Practice Free CIPT Exam Online Questions
A user who owns a resource wants to give other individuals access to the resource.
What control would apply?
- A . Mandatory access control.
- B . Role-based access controls.
- C . Discretionary access control.
- D . Context of authority controls.
An organization is launching a smart watch which, in addition to alerts, will notify the the wearer of incoming calls allowing them to answer on the device. This convenience also comes with privacy concerns and is an example of?
- A . Value-Sensitive Design.
- B . Ubiquitous computing.
- C . Anthropomorphism.
- D . Coupling
B
Explanation:
The smart watch that notifies the wearer of incoming calls and allows them to answer on the device is an example of ubiquitous computing. Ubiquitous computing refers to the integration of computing processes into everyday objects and activities, creating an environment where technology is seamlessly embedded and always accessible. While this increases convenience, it also raises privacy concerns as it often involves continuous data collection and processing. (Reference: IAPP CIPT Study Guide, Chapter on Emerging Technologies and Privacy)
SCENARIO
Please use the following to answer the next question:
Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client’s office to perform an onsite review of the client’s operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client’s office. The car rental agreement was electronically signed by Chuck and included his name, address, driver’s license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources’ web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
What is the strongest method for authenticating Chuck’s identity prior to allowing access to his violation information through the AMP Payment Resources web portal?
- A . By requiring Chuck use the last 4 digits of his driver’s license number in combination with a unique PIN provided within the violation notice.
- B . By requiring Chuck use his credit card number in combination with the last 4 digits of his driver’s license.
- C . By requiring Chuck use the rental agreement number in combination with his email address.
- D . By requiring Chuck to call AMP Payment Resources directly and provide his date of birth and home address.
Which is NOT a way to validate a person’s identity?
- A . Swiping a smartcard into an electronic reader.
- B . Using a program that creates random passwords.
- C . Answering a question about "something you know”.
- D . Selecting a picture and tracing a unique pattern on it
What can be used to determine the type of data in storage without exposing its contents?
- A . Collection records.
- B . Data mapping.
- C . Server logs.
- D . Metadata.
How should the sharing of information within an organization be documented?
- A . With a binding contract.
- B . With a data fow diagram.
- C . With a disclosure statement.
- D . With a memorandum of agreement.
SCENARIO
Please use the following to answer the next question:
Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client’s office to perform an onsite review of the client’s operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client’s office. The car rental agreement was electronically signed by Chuck and included his name, address, driver’s license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources’ web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
How can Finley Motors reduce the risk associated with transferring Chuck’s personal information to AMP Payment Resources?
- A . By providing only the minimum necessary data to process the violation notice and masking all other information prior to transfer.
- B . By requesting AMP Payment Resources delete unnecessary datasets and only utilize what is necessary to process the violation notice.
- C . By obfuscating the minimum necessary data to process the violation notice and require AMP Payment Resources to secure store the personal information.
- D . By transferring all information to separate datafiles and requiring AMP Payment Resources to combine the datasets during processing of the violation notice.
A computer user navigates to a page on the Internet. The privacy notice pops up and the user clicks the box to accept cookies, then continues to scroll the page to read the Information displayed. This is an example of which type of consent?
- A . Explicit.
- B . Implicit.
- C . Specific
- D . Valid.
B
Explanation:
The scenario where a user clicks to accept cookies and then continues to scroll the page is an example of implicit consent. Implicit consent refers to consent that is inferred from a user’s actions rather than explicitly stated. In this case, the user’s action of clicking to accept cookies and continuing to use the site implies their agreement to the terms outlined in the privacy notice. (Reference: IAPP CIPT Study Guide, Chapter on Consent Mechanisms)
Which of these actions is NOT generally part of the responsibility of an IT or software engineer?
- A . Providing feedback on privacy policies.
- B . Implementing multi-factor authentication.
- C . Certifying compliance with security and privacy law.
- D . Building privacy controls into the organization’s IT systems or software.
A sensitive biometrics authentication system is particularly susceptible to?
- A . False positives.
- B . False negatives.
- C . Slow recognition speeds.
- D . Theft of finely individualized personal data.