2025 CIPT EXAM VOCAB PREP
QUESTIONS AND ANSWERS FOR
100% SUCCES
Access Control Entry - ✔✔An element in an access control list (ACL). Each ACE
controls, monitors, or records access to an object by a specified user.
Access Control List - ✔✔A list of access control entries (ACE) that apply to an object.
Each ACE controls or monitors access to an object by a specified user. In a discretionary
access control list (DACL), the ACL controls access; in a system access control list
(SACL) the ACL monitors access in a security event log which can comprise part of an
audit trail.
Accountability - ✔✔A fair information practices principle, it is the idea that when
personal information is to be transferred to another person or organization, the personal
information controller should obtain the consent of the individual or exercise due
diligence and take reasonable steps to ensure that the recipient person or organization
will protect the information consistently with other fair use principles.
Active Data Collection - ✔✔When an end user deliberately provides information,
typically through the use of web forms, text boxes, check boxes or radio buttons.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,AdChoices - ✔✔A program run by the Digital Advertising Alliance to promote
awareness and choice in advertising for internet users. Websites with ads from
participating DAA members will have an AdChoices icon near advertisements or at the
bottom of their pages. By clicking on the Adchoices icon, users may set preferences for
behavioral advertising on that website or with DAA members generally across the web.
Adequate Level of Protection - ✔✔A label that the EU may apply to third-party
countries who have committed to protect data through domestic law making or
international commitments. Conferring of the label requires a proposal by the European
Commission, an Article 29 Working Group Opinion, an opinion of the article 31
Management Committee, a right of scrutiny by the European Parliament and adoption
by the European Commission.
Advanced Encryption Standard - ✔✔An encryption algorithm for security sensitive
non-classified material by the U.S. Government. This algorithm was selected in 2001 to
replace the previous algorithm, the Date Encryption Standard (DES), by the National
Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department,
through an open competition. The winning algorithm (RijnDael, pronounced rain-dahl),
was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen.
Adverse Action - ✔✔Under the Fair Credit Reporting Act, the term "adverse action" is
defined very broadly to include all business, credit and employment actions affecting
consumers that can be considered to have a negative impact, such as denying or
canceling credit or insurance, or denying employment or promotion. No adverse action
occurs in a credit transaction where the creditor makes a counteroffer that is accepted
by the consumer. Such an action requires that the decision maker furnish the recipient
of the adverse action with a copy of the credit report leading to the adverse action.
Agile Development Model - ✔✔A process of software system and product design that
incorporates new system requirements during the actual creation of the system, as
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
,opposed to the Plan-Driven Development Model. Agile development takes a given
project and focuses on specific portions to develop one at a time. An example of Agile
development is the Scrum Model.
Anonymization - ✔✔The process in which individually identifiable data is altered in
such a way that it no longer can be related back to a given individual. Among many
techniques, there are three primary ways that data is anonymized. Suppression is the
most basic version of anonymization and it simply removes some identifying values
from data to reduce its identifiability. Generalization takes specific identifying values
and makes them broader, such as changing a specific age (18) to an age range (18-24).
Noise addition takes identifying values from a given data set and switches them with
identifying values from another individual in that data set. Note that all of these
processes will not guarantee that data is no longer identifiable and have to be
performed in such a way that does not harm the usability of the data.
Anonymous Data - ✔✔Data sets that in no way indicate to whom the data belongs.
Replacing user names with unique ID numbers DOES NOT make the data set
anonymous even if identification seems impractical.
Antidiscrimination Laws - ✔✔Refers to the right of people to be treated equally.
Application-Layer Attacks - ✔✔Attacks that exploit flaws in the network applications
installed on network servers. Such weaknesses exist in web browsers, e-mail server
software, network routing software and other standard enterprise applications.
Regularly applying patches and updates to applications may help prevent such attacks.
Asymmetric Encryption - ✔✔A form of data encryption that uses two separate but
related keys to encrypt data. The system uses a public key, made available to other
parties, and a private key, which is kept by the first party. Decryption of data encrypted
by the public key requires the use of the private key; decryption of the data encrypted
by the private key requires the public key.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
, Attribute-Based Access Control - ✔✔An authorization model that provides dynamic
access control by assigning attributes to the users, the data, and the context in which the
user requests access (also referred to as environmental factors) and analyzes these
attributes together to determine access.
Audit Trail - ✔✔A chain of electronic activity or sequence of paperwork used to
monitor, track, record, or validate an activity. The term originates in accounting as a
reference to the chain of paperwork used to validate or invalidate accounting entries. It
has since been adapted for more general use in e-commerce, to track customer's activity,
or cyber-security, to investigate cybercrimes.
Authentication - ✔✔The process by which an entity (such as a person or computer
system) determines whether another entity is who it claims to be. Authentication
identified as an individual based on some credential; i.e. a password, biometrics, etc.
Authentication is different from authorization. Proper authentication ensures that a
person is who he or she claims to be, but it says nothing about the access rights of the
individual.
Authorization - ✔✔In the context of information security, it is process of determining if
the end user is permitted to have access to the desired resource such as the information
asset or the information system containing the asset. Authorization criteria may be
based upon a variety of factors such as organizational role, level of security clearance,
applicable law or a combination of factors. When effective, authentication validates that
the entity requesting access is who or what it claims to be.
Basel III - ✔✔A comprehensive set of reform measures, developed by the Basel
Committee on Banking Supervision, to strengthen the regulation, supervision and risk
management of the banking sector.
Behavioral Advertising - ✔✔The act of tracking users' online activities and then
delivering ads or recommendations based upon the tracked activities. The most
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 4
QUESTIONS AND ANSWERS FOR
100% SUCCES
Access Control Entry - ✔✔An element in an access control list (ACL). Each ACE
controls, monitors, or records access to an object by a specified user.
Access Control List - ✔✔A list of access control entries (ACE) that apply to an object.
Each ACE controls or monitors access to an object by a specified user. In a discretionary
access control list (DACL), the ACL controls access; in a system access control list
(SACL) the ACL monitors access in a security event log which can comprise part of an
audit trail.
Accountability - ✔✔A fair information practices principle, it is the idea that when
personal information is to be transferred to another person or organization, the personal
information controller should obtain the consent of the individual or exercise due
diligence and take reasonable steps to ensure that the recipient person or organization
will protect the information consistently with other fair use principles.
Active Data Collection - ✔✔When an end user deliberately provides information,
typically through the use of web forms, text boxes, check boxes or radio buttons.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 1
,AdChoices - ✔✔A program run by the Digital Advertising Alliance to promote
awareness and choice in advertising for internet users. Websites with ads from
participating DAA members will have an AdChoices icon near advertisements or at the
bottom of their pages. By clicking on the Adchoices icon, users may set preferences for
behavioral advertising on that website or with DAA members generally across the web.
Adequate Level of Protection - ✔✔A label that the EU may apply to third-party
countries who have committed to protect data through domestic law making or
international commitments. Conferring of the label requires a proposal by the European
Commission, an Article 29 Working Group Opinion, an opinion of the article 31
Management Committee, a right of scrutiny by the European Parliament and adoption
by the European Commission.
Advanced Encryption Standard - ✔✔An encryption algorithm for security sensitive
non-classified material by the U.S. Government. This algorithm was selected in 2001 to
replace the previous algorithm, the Date Encryption Standard (DES), by the National
Institute of Standards and Technology (NIST), a unit of the U.S. Commerce Department,
through an open competition. The winning algorithm (RijnDael, pronounced rain-dahl),
was developed by two Belgian cryptographers, Joan Daemen and Vincent Rijmen.
Adverse Action - ✔✔Under the Fair Credit Reporting Act, the term "adverse action" is
defined very broadly to include all business, credit and employment actions affecting
consumers that can be considered to have a negative impact, such as denying or
canceling credit or insurance, or denying employment or promotion. No adverse action
occurs in a credit transaction where the creditor makes a counteroffer that is accepted
by the consumer. Such an action requires that the decision maker furnish the recipient
of the adverse action with a copy of the credit report leading to the adverse action.
Agile Development Model - ✔✔A process of software system and product design that
incorporates new system requirements during the actual creation of the system, as
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 2
,opposed to the Plan-Driven Development Model. Agile development takes a given
project and focuses on specific portions to develop one at a time. An example of Agile
development is the Scrum Model.
Anonymization - ✔✔The process in which individually identifiable data is altered in
such a way that it no longer can be related back to a given individual. Among many
techniques, there are three primary ways that data is anonymized. Suppression is the
most basic version of anonymization and it simply removes some identifying values
from data to reduce its identifiability. Generalization takes specific identifying values
and makes them broader, such as changing a specific age (18) to an age range (18-24).
Noise addition takes identifying values from a given data set and switches them with
identifying values from another individual in that data set. Note that all of these
processes will not guarantee that data is no longer identifiable and have to be
performed in such a way that does not harm the usability of the data.
Anonymous Data - ✔✔Data sets that in no way indicate to whom the data belongs.
Replacing user names with unique ID numbers DOES NOT make the data set
anonymous even if identification seems impractical.
Antidiscrimination Laws - ✔✔Refers to the right of people to be treated equally.
Application-Layer Attacks - ✔✔Attacks that exploit flaws in the network applications
installed on network servers. Such weaknesses exist in web browsers, e-mail server
software, network routing software and other standard enterprise applications.
Regularly applying patches and updates to applications may help prevent such attacks.
Asymmetric Encryption - ✔✔A form of data encryption that uses two separate but
related keys to encrypt data. The system uses a public key, made available to other
parties, and a private key, which is kept by the first party. Decryption of data encrypted
by the public key requires the use of the private key; decryption of the data encrypted
by the private key requires the public key.
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 3
, Attribute-Based Access Control - ✔✔An authorization model that provides dynamic
access control by assigning attributes to the users, the data, and the context in which the
user requests access (also referred to as environmental factors) and analyzes these
attributes together to determine access.
Audit Trail - ✔✔A chain of electronic activity or sequence of paperwork used to
monitor, track, record, or validate an activity. The term originates in accounting as a
reference to the chain of paperwork used to validate or invalidate accounting entries. It
has since been adapted for more general use in e-commerce, to track customer's activity,
or cyber-security, to investigate cybercrimes.
Authentication - ✔✔The process by which an entity (such as a person or computer
system) determines whether another entity is who it claims to be. Authentication
identified as an individual based on some credential; i.e. a password, biometrics, etc.
Authentication is different from authorization. Proper authentication ensures that a
person is who he or she claims to be, but it says nothing about the access rights of the
individual.
Authorization - ✔✔In the context of information security, it is process of determining if
the end user is permitted to have access to the desired resource such as the information
asset or the information system containing the asset. Authorization criteria may be
based upon a variety of factors such as organizational role, level of security clearance,
applicable law or a combination of factors. When effective, authentication validates that
the entity requesting access is who or what it claims to be.
Basel III - ✔✔A comprehensive set of reform measures, developed by the Basel
Committee on Banking Supervision, to strengthen the regulation, supervision and risk
management of the banking sector.
Behavioral Advertising - ✔✔The act of tracking users' online activities and then
delivering ads or recommendations based upon the tracked activities. The most
COPYRIGHT © 2025 BY OLIVIA WEST, ALL RIGHTS RESERVED 4
