Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Pass the IAPP Information Privacy Technologist CIPT Questions and answers with ValidTests

Exam CIPT All Questions
Exam CIPT Premium Access

View all detail and faqs for the CIPT exam

Viewing page 6 out of 7 pages
Viewing questions 51-60 out of questions
Questions # 51:

What is the main function of a breach response center?

Options:

A.

Detecting internal security attacks.

B.

Addressing privacy incidents.

C.

Providing training to internal constituencies.

D.

Interfacing with privacy regulators and governmental bodies.

Expert Solution
Questions # 52:

An organization is evaluating a number of Machine Learning (ML) solutions to help automate a customer-facing part of its business From a privacy perspective, the organization should first?

Options:

A.

Define their goals for fairness

B.

Document the distribution of bias scores

C.

Document the False Positive Rates (FPR).

D.

Define how data subjects may object to the processing

Expert Solution
Questions # 53:

An organization is deciding between building a solution in-house versus purchasing a solution for a new customer facing application. When security threat are taken into consideration, a key advantage of purchasing a solution would be the availability of?

Options:

A.

Outsourcing.

B.

Persistent VPN.

C.

Patching and updates.

D.

Digital Rights Management.

Expert Solution
Questions # 54:

Which of the following statements describes an acceptable disclosure practice?

Options:

A.

An organization’s privacy policy discloses how data will be used among groups within the organization itself.

B.

With regard to limitation of use, internal disclosure policies override contractual agreements with third parties.

C.

Intermediaries processing sensitive data on behalf of an organization require stricter disclosure oversight than vendors.

D.

When an organization discloses data to a vendor, the terms of the vendor’ privacy notice prevail over the organization’ privacy notice.

Expert Solution
Questions # 55:

SCENARIO

Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.

You also recall a recent visit to the Records Storage Section, often termed “The Dungeon” in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.

Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system?

Options:

A.

Asymmetric Encryption

B.

Symmetric Encryption

C.

Obfuscation

D.

Hashing

Expert Solution
Questions # 56:

Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

Options:

A.

Phishing emails.

B.

Denial of service.

C.

Brute-force attacks.

D.

Social engineering.

Expert Solution
Questions # 57:

In order to prevent others from identifying an individual within a data set, privacy engineers use a cryptographically-secure hashing algorithm. Use of hashes in this way illustrates the privacy tactic known as what?

Options:

A.

Isolation.

B.

Obfuscation.

C.

Perturbation.

D.

Stripping.

Expert Solution
Questions # 58:

What is a mistake organizations make when establishing privacy settings during the development of applications?

Options:

A.

Providing a user with too many choices.

B.

Failing to use "Do Not Track” technology.

C.

Providing a user with too much third-party information.

D.

Failing to get explicit consent from a user on the use of cookies.

Expert Solution
Questions # 59:

Which activity should the privacy technologist undertake to reduce potential privacy risk when evaluating options to process data in a country other than where it would be collected? ^

Options:

A.

Review the Data Life Cycle.

B.

Review data retention policies.

C.

Create enterprise data flow diagrams.

D.

Recommend controls for data transfers.

Expert Solution
Questions # 60:

SCENARIO

It should be the most secure location housing data in all of Europe, if not the world. The Global Finance Data Collective (GFDC) stores financial information and other types of client data from large banks, insurance companies, multinational corporations and governmental agencies. After a long climb on a mountain road that leads only to the facility, you arrive at the security booth. Your credentials are checked and checked again by the guard to visually verify that you are the person pictured on your passport and national identification card. You are led down a long corridor with server rooms on each side, secured by combination locks built into the doors. You climb a flight of stairs and are led into an office that is lighted brilliantly by skylights where the GFDC Director of Security, Dr. Monique Batch, greets you. On the far wall you notice a bank of video screens showing different rooms in the facility. At the far end, several screens show different sections of the road up the mountain

Dr. Batch explains once again your mission. As a data security auditor and consultant, it is a dream assignment: The GFDC does not want simply adequate controls, but the best and most effective security that current technologies allow.

“We were hacked twice last year,” Dr. Batch says, “and although only a small number of records were stolen, the bad press impacted our business. Our clients count on us to provide security that is nothing short of impenetrable and to do so quietly. We hope to never make the news again.” She notes that it is also essential that the facility is in compliance with all relevant security regulations and standards.

You have been asked to verify compliance as well as to evaluate all current security controls and security measures, including data encryption methods, authentication controls and the safest methods for transferring data into and out of the facility. As you prepare to begin your analysis, you find yourself considering an intriguing question: Can these people be sure that I am who I say I am?

You are shown to the office made available to you and are provided with system login information, including the name of the wireless network and a wireless key. Still pondering, you attempt to pull up the facility's wireless network, but no networks appear in the wireless list. When you search for the wireless network by name, however it is readily found.

Why would you recommend that GFC use record encryption rather than disk, file or table encryption?

Options:

A.

Record encryption is asymmetric, a stronger control measure.

B.

Record encryption is granular, limiting the damage of potential breaches.

C.

Record encryption involves tag masking, so its metadata cannot be decrypted

D.

Record encryption allows for encryption of personal data only.

Expert Solution
Viewing page 6 out of 7 pages
Viewing questions 51-60 out of questions