Practice Free CIPT Exam Online Questions
When designing a new system, which of the following is a privacy threat that the privacy technologist should consider?
- A . Encryption.
- B . Social distancing.
- C . Social engineering.
- D . Identity and Access Management.
C
Explanation:
Threat Identification: Social engineering involves manipulating individuals into divulging
confidential or personal information that may be used for fraudulent purposes.
System Design: When designing a new system, it is crucial to consider the risk of social engineering as it can lead to unauthorized access and data breaches.
Mitigation Strategies: Implementing strong authentication processes, training employees on recognizing social engineering attacks, and incorporating regular security awareness programs.
Reference: IAPP CIPT Study Guide, Chapter on Threats to Privacy and Data Security.
Which of the following is a vulnerability of a sensitive biometrics authentication system?
- A . Theft of finely individualized personal data.
- B . Slow recognition speeds.
- C . False negatives.
- D . False positives.
Which of the following entities would most likely be exempt from complying with the General Data Protection Regulation (GDPR)?
- A . A South American company that regularly collects European customers’ personal data.
- B . A company that stores all customer data in Australia and is headquartered in a European Union (EU) member state.
- C . A Chinese company that has opened a satellite office in a European Union (EU) member state to service European customers.
- D . A North American company servicing customers in South Africa that uses a cloud storage system made by a European company.
Data oriented strategies Include which of the following?
- A . Minimize. Separate, Abstract, Hide.
- B . Inform, Control, Enforce, Demonstrate.
- C . Encryption, Hashing, Obfuscation, Randomization.
- D . Consent. Contract, Legal Obligation, Legitimate interests.
A
Explanation:
Data-oriented strategies aim to protect data through various methods. The strategies listed under "Minimize, Separate, Abstract, Hide" are focused on reducing the amount of data collected (Minimize), ensuring data is kept separate to avoid unintended access (Separate), abstracting data to limit exposure (Abstract), and hiding data to keep it concealed from unauthorized users (Hide). These strategies help in enhancing data privacy and security by applying principles of data minimization and access control. (Reference: IAPP CIPT Study Guide, Chapter on Data Protection Strategies and Techniques)
Which of the following would best improve an organization’ s system of limiting data use?
- A . Implementing digital rights management technology.
- B . Confirming implied consent for any secondary use of data.
- C . Applying audit trails to resources to monitor company personnel.
- D . Instituting a system of user authentication for company personnel.
What is the main benefit of using dummy data during software testing?
- A . The data comes in a format convenient for testing.
- B . Statistical disclosure controls are applied to the data.
- C . The data enables the suppression of particular values in a set.
- D . Developers do not need special privacy training to test the software.
Which is NOT a suitable method for assuring the quality of data collected by a third-party company?
- A . Verifying the accuracy of the data by contacting users.
- B . Validating the company’s data collection procedures.
- C . Introducing erroneous data to see if its detected.
- D . Tracking changes to data through auditing.
What is an Access Control List?
- A . A list of steps necessary for an individual to access a resource.
- B . A list that indicates the type of permission granted to each individual.
- C . A list showing the resources that an individual has permission to access.
- D . A list of individuals who have had their access privileges to a resource revoked.
In the realm of artificial intelligence, how has deep learning enabled greater implementation of machine learning?
- A . By using hand-coded classifiers like edge detection filters so that a program can identify where an object starts and stops.
- B . By increasing the size of neural networks and running massive amounts of data through the network to train it.
- C . By using algorithmic approaches such as decision tree learning and inductive logic programming.
- D . By hand coding software routines with a specific set of instructions to accomplish a task.
An organization based in California, USA is implementing a new online helpdesk solution for recording customer call information. The organization considers the capture of personal data on the online helpdesk solution to be in the interest of the company in best servicing customer calls.
Before implementation, a privacy technologist should conduct which of the following?
- A . A Data Protection Impact Assessment (DPIA) and consultation with the appropriate regulator to ensure legal compliance.
- B . A privacy risk and impact assessment to evaluate potential risks from the proposed processing operations.
- C . A Legitimate Interest Assessment (LIA) to ensure that the processing is proportionate and does not override the privacy, rights and freedoms of the customers.
- D . A security assessment of the help desk solution and provider to assess if the technology was developed with a security by design approach.