IAPP-CIPT Exam Questions and Answers
Graded A+
"Client side" Privacy Risk - Correct answer-- Represents computers typically used
by company employees.
- These computers normally connect to the company's server-side systems via
wireless and hardwired networks.
- Client side can represent a significant threat to the company's systems as well as
sensitive data that may be on the client computers.
- Employees often download customer files, corporate e-mails and legal documents
to their computer for processing.
- Employees may even store their personal information on company computers.
- Client computer can access resources across the company that could have vast
amounts of planning documents that might be of great interest to competitors or
corporate spies.
Network Sniffer - Correct answer-- Allows anyone to view or copy unprotected
data from a company's wireless network.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,.
/P:count flag - Correct answer-Format command within Windows OS. Best way to
zero the entire disk.
cross-enterprise access controls - Correct answer-Permits employees in one
organization to have access to resources that belong to another organization.
Typical when major functions are outsourced or through SAAS model. Travel,
purchasing, payroll, and healthcare could be provided by companies that specialize
in those services. CEAC allows employees to access records through SSO. Access
is typically one-way.
SSL encryption - Correct answer-secure socket layer protocol commonly used to
protect communications between a browser and web machine (data in transit)
TSL encryption - Correct answer-transport layer security often used to protect
email as it is transmitted between email servers (data in transit)
multilayered privacy notice - Correct answer-abbreviated form of an organization's
privacy notice while providing links to more detailed information
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, privacy nutrition label - Correct answer-informs users about the company's privacy
practices of the organization in an abbreviated form -- only practical as part
company's privacy notice or as a privacy notice for a newly installed applications.
hashing - Correct answer-method of protecting data that uses a cryptographic key
to encrypt the data but does not allow the data to later be decrypted. Permits the
use of sensitive data while protecting the original value. Permits the encryption of
passwords, credit card numbers, and SSNs while still permitting the verification of
values by matching hashes. (Ex: a credit card number can be hashed and used as
index for an individual's credit card transactions while preventing the hashed value
from being used for additional transactions. Salting, which shifts the encryption
value, can also be used. Secure Hashing Algorithm 1 (SHA-1) and Rivest Cypher 4
(RC4) are examples of hashing algorithms.
types of authentication (KHAW) - Correct answer-"What you know" - this type of
authentication involves something the user knows, usually an ID and password.
"Something you have" - this type of authentication involves something the user
carries on her person, usually an RSA or key fob.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
Graded A+
"Client side" Privacy Risk - Correct answer-- Represents computers typically used
by company employees.
- These computers normally connect to the company's server-side systems via
wireless and hardwired networks.
- Client side can represent a significant threat to the company's systems as well as
sensitive data that may be on the client computers.
- Employees often download customer files, corporate e-mails and legal documents
to their computer for processing.
- Employees may even store their personal information on company computers.
- Client computer can access resources across the company that could have vast
amounts of planning documents that might be of great interest to competitors or
corporate spies.
Network Sniffer - Correct answer-- Allows anyone to view or copy unprotected
data from a company's wireless network.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 1
,.
/P:count flag - Correct answer-Format command within Windows OS. Best way to
zero the entire disk.
cross-enterprise access controls - Correct answer-Permits employees in one
organization to have access to resources that belong to another organization.
Typical when major functions are outsourced or through SAAS model. Travel,
purchasing, payroll, and healthcare could be provided by companies that specialize
in those services. CEAC allows employees to access records through SSO. Access
is typically one-way.
SSL encryption - Correct answer-secure socket layer protocol commonly used to
protect communications between a browser and web machine (data in transit)
TSL encryption - Correct answer-transport layer security often used to protect
email as it is transmitted between email servers (data in transit)
multilayered privacy notice - Correct answer-abbreviated form of an organization's
privacy notice while providing links to more detailed information
©COPYRIGHT 2025, ALL RIGHTS RESERVED 2
, privacy nutrition label - Correct answer-informs users about the company's privacy
practices of the organization in an abbreviated form -- only practical as part
company's privacy notice or as a privacy notice for a newly installed applications.
hashing - Correct answer-method of protecting data that uses a cryptographic key
to encrypt the data but does not allow the data to later be decrypted. Permits the
use of sensitive data while protecting the original value. Permits the encryption of
passwords, credit card numbers, and SSNs while still permitting the verification of
values by matching hashes. (Ex: a credit card number can be hashed and used as
index for an individual's credit card transactions while preventing the hashed value
from being used for additional transactions. Salting, which shifts the encryption
value, can also be used. Secure Hashing Algorithm 1 (SHA-1) and Rivest Cypher 4
(RC4) are examples of hashing algorithms.
types of authentication (KHAW) - Correct answer-"What you know" - this type of
authentication involves something the user knows, usually an ID and password.
"Something you have" - this type of authentication involves something the user
carries on her person, usually an RSA or key fob.
©COPYRIGHT 2025, ALL RIGHTS RESERVED 3
