IAPP-CIPT EXAM 2025
QUESTIONS AND ANSWERS
100% PASS
"Client side" Privacy Risk - ✔✔- Represents computers typically used by company
employees.
- These computers normally connect to the company's server-side systems via wireless
and hardwired networks.
- Client side can represent a significant threat to the company's systems as well as
sensitive data that may be on the client computers.
- Employees often download customer files, corporate e-mails and legal documents to
their computer for processing.
- Employees may even store their personal information on company computers.
- Client computer can access resources across the company that could have vast
amounts of planning documents that might be of great interest to competitors or
corporate spies.
Network Sniffer - ✔✔- Allows anyone to view or copy unprotected data from a
company's wireless network.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,.
/P:count flag - ✔✔Format command within Windows OS. Best way to zero the entire
disk.
cross-enterprise access controls - ✔✔Permits employees in one organization to have
access to resources that belong to another organization. Typical when major functions
are outsourced or through SAAS model. Travel, purchasing, payroll, and healthcare
could be provided by companies that specialize in those services. CEAC allows
employees to access records through SSO. Access is typically one-way.
SSL encryption - ✔✔secure socket layer protocol commonly used to protect
communications between a browser and web machine (data in transit)
TSL encryption - ✔✔transport layer security often used to protect email as it is
transmitted between email servers (data in transit)
multilayered privacy notice - ✔✔abbreviated form of an organization's privacy notice
while providing links to more detailed information
privacy nutrition label - ✔✔informs users about the company's privacy practices of the
organization in an abbreviated form -- only practical as part company's privacy notice
or as a privacy notice for a newly installed applications.
hashing - ✔✔method of protecting data that uses a cryptographic key to encrypt the
data but does not allow the data to later be decrypted. Permits the use of sensitive data
while protecting the original value. Permits the encryption of passwords, credit card
numbers, and SSNs while still permitting the verification of values by matching hashes.
(Ex: a credit card number can be hashed and used as index for an individual's credit
card transactions while preventing the hashed value from being used for additional
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
, transactions. Salting, which shifts the encryption value, can also be used. Secure
Hashing Algorithm 1 (SHA-1) and Rivest Cypher 4 (RC4) are examples of hashing
algorithms.
types of authentication (KHAW) - ✔✔"What you know" - this type of authentication
involves something the user knows, usually an ID and password.
"Something you have" - this type of authentication involves something the user carries
on her person, usually an RSA or key fob.
"Something you are" - This involves biometrics to authenticate, such as a fingerprint or
retinal scan.
"Where you are" - This type of authentication involves confirmation of the user's
location.
multifactor authentication - ✔✔when more than one type of authentication is used to
validate an individual. KHAW:
Device Identifier - ✔✔Device ID assigned by the device manufacturer or operating
system vendor which can be a source for user tracking as Device ID's are often not
deleted, blocked, or opted out of. Device ID, media access control (MAC) or other
device-assigned ID's are TO BE AVOIDED by developers as these device identifiers
may be used to track employees.
Whaling - ✔✔Email targeting of wealthy individuals.
Development Lifecycle - ✔✔Release Planning
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
QUESTIONS AND ANSWERS
100% PASS
"Client side" Privacy Risk - ✔✔- Represents computers typically used by company
employees.
- These computers normally connect to the company's server-side systems via wireless
and hardwired networks.
- Client side can represent a significant threat to the company's systems as well as
sensitive data that may be on the client computers.
- Employees often download customer files, corporate e-mails and legal documents to
their computer for processing.
- Employees may even store their personal information on company computers.
- Client computer can access resources across the company that could have vast
amounts of planning documents that might be of great interest to competitors or
corporate spies.
Network Sniffer - ✔✔- Allows anyone to view or copy unprotected data from a
company's wireless network.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,.
/P:count flag - ✔✔Format command within Windows OS. Best way to zero the entire
disk.
cross-enterprise access controls - ✔✔Permits employees in one organization to have
access to resources that belong to another organization. Typical when major functions
are outsourced or through SAAS model. Travel, purchasing, payroll, and healthcare
could be provided by companies that specialize in those services. CEAC allows
employees to access records through SSO. Access is typically one-way.
SSL encryption - ✔✔secure socket layer protocol commonly used to protect
communications between a browser and web machine (data in transit)
TSL encryption - ✔✔transport layer security often used to protect email as it is
transmitted between email servers (data in transit)
multilayered privacy notice - ✔✔abbreviated form of an organization's privacy notice
while providing links to more detailed information
privacy nutrition label - ✔✔informs users about the company's privacy practices of the
organization in an abbreviated form -- only practical as part company's privacy notice
or as a privacy notice for a newly installed applications.
hashing - ✔✔method of protecting data that uses a cryptographic key to encrypt the
data but does not allow the data to later be decrypted. Permits the use of sensitive data
while protecting the original value. Permits the encryption of passwords, credit card
numbers, and SSNs while still permitting the verification of values by matching hashes.
(Ex: a credit card number can be hashed and used as index for an individual's credit
card transactions while preventing the hashed value from being used for additional
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
, transactions. Salting, which shifts the encryption value, can also be used. Secure
Hashing Algorithm 1 (SHA-1) and Rivest Cypher 4 (RC4) are examples of hashing
algorithms.
types of authentication (KHAW) - ✔✔"What you know" - this type of authentication
involves something the user knows, usually an ID and password.
"Something you have" - this type of authentication involves something the user carries
on her person, usually an RSA or key fob.
"Something you are" - This involves biometrics to authenticate, such as a fingerprint or
retinal scan.
"Where you are" - This type of authentication involves confirmation of the user's
location.
multifactor authentication - ✔✔when more than one type of authentication is used to
validate an individual. KHAW:
Device Identifier - ✔✔Device ID assigned by the device manufacturer or operating
system vendor which can be a source for user tracking as Device ID's are often not
deleted, blocked, or opted out of. Device ID, media access control (MAC) or other
device-assigned ID's are TO BE AVOIDED by developers as these device identifiers
may be used to track employees.
Whaling - ✔✔Email targeting of wealthy individuals.
Development Lifecycle - ✔✔Release Planning
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
