CIPT EXAM PRACTICE QUESTIONS AND
ANSWERS 100% CORRECT
Active collection - ANSWER-Data directly from subject
Passive collection - ANSWER-Data without the participant Knowing
First Party - ANSWER-Providing information directly to collector
Surveillance - ANSWER-Collecting data through observed behaviors like online
searches or websites
Repurposing - ANSWER-Previously collected data used for a different purpose
Third Party - ANSWER-Previously collected data is transferred to a third party
Explicit Consent - ANSWER-User takes an action
Implicit Consent - ANSWER-Does not require user permission
Privacy by design - ANSWER-1. Proactive not reactive, 2. Privacy by Default, 3. Privacy
Embedded in Design, 4. Full Functionality (Positive Sum, not zero sum, 5. End to End
Securty, 6. Visibility and Transparency, 7. Respect for privacy
Fair Information Principles (FIPPS) - ANSWER-A privacy risk model that restricts
collection of data to only what is needed or for its intended purpose. Do not collect
additional data that is not needed for intended purpose.
Calo's Subjective/Objective Dichotomy - ANSWER-A privacy risk model that focuses on
privacy harms based on two categories: Subjective Harm (perceives a harm that may
not be observable or measure and can cause fear and anxiety) and Objective Harm
(privacy has been violated or direct harm is known and is measurable and observable).
interrogation - ANSWER-Actively questioning an individual or otherwise probing for
information
Aggregation - ANSWER-combining multiple pieces of information about an individual to
produce a whole that is greater than the sum of its parts.
Contextual Integrity - ANSWER-A risk model that states that privacy problems arise out
of disruption of informational norms. More specifically, personal information should be in
alignment with informational norms that apply to the particular context.
,Solove's Taxanomy - ANSWER-Model that attempts to order different harms that may
arise from infringements in privacy. The taxonomy is split into four categories: 1)
Information Collection, 2) Information processing, 3) Information dissemination and 4)
Invasion.
NIST Privacy Risk Model - ANSWER-A risk model that is embedded in its Privacy Risk
Assessment Methodology (PRAM) and explicitly addrssees vulnerabilities, adverse
events and the relative likelihoods and impacts of those events.
NICE Framework - ANSWER-Divides computer security into the following categories:
Securely provision (Tasks to develop software to be secure), Operate and Maintain,
Protect and Defend and Investigate (plan for investigating an attack).
Factors Analysis in Information Risk (FAIR) - ANSWER-Model that breaks down risk by
its constituent parts and then breaks it down further to estimate risk. The model asks
how often a violation occurs and over what time period and what impact will that
violation have?
Design Thinking Process - ANSWER-Five stages: Empathize (Research user's needs),
Define (state users needs and problems, Ideate (challenge assumptions and create
ideas), prototype (create solutions) and Test (try out solution).
Value-Sensitive Design - ANSWER-Design approach that accounts for ethical values,
such as privacy, in addition to usability-oriented design goals. Here are the steps for
Value-sensitive design: 1) Clarify project values, 2) Identify the direct and Indirect
stakeholders, 3) Identify the benefits and hams for stakeholders, 4) Identify and elicit
potential values 5) Develop working definistions of key values, 6) Identify potential value
tensions and 7) Value-oriented design and development.
Privacy Notices - ANSWER-External documents that informs users of an organizations
practices, values and commitments concerning their personal data.
Privacy Policies - ANSWER-Internal documents that inform employees on how to
protect consumer data.
Security Policies - ANSWER-Document that spells out the rules, expectations and
overall approach to how an organization will maintain contidentiality, integrity and
availability of its data. This will include Data Classification (granting and revoking access
to assets and information based on their classification), Data Schema (Contraints on
data to seperate customer data), Data Retention (Policies that align with laws and
regulation concerning storage) and Data Deletion (Disposal of data and methods for
removal and recovery).
Defect - ANSWER-A flaw in the requirement, design or implementation that can lead to
a fault.
, Fault - ANSWER-An incorrect step, process or data definition in a computer program.
Error - ANSWER-The difference between a computed, observed or measured value or
condition and the true, specified or theoretically correct value or condition.
Failure - ANSWER-Inability of system or component to perform it required funstions
within specified performance requrements.
Harm - ANSWER-The actual ill effect to an individual's personal privacy.
Sneak into basket - ANSWER-A dark pattern where you making a purchase online, the
site sneaks an additional item into your basket.
Price comparison prevention - ANSWER-A dark pattern where the retailer makes it hard
for you to compare prices.
Misdirection - ANSWER-A dark pattern is a design puposefully focuses your attention
on one thing in order to distract your attention from another.
Hidden Cost - ANSWER-A dark pattern where in the checkout process, unexpected
charges have appeared.
Information Collection - ANSWER-A category of Solove's Taxanomy and involves risk
associated with data collection; more specifically it concerns surveillance (data captured
through observation or a user's activities) and interrogation (Actively questioning an
individual probing for information).
Information Processing - ANSWER-A category of Solove's Taxanomy and involves
aggregation (bringing sensitive data together), Identification (information linked to
specific individuals), Insecurity (failure to protect individuals information), Secondary use
(using individual's information without consent) and Exclusion (failure to allow the
individual to participate or have knowledge of what is done with their information).
Information Dissemination - ANSWER-A category of Solve's Taxanomy that involves
breach of confidentiality, Disclosure (release of truthful information about individual that
may negatively affect how others view them), Distortion (spreading of false and
inaccurate information), Exposure (revealing private information), accessibility (making
an individuals information to easy to obtain), blackmail (using a persons information
against their will) and appropiation (using someone elses personal information).
Intrusion and Decisional Interference - ANSWER-A category of Solove's Taxanomy that
deals with intrusion (invasion of an individual's solitude and tranquility and Desisional
Interferance (others inserting themselves into a decision-making process that affects the
individual's personal affairs).
ANSWERS 100% CORRECT
Active collection - ANSWER-Data directly from subject
Passive collection - ANSWER-Data without the participant Knowing
First Party - ANSWER-Providing information directly to collector
Surveillance - ANSWER-Collecting data through observed behaviors like online
searches or websites
Repurposing - ANSWER-Previously collected data used for a different purpose
Third Party - ANSWER-Previously collected data is transferred to a third party
Explicit Consent - ANSWER-User takes an action
Implicit Consent - ANSWER-Does not require user permission
Privacy by design - ANSWER-1. Proactive not reactive, 2. Privacy by Default, 3. Privacy
Embedded in Design, 4. Full Functionality (Positive Sum, not zero sum, 5. End to End
Securty, 6. Visibility and Transparency, 7. Respect for privacy
Fair Information Principles (FIPPS) - ANSWER-A privacy risk model that restricts
collection of data to only what is needed or for its intended purpose. Do not collect
additional data that is not needed for intended purpose.
Calo's Subjective/Objective Dichotomy - ANSWER-A privacy risk model that focuses on
privacy harms based on two categories: Subjective Harm (perceives a harm that may
not be observable or measure and can cause fear and anxiety) and Objective Harm
(privacy has been violated or direct harm is known and is measurable and observable).
interrogation - ANSWER-Actively questioning an individual or otherwise probing for
information
Aggregation - ANSWER-combining multiple pieces of information about an individual to
produce a whole that is greater than the sum of its parts.
Contextual Integrity - ANSWER-A risk model that states that privacy problems arise out
of disruption of informational norms. More specifically, personal information should be in
alignment with informational norms that apply to the particular context.
,Solove's Taxanomy - ANSWER-Model that attempts to order different harms that may
arise from infringements in privacy. The taxonomy is split into four categories: 1)
Information Collection, 2) Information processing, 3) Information dissemination and 4)
Invasion.
NIST Privacy Risk Model - ANSWER-A risk model that is embedded in its Privacy Risk
Assessment Methodology (PRAM) and explicitly addrssees vulnerabilities, adverse
events and the relative likelihoods and impacts of those events.
NICE Framework - ANSWER-Divides computer security into the following categories:
Securely provision (Tasks to develop software to be secure), Operate and Maintain,
Protect and Defend and Investigate (plan for investigating an attack).
Factors Analysis in Information Risk (FAIR) - ANSWER-Model that breaks down risk by
its constituent parts and then breaks it down further to estimate risk. The model asks
how often a violation occurs and over what time period and what impact will that
violation have?
Design Thinking Process - ANSWER-Five stages: Empathize (Research user's needs),
Define (state users needs and problems, Ideate (challenge assumptions and create
ideas), prototype (create solutions) and Test (try out solution).
Value-Sensitive Design - ANSWER-Design approach that accounts for ethical values,
such as privacy, in addition to usability-oriented design goals. Here are the steps for
Value-sensitive design: 1) Clarify project values, 2) Identify the direct and Indirect
stakeholders, 3) Identify the benefits and hams for stakeholders, 4) Identify and elicit
potential values 5) Develop working definistions of key values, 6) Identify potential value
tensions and 7) Value-oriented design and development.
Privacy Notices - ANSWER-External documents that informs users of an organizations
practices, values and commitments concerning their personal data.
Privacy Policies - ANSWER-Internal documents that inform employees on how to
protect consumer data.
Security Policies - ANSWER-Document that spells out the rules, expectations and
overall approach to how an organization will maintain contidentiality, integrity and
availability of its data. This will include Data Classification (granting and revoking access
to assets and information based on their classification), Data Schema (Contraints on
data to seperate customer data), Data Retention (Policies that align with laws and
regulation concerning storage) and Data Deletion (Disposal of data and methods for
removal and recovery).
Defect - ANSWER-A flaw in the requirement, design or implementation that can lead to
a fault.
, Fault - ANSWER-An incorrect step, process or data definition in a computer program.
Error - ANSWER-The difference between a computed, observed or measured value or
condition and the true, specified or theoretically correct value or condition.
Failure - ANSWER-Inability of system or component to perform it required funstions
within specified performance requrements.
Harm - ANSWER-The actual ill effect to an individual's personal privacy.
Sneak into basket - ANSWER-A dark pattern where you making a purchase online, the
site sneaks an additional item into your basket.
Price comparison prevention - ANSWER-A dark pattern where the retailer makes it hard
for you to compare prices.
Misdirection - ANSWER-A dark pattern is a design puposefully focuses your attention
on one thing in order to distract your attention from another.
Hidden Cost - ANSWER-A dark pattern where in the checkout process, unexpected
charges have appeared.
Information Collection - ANSWER-A category of Solove's Taxanomy and involves risk
associated with data collection; more specifically it concerns surveillance (data captured
through observation or a user's activities) and interrogation (Actively questioning an
individual probing for information).
Information Processing - ANSWER-A category of Solove's Taxanomy and involves
aggregation (bringing sensitive data together), Identification (information linked to
specific individuals), Insecurity (failure to protect individuals information), Secondary use
(using individual's information without consent) and Exclusion (failure to allow the
individual to participate or have knowledge of what is done with their information).
Information Dissemination - ANSWER-A category of Solve's Taxanomy that involves
breach of confidentiality, Disclosure (release of truthful information about individual that
may negatively affect how others view them), Distortion (spreading of false and
inaccurate information), Exposure (revealing private information), accessibility (making
an individuals information to easy to obtain), blackmail (using a persons information
against their will) and appropiation (using someone elses personal information).
Intrusion and Decisional Interference - ANSWER-A category of Solove's Taxanomy that
deals with intrusion (invasion of an individual's solitude and tranquility and Desisional
Interferance (others inserting themselves into a decision-making process that affects the
individual's personal affairs).
