PDF Only
$35.00 Free Updates Upto 90 Days
- CIPT Dumps PDF
- 214 Questions
- Updated On November 18, 2024
PDF + Test Engine
$60.00 Free Updates Upto 90 Days
- CIPT Question Answers
- 214 Questions
- Updated On November 18, 2024
Test Engine
$50.00 Free Updates Upto 90 Days
- CIPT Practice Questions
- 214 Questions
- Updated On November 18, 2024
How to pass IAPP CIPT exam with the help of dumps?
DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest IAPP CIPT Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.
How Do I Know IAPP CIPT Dumps are Worth it?
Did we mention our latest CIPT Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.
You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just IAPP Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!
IT Students Are Using our Certified Information Privacy Technologist Dumps Worldwide!
It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using Certified Information Privacy Technologist Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.
How to Get CIPT Real Exam Dumps?
Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CIPT exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!
Frequently Asked Questions
Question # 1
How should the sharing of information within an organization be documented?
A. With a binding contract.
B. With a data flow diagram.
C. With a disclosure statement.
D. With a memorandum of agreement.
Question # 2
What risk is mitigated when routing video traffic through a company’s application servers,rather than sending the video traffic directly from one user to another?
A. The user is protected against phishing attacks.
B. The user’s identity is protected from the other user.
C. The user’s approximate physical location is hidden from the other user.
D. The user is assured that stronger authentication methods have been used.
Question # 3
During a transport layer security (TLS) session, what happens immediately after the webbrowser creates a random PreMasterSecret?
A. The server decrypts the PremasterSecret.
B. The web browser opens a TLS connection to the PremasterSecret.
C. The web browser encrypts the PremasterSecret with the server's public key.
D. The server and client use the same algorithm to convert the PremasterSecret into anencryption key.
Question # 4
SCENARIOCarol was a U.S.-based glassmaker who sold her work at art festivals. She kept thingssimple by only accepting cash and personal checks.As business grew, Carol couldn't keep up with demand, and traveling to festivals becameburdensome. Carol opened a small boutique and hired Sam to run it while she worked inthe studio. Sam was a natural salesperson, and business doubled. Carol told Sam, “I don'tknow what you are doing, but keep doing it!"But months later, the gift shop was in chaos. Carol realized that Sam needed help so shehired Jane, who had business expertise and could handle the back-office tasks. Sam wouldcontinue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisancraft business, and then scheduled a meeting for the three of them to discuss Jane's firstimpressions.At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared forwhat Jane had to say. “Carol, I know that he doesn't realize it, but some of Sam’s efforts toincrease sales have put you in a vulnerable position. You are not protecting customers’personal information like you should.”Sam said, “I am protecting our information. I keep it in the safe with our bank deposit. It'sonly a list of customers’ names, addresses and phone numbers that I get from their checksbefore I deposit them. I contact them when you finish a piece that I think they would like.That's the only information I have! The only other thing I do is post photos and informationabout your work on the photo sharing site that I use with family and friends. I provide myemail address and people send me their information if they want to see more of your work.Posting online really helps sales, Carol. In fact, the only complaint I hear is about having tocome into the shop to make a purchase.”Carol replied, “Jane, that doesn’t sound so bad. Could you just fix things and help us topost even more online?"‘I can," said Jane. “But it's not quite that simple. I need to set up a new program to makesure that we follow the best practices in data management. And I am concerned for ourcustomers. They should be able to manage how we use their personal information. Wealso should develop a social media strategy.”Sam and Jane worked hard during the following year. One of the decisions they made wasto contract with an outside vendor to manage online sales. At the end of the year, Carolshared some exciting news. “Sam and Jane, you have done such a great job that one ofthe biggest names in the glass business wants to buy us out! And Jane, they want to talk toyou about merging all of our customer and vendor information with theirs beforehand."When initially collecting personal information from customers, what should Jane be guidedby?
A. Onward transfer rules.
B. Digital rights management.
C. Data minimization principles.
D. Vendor management principles
Question # 5
SCENARIOPlease use the following to answer next question:EnsureClaim is developing a mobile app platform for managing data used for assessing caraccident insurance claims. Individuals use the app to take pictures at the crash site,eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hostingprovider to store data collected by the app. EnsureClaim customer service employees alsoreceive and review app data before sharing with insurance claim adjusters.The app collects the following information:First and last nameDate of birth (DOB)Mailing addressEmail addressCar VIN numberCar modelLicense plateInsurance card numberPhotoVehicle diagnosticsGeolocationWhat IT architecture would be most appropriate for this mobile platform?
A. Peer-to-peer architecture.
B. Client-server architecture.
C. Plug-in-based architecture.
D. Service-oriented architecture.
Question # 6
What must be used in conjunction with disk encryption?
A. Increased CPU speed.
B. A strong password.
C. A digital signature.
D. Export controls.
Question # 7
Which of the following are the mandatory pieces of information to be included in thedocumentation of records of processing activities for an organization that processespersonal data on behalf of another organization?
A. Copies of the consent forms from each data subject.
B. Time limits for erasure of different categories of data.
C. Contact details of the processor and Data Protection Offer (DPO).
D. Descriptions of the processing activities and relevant data subjects.
Question # 8
SCENARIOYou have just been hired by Ancillary.com, a seller of accessories for everything under thesun, including waterproof stickers for pool floats and decorative bands and cases forsunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hangingair fresheners for homes and automobiles, book ends, kitchen implements, visors andshields for computer screens, passport holders, gardening tools and lawn ornaments, andcatalogs full of health and beauty products. The list seems endless. As the CEO likes tosay, Ancillary offers, without doubt, the widest assortment of low-price consumer productsfrom a single company anywhere.Ancillary's operations are similarly diverse. The company originated with a team of salesconsultants selling home and beauty products at small parties in the homes of customers,and this base business is still thriving. However, the company now sells online throughretail sites designated for industries and demographics, sites such as “My Cool Ride" forautomobile-related products or “Zoomer” for gear aimed toward young adults. Thecompany organization includes a plethora of divisions, units and outrigger operations, asAncillary has been built along a decentered model rewarding individual initiative andflexibility, while also acquiring key assets. The retail sites seem to all function differently,and you wonder about their compliance with regulations and industry standards. Providingtech support to these sites is also a challenge, partly due to a variety of logins andauthentication protocols.You have been asked to lead three important new projects at Ancillary:The first is the personal data management and security component of a multi-facetedinitiative to unify the company’s culture. For this project, you are considering using a seriesof third- party servers to provide company data and approved applications to employees.The second project involves providing point of sales technology for the home sales force,allowing them to move beyond paper checks and manual credit card imprinting.Finally, you are charged with developing privacy protections for a single web store housingall the company’s product lines as well as products from affiliates. This new omnibus sitewill be known, aptly, as “Under the Sun.” The Director of Marketing wants the site not onlyto sell Ancillary’s products, but to link to additional products from other retailers throughpaid advertisements. You need to brief the executive team of security concerns posed bythis approach.Which should be used to allow the home sales force to accept payments usingsmartphones?
A. Field transfer protocol.
B. Cross-current translation.
C. Near-field communication
D. Radio Frequency Identification
Question # 9
In order to prevent others from identifying an individual within a data set, privacy engineersuse a cryptographically-secure hashing algorithm. Use of hashes in this way illustrates theprivacy tactic known as what?
A. Isolation.
B. Obfuscation.
C. Perturbation.
D. Stripping.
Question # 10
Which of the following entities would most likely be exempt from complying with theGeneral Data Protection Regulation (GDPR)?
A. A South American company that regularly collects European customers’ personal data.
B. A company that stores all customer data in Australia and is headquartered in aEuropean Union (EU) member state.
C. A Chinese company that has opened a satellite office in a European Union (EU)member state to service European customers.
D. A North American company servicing customers in South Africa that uses a cloudstorage system made by a European company.
Question # 11
SCENARIOKyle is a new security compliance manager who will be responsible for coordinating andexecuting controls to ensure compliance with the company's information security policy andindustry standards. Kyle is also new to the company, where collaboration is a core value.On his first day of new-hire orientation, Kyle's schedule included participating in meetingsand observing work in the IT and compliance departments.Kyle spent the morning in the IT department, where the CIO welcomed him and explainedthat her department was responsible for IT governance. The CIO and Kyle engaged in aconversation about the importance of identifying meaningful IT governance metrics.Following their conversation, the CIO introduced Kyle to Ted and Barney. Ted isimplementing a plan to encrypt data at the transportation level of the organization'swireless network. Kyle would need to get up to speed on the project and suggest ways tomonitor effectiveness once the implementation was complete. Barney explained that hisshort-term goals are to establish rules governing where data can be placed and to minimizethe use of offline data storage.Kyle spent the afternoon with Jill, a compliance specialist, and learned that she wasexploring an initiative for a compliance program to follow self-regulatory privacy principles.Thanks to a recent internship, Kyle had some experience in this area and knew where Jillcould find some support. Jill also shared results of the company’s privacy risk assessment,noting that the secondary use of personal information was considered a high risk.By the end of the day, Kyle was very excited about his new job and his new company. Infact, he learned about an open position for someone with strong qualifications andexperience with access privileges, project standards board approval processes, andapplication-level obligations, and couldn’t wait to recommend his friend Ben who would beperfect for the job.Ted's implementation is most likely a response to what incident?
A. Encryption keys were previously unavailable to the organization's cloud storage host.
B. Signatureless advanced malware was detected at multiple points on the organization'snetworks.
C. Cyber criminals accessed proprietary data by running automated authentication attackson the organization's network.
D. Confidential information discussed during a strategic teleconference was intercepted bythe organization's top competitor.
Question # 12
Which of the following suggests the greatest degree of transparency?
A. A privacy disclosure statement clearly articulates general purposes for collection
B. The data subject has multiple opportunities to opt-out after collection has occurred.
C. A privacy notice accommodates broadly defined future collections for new products.
D. After reading the privacy notice, a data subject confidently infers how her information willbe used.
Question # 13
What is the term for information provided to a social network by a member?
A. Profile data.
B. Declared data.
C. Personal choice data.
D. Identifier information.
Question # 14
What tactic does pharming use to achieve its goal?
A. It modifies the user's Hosts file.
B. It encrypts files on a user's computer.
C. It creates a false display advertisement.
D. It generates a malicious instant message.
Question # 15
SCENARIOPlease use the following to answer next question:EnsureClaim is developing a mobile app platform for managing data used for assessing caraccident insurance claims. Individuals use the app to take pictures at the crash site,eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hostingprovider to store data collected by the app. EnsureClaim customer service employees alsoreceive and review app data before sharing with insurance claim adjusters.The app collects the following information:First and last nameDate of birth (DOB)Mailing addressEmail addressCar VIN numberCar modelLicense plateInsurance card numberPhotoVehicle diagnosticsGeolocationWhat would be the best way to supervise the third-party systems the EnsureClaim App willshare data with?
A. Review the privacy notices for each third-party that the app will share personal data withto determine adequate privacy and data protection controls are in place.
B. Conduct a security and privacy review before onboarding new vendors that collectpersonal data from the app.
C. Anonymize all personal data collected by the app before sharing any data with thirdparties.
D. Develop policies and procedures that outline how data is shared with third-party apps.
Question # 16
Which is the most accurate type of biometrics?
A. DNA
B. Voiceprint.
C. Fingerprint.
D. Facial recognition.
Question # 17
Which of the following most embodies the principle of Data Protection by Default?
A. A messaging app for high school students that uses HTTPS to communicate with theserver.
B. An electronic teddy bear with built-in voice recognition that only responds to its owner'svoice.
C. An internet forum for victims of domestic violence that allows anonymous posts withoutregistration.
D. A website that has an opt-in form for marketing emails when registering to download awhitepaper.
Question # 18
SCENARIOYou have just been hired by Ancillary.com, a seller of accessories for everything under thesun, including waterproof stickers for pool floats and decorative bands and cases forsunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hangingair fresheners for homes and automobiles, book ends, kitchen implements, visors andshields for computer screens, passport holders, gardening tools and lawn ornaments, andcatalogs full of health and beauty products. The list seems endless. As the CEO likes tosay, Ancillary offers, without doubt, the widest assortment of low-price consumer productsfrom a single company anywhere.Ancillary's operations are similarly diverse. The company originated with a team of salesconsultants selling home and beauty products at small parties in the homes of customers,and this base business is still thriving. However, the company now sells online throughretail sites designated for industries and demographics, sites such as “My Cool Ride" forautomobile-related products or “Zoomer” for gear aimed toward young adults. Thecompany organization includes a plethora of divisions, units and outrigger operations, asAncillary has been built along a decentered model rewarding individual initiative andflexibility, while also acquiring key assets. The retail sites seem to all function differently,and you wonder about their compliance with regulations and industry standards. Providingtech support to these sites is also a challenge, partly due to a variety of logins andauthentication protocols.You have been asked to lead three important new projects at Ancillary:The first is the personal data management and security component of a multi-facetedinitiative to unify the company’s culture. For this project, you are considering using a seriesof third- party servers to provide company data and approved applications to employees.The second project involves providing point of sales technology for the home sales force,allowing them to move beyond paper checks and manual credit card imprinting.Finally, you are charged with developing privacy protections for a single web store housingall the company’s product lines as well as products from affiliates. This new omnibus sitewill be known, aptly, as “Under the Sun.” The Director of Marketing wants the site not onlyto sell Ancillary’s products, but to link to additional products from other retailers throughpaid advertisements. You need to brief the executive team of security concerns posed bythis approach.What technology is under consideration in the first project in this scenario?
A. Server driven controls.
B. Cloud computing
C. Data on demand
D. MAC filtering
Question # 19
Which is NOT a drawback to using a biometric recognition system?
A. It can require more maintenance and support.
B. It can be more expensive than other systems
C. It has limited compatibility across systems.
D. It is difficult for people to use.
Question # 20
A privacy engineer has been asked to review an online account login page. He finds there is no limitation on the number of invalid login attempts a user can make when logging into their online account.What would be the best recommendation to minimize the potential privacy risk from this weakness?
A. Implement a CAPTCHA system.
B. Develop server-side input validation checks.
C. Enforce strong password and account credentials.
D. Implement strong Transport Layer Security (TLS) to ensure an encrypted link.
Question # 21
A company seeking to hire engineers in Silicon Valley ran an ad campaign targetingwomen in a specific age range who live in the San Francisco Bay Area.Which Calo objective privacy harm is likely to result from this campaign?
A. Lost opportunity.
B. Economic loss.
C. Loss of liberty.
D. Social detriment.
Question # 22
What is typically NOT performed by sophisticated Access Management (AM) techniques?
A. Restricting access to data based on location.
B. Restricting access to data based on user role.
C. Preventing certain types of devices from accessing data.
D. Preventing data from being placed in unprotected storage.
Question # 23
What is the main benefit of using a private cloud?
A. The ability to use a backup system for personal files.
B. The ability to outsource data support to a third party.
C. The ability to restrict data access to employees and contractors.
D. The ability to cut costs for storing, maintaining, and accessing data.
Question # 24
Which is NOT a suitable method for assuring the quality of data collected by a third-partycompany?
A. Verifying the accuracy of the data by contacting users.
B. Validating the company’s data collection procedures.
C. Introducing erroneous data to see if its detected.
D. Tracking changes to data through auditing.
Question # 25
Which of these actions is NOT generally part of the responsibility of an IT or softwareengineer?
A. Providing feedback on privacy policies.
B. Implementing multi-factor authentication.
C. Certifying compliance with security and privacy law.
D. Building privacy controls into the organization’s IT systems or software.
Question # 26
SCENARIOIt should be the most secure location housing data in all of Europe, if not the world. TheGlobal Finance Data Collective (GFDC) stores financial information and other types ofclient data from large banks, insurance companies, multinational corporations andgovernmental agencies. After a long climb on a mountain road that leads only to the facility,you arrive at the security booth. Your credentials are checked and checked again by theguard to visually verify that you are the person pictured on your passport and nationalidentification card. You are led down a long corridor with server rooms on each side,secured by combination locks built into the doors. You climb a flight of stairs and are ledinto an office that is lighted brilliantly by skylights where the GFDC Director of Security, Dr.Monique Batch, greets you. On the far wall you notice a bank of video screens showingdifferent rooms in the facility. At the far end, several screens show different sections of theroad up the mountainDr. Batch explains once again your mission. As a data security auditor and consultant, it isa dream assignment: The GFDC does not want simply adequate controls, but the best andmost effective security that current technologies allow.“We were hacked twice last year,” Dr. Batch says, “and although only a small number ofrecords were stolen, the bad press impacted our business. Our clients count on us toprovide security that is nothing short of impenetrable and to do so quietly. We hope tonever make the news again.” She notes that it is also essential that the facility is incompliance with all relevant security regulations and standards.You have been asked to verify compliance as well as to evaluate all current securitycontrols and security measures, including data encryption methods, authentication controlsand the safest methods for transferring data into and out of the facility. As you prepare tobegin your analysis, you find yourself considering an intriguing question: Can these peoplebe sure that I am who I say I am?You are shown to the office made available to you and are provided with system logininformation, including the name of the wireless network and a wireless key. Still pondering,you attempt to pull up the facility's wireless network, but no networks appear in the wirelesslist. When you search for the wireless network by name, however it is readily found.What measures can protect client information stored at GFDC?
A. De-linking of data into client-specific packets.
B. Cloud-based applications.
C. Server-side controls.
D. Data pruning
Question # 27
What is the best way to protect privacy on a geographic information system (GIS)?
A. Limiting the data provided to the system.
B. Using a wireless encryption protocol.
C. Scrambling location information.
D. Using a firewall.
Question # 28
What is a mistake organizations make when establishing privacy settings during thedevelopment of applications?
A. Providing a user with too many choices.
B. Failing to use "Do Not Track” technology.
C. Providing a user with too much third-party information.
D. Failing to get explicit consent from a user on the use of cookies.
Question # 29
What can be used to determine the type of data in storage without exposing its contents?
A. Collection records.
B. Data mapping.
C. Server logs.
D. Metadata.
Question # 30
Which activity would best support the principle of data quality?
A. Providing notice to the data subject regarding any change in the purpose for collectingsuch data.
B. Ensuring that the number of teams processing personal information is limited.
C. Delivering information in a format that the data subject understands.
D. Ensuring that information remains accurate.
Question # 31
SCENARIOPlease use the following to answer the next question:Jordan just joined a fitness-tracker start-up based in California, USA, as its first InformationPrivacy and Security Officer. The company is quickly growing its business but does not sellany of the fitness trackers itself. Instead, it relies on a distribution network of third-partyretailers in all major countries. Despite not having any stores, the company has a 78%market share in the EU. It has a website presenting the company and products, and amember section where customers can access their information. Only the email addressand physical address need to be provided as part of the registration process in order tocustomize the site to the user’s region and country. There is also a newsletter sent everymonth to all members featuring fitness tips, nutrition advice, product spotlights from partnercompanies based on user behavior and preferences.Jordan says the General Data Protection Regulation (GDPR) does not apply to thecompany. He says the company is not established in the EU, nor does it have a processorin the region. Furthermore, it does not do any “offering goods or services” in the EU since itdoes not do any marketing there, nor sell to consumers directly. Jordan argues that it is thecustomers who chose to buy the products on their own initiative and there is no “offering”from the company.The fitness trackers incorporate advanced features such as sleep tracking, GPS tracking,heart rate monitoring. wireless syncing, calorie-counting and step-tracking. The watch mustbe paired with either a smartphone or a computer in order to collect data on sleep levels,heart rates, etc. All information from the device must be sent to the company’s servers inorder to be processed, and then the results are sent to the smartphone or computer.Jordan argues that there is no personal information involved since the company does notcollect banking or social security information.Why is Jordan’s claim that the company does not collect personal information as identifiedby the GDPR inaccurate?
A. The potential customers must browse for products online.
B. The fitness trackers capture sleep and heart rate data to monitor an individual’sbehavior.
C. The website collects the customers’ and users’ region and country information.
D. The customers must pair their fitness trackers to either smartphones or computers.
Question # 32
Which of the following is the best method to minimize tracking through the use of cookies?
A. Use ‘private browsing’ mode and delete checked files, clear cookies and cache once aday.
B. Install a commercially available third-party application on top of the browser that isalready installed.
C. Install and use a web browser that is advertised as ‘built specifically to safeguard userprivacy’.
D. Manage settings in the browser to limit the use of cookies and remove them once thesession completes.
Question # 33
When should code audits be concluded?
A. At code check-in time.
B. At engineering design time.
C. While code is being sent to production.
D. Before launch after all code for a feature is complete.
Question # 34
What privacy risk is NOT mitigated by the use of encrypted computation to target and serveonline ads?
A. The ad being served to the user may not be relevant.
B. The user’s sensitive personal information is used to display targeted ads.
C. The personal information used to target ads can be discerned by the server.
D. The user’s information can be leaked to an advertiser through weak de-identificationtechniques.
Question # 35
A credit card with the last few numbers visible is an example of what?
A. Masking data
B. Synthetic data
C. Sighting controls.
D. Partial encryption
Question # 36
Organizations understand there are aggregation risks associated with the way the processtheir customer’s data. They typically include the details of this aggregation risk in a privacynotice and ask that all customers acknowledge they understand these risks and consent tothe processing.What type of risk response does this notice and consent represent?
A. Risk transfer.
B. Risk mitigation.
C. Risk avoidance.
D. Risk acceptance.
Question # 37
Which of the following functionalities can meet some of the General Data ProtectionRegulation’s (GDPR’s) Data Portability requirements for a social networking app designedfor users in the EU?
A. Allow users to modify the data they provided the app.
B. Allow users to delete the content they provided the app.
C. Allow users to download the content they have provided the app.
D. Allow users to get a time-stamped list of what they have provided the app.
Question # 38
When releasing aggregates, what must be performed to magnitude data to ensure privacy?
A. Value swapping.
B. Noise addition.
C. Basic rounding.
D. Top coding.
Question # 39
Revocation and reissuing of compromised credentials is impossible for which of thefollowing authentication techniques?
A. Biometric data.
B. Picture passwords.
C. Personal identification number.
D. Radio frequency identification.
Question # 40
Which of the following CANNOT be effectively determined during a code audit?
A. Whether access control logic is recommended in all cases.
B. Whether data is being incorrectly shared with a third-party.
C. Whether consent is durably recorded in the case of a server crash.
D. Whether the differential privacy implementation correctly anonymizes data.
Question # 41
SCENARIOTom looked forward to starting his new position with a U.S —based automobile leasingcompany (New Company), now operating in 32 states. New Company was recently formedthrough the merger of two prominent players, one from the eastern region (East Company)and one from the western region (West Company). Tom, a Certified Information PrivacyTechnologist (CIPT), is New Company's first Information Privacy and Security Officer. Hemet today with Dick from East Company, and Harry, from West Company. Dick and Harryare veteran senior information privacy and security professionals at their respectivecompanies, and continue to lead the east and west divisions of New Company. Thepurpose of the meeting was to conduct a SWOT(strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOTanalysis conclusions are summarized below.Dick was enthusiastic about an opportunity for the New Company to reduce costs andincrease computing power and flexibility through cloud services. East Company had beencontemplating moving to the cloud, but West Company already had a vendor that wasproviding it with software-as-a-service (SaaS). Dick was looking forward to extending thisservice to the eastern region. Harry noted that this was a threat as well, because WestCompany had to rely on the third party to protect its data.Tom mentioned that neither of the legacy companies had sufficient data storage space tomeet the projected growth of New Company, which he saw as a weakness. Tom statedthat one of the team's first projects would be to construct a consolidated New Companydata warehouse. Tom would personally lead this project and would be held accountable ifinformation was modified during transmission to or during storage in the new datawarehouse.Tom, Dick and Harry agreed that employee network access could be considered both astrength and a weakness. East Company and West Company had strong performancerecords in this regard; both had robust network access controls that were working asdesigned. However, during a projected year-long transition period, New Companyemployees would need to be able to connect to a New Company network while retainingaccess to the East Company and West Company networks.Which statement is correct about addressing New Company stakeholders’ expectations forprivacy?
A. New Company should expect consumers to read the company’s privacy policy.
B. New Company should manage stakeholder expectations for privacy even when thestakeholders‘ data is not held by New Company.
C. New Company would best meet consumer expectations for privacy by adhering to legalrequirements.
D. New Company's commitment to stakeholders ends when the stakeholders’ data leavesNew Company.
Question # 42
What is the goal of privacy enhancing technologies (PETS) like multiparty computation anddifferential privacy?
A. To facilitate audits of third party vendors.
B. To protect sensitive data while maintaining its utility.
C. To standardize privacy activities across organizational groups.
D. To protect the security perimeter and the data items themselves.
Question # 43
SCENARIOPlease use the following to answer next question:EnsureClaim is developing a mobile app platform for managing data used for assessing caraccident insurance claims. Individuals use the app to take pictures at the crash site,eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hostingprovider to store data collected by the app. EnsureClaim customer service employees alsoreceive and review app data before sharing with insurance claim adjusters.The app collects the following information:First and last nameDate of birth (DOB)Mailing addressEmail addressCar VIN numberCar modelLicense plateInsurance card numberPhotoVehicle diagnosticsGeolocationAll of the following technical measures can be implemented by EnsureClaim to protectpersonal information that is accessible by third-parties EXCEPT?
A. Encryption.
B. Access Controls.
C. De-identification.
D. Multi-factor authentication.
Leave a comment
Your email address will not be published. Required fields are marked *