CIPT – CERTIFIED INFORMATION PRIVACY
TECHNOLOGIST EXAM QUESTIONS WITH
VERIFIED ANSWERS
Progress Lifecycle: ANSWER Publication Planning Definition and
Development
Validation Implementation
Four fundamental categories of countermeasures exist: ANSWER 1.
Preventative: They function by preventing an incident from occurring in the
first place. Security awareness training, firewalls, antivirus software, security
guards, and intrusion prevention systems are a few examples of this.
2. Reactive: Reactive countermeasures are only implemented after an incident
has already taken place.
3. Detective: IDS, antivirus software, motion detectors, IPS, and system
monitoring are a few examples of detective countermeasures.
4. Administrative: These controls are the process of creating policies and
procedures and making sure they are followed. These employ policies to
safeguard assets.
The three primary phases of PCI DSS compliance are ANSWER Gathering and
Preserving: This entails the safe gathering and impenetrable preservation of log
data so that it can be analyzed.
Reporting: This is the capacity to demonstrate compliance in the event of an
audit. Additionally, the company should provide proof that data protection
measures are in place.
Monitoring and Alerting: This entails putting in place mechanisms that let
administrators keep an eye on data consumption and access. Additionally, there
need to be proof that log data is being gathered and kept.
ANSWER: Re-Identification Re-identification is the process of using
information from a single source.
, Answer for Symmetric Encryption Using the same key for both encryption and
decryption is known as symmetric key cryptography. Other names for it include
private key, secret-key, and shared secret. The sender and receiving parties keep
this key confidential rather than sharing it.
Answer for Asymmetric Encryption Public-key cryptography is another name
for asymmetric cryptography. The encryption and decryption procedures rely on
a public key pair. Public keys are dispersed openly and freely, in contrast to
private keys. Only a private key may be used to decrypt data that has been
encrypted using a public key.
ANSWER: Choice/Consent Opt-in = requires the individual's affirmative
assent
Opt-out = requires the individual's implied consent
In contrast to discretionary data gathering, which won't stop the transaction
from being completed, mandatory data collection is required to finish the
transaction right away.
The CAN-SPAM Act of 2003 and the European Data Directive (Articles 7 and
8) govern choice and consent.
Answer: De-Identification procedure that handles private information so that
the identity of the individual cannot be determined.
End-user license agreement (sometimes known as a software license agreement)
EULA is the agreement between the buyer and the licensor that specifies the
buyer's usage rights for the program.
Cookies: ANSWER Name-value pairs are contained in a simple text file.
Cookies come in two varieties: session cookies and persistent cookies. Cookies
are useful for: o Customization
o Meeting
OBA/OBM: ANSWER Internet-based behavioral marketing and advertising
Using third-party tracking (such as web cookies) to gather and aggregate user
data
ANSWER Location-based services (LBS)
TECHNOLOGIST EXAM QUESTIONS WITH
VERIFIED ANSWERS
Progress Lifecycle: ANSWER Publication Planning Definition and
Development
Validation Implementation
Four fundamental categories of countermeasures exist: ANSWER 1.
Preventative: They function by preventing an incident from occurring in the
first place. Security awareness training, firewalls, antivirus software, security
guards, and intrusion prevention systems are a few examples of this.
2. Reactive: Reactive countermeasures are only implemented after an incident
has already taken place.
3. Detective: IDS, antivirus software, motion detectors, IPS, and system
monitoring are a few examples of detective countermeasures.
4. Administrative: These controls are the process of creating policies and
procedures and making sure they are followed. These employ policies to
safeguard assets.
The three primary phases of PCI DSS compliance are ANSWER Gathering and
Preserving: This entails the safe gathering and impenetrable preservation of log
data so that it can be analyzed.
Reporting: This is the capacity to demonstrate compliance in the event of an
audit. Additionally, the company should provide proof that data protection
measures are in place.
Monitoring and Alerting: This entails putting in place mechanisms that let
administrators keep an eye on data consumption and access. Additionally, there
need to be proof that log data is being gathered and kept.
ANSWER: Re-Identification Re-identification is the process of using
information from a single source.
, Answer for Symmetric Encryption Using the same key for both encryption and
decryption is known as symmetric key cryptography. Other names for it include
private key, secret-key, and shared secret. The sender and receiving parties keep
this key confidential rather than sharing it.
Answer for Asymmetric Encryption Public-key cryptography is another name
for asymmetric cryptography. The encryption and decryption procedures rely on
a public key pair. Public keys are dispersed openly and freely, in contrast to
private keys. Only a private key may be used to decrypt data that has been
encrypted using a public key.
ANSWER: Choice/Consent Opt-in = requires the individual's affirmative
assent
Opt-out = requires the individual's implied consent
In contrast to discretionary data gathering, which won't stop the transaction
from being completed, mandatory data collection is required to finish the
transaction right away.
The CAN-SPAM Act of 2003 and the European Data Directive (Articles 7 and
8) govern choice and consent.
Answer: De-Identification procedure that handles private information so that
the identity of the individual cannot be determined.
End-user license agreement (sometimes known as a software license agreement)
EULA is the agreement between the buyer and the licensor that specifies the
buyer's usage rights for the program.
Cookies: ANSWER Name-value pairs are contained in a simple text file.
Cookies come in two varieties: session cookies and persistent cookies. Cookies
are useful for: o Customization
o Meeting
OBA/OBM: ANSWER Internet-based behavioral marketing and advertising
Using third-party tracking (such as web cookies) to gather and aggregate user
data
ANSWER Location-based services (LBS)
