits employees in one organization to have access to resources that belong to another organization. Typical when major functions are outsourced or through SAAS model. Travel, purchasing, payroll, and healthcare could be provided by companies that specialize in those services. CEAC allows employees to access records through SSO. Access is typically one-way. SSL encryption - Answer-secure socket layer protocol commonly used to protect communications between a browser and web machine (data in transit) TSL encryption - Answer-transport layer security often used to protect email as it is transmitted between email servers (data in transit) multilayered privacy notice - Answer-abbreviated form of an organization's privacy notice while providing links to more detailed information privacy nutrition label - Answer-informs users about the company's privacy practices of the organization in an abbreviated form -- only practical as part company's privacy notice or as a privacy notice for a newly installed applications. hashing - Answer-method of protecting data that uses a cryptographic key to encrypt the data but does not allow the data to later be decrypted. Permits the use of sensitive data while protecting the original value. Permits the encryption of passwords, credit card numbers, and SSNs while still permitting the verification of values by matching hashes. (Ex: a credit card number can be hashed and used as index for an individual's credit card transactions while preventing the hashed value from being used for additional transactions. Salting, which shifts the encryption value, can also be used. Secure Hashing Algorithm 1 (SHA-1) and Rivest Cypher 4 (RC4) are examples of hashing algorithms. types of authentication (KHAW) - Answer-"What you know" - this type of authentication involves something the user knows, usually an ID and password. "Something you have" - this type of authentication involves something the user carries on her person, usually an RSA or key fob. "Something you are" - This involves biometrics to authenticate, such as a fingerprint or retinal scan. "Where you are" - This type of authentication involves confirmation of the user's location.