ExamGecko
Search Search Login
Home Home / IAPP / CIPT

IAPP CIPT Practice Test - Questions Answers, Page 13

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A computer user navigates to a page on the Internet. The privacy notice pops up and the user clicks the box to accept cookies, then continues to scroll the page to read the Information displayed. This is an example of which type of consent?
How does browser fingerprinting compromise privacy?
An organization needs to be able to manipulate highly sensitive personal information without revealing the contents of the data to the users. The organization should investigate the use of?
SCENARIO Please use the following to answer the next questions: Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure only necessary data is captured, users are presented with a privacy notice, and they are asked to give consent before data is shared. Users can update their consent after logging into an account, through a dedicated privacy and consent hub. This is accessible through the 'Settings' icon from any app page, then clicking 'My Preferences', and selecting 'Information Sharing and Consent' where the following choices are displayed: • "I consent to receive notifications and infection alerts"; • "I consent to receive information on additional features or services, and new products"; • "I consent to sharing only my risk result and location information, for exposure and contact tracing purposes"; • "I consent to share my data for medical research purposes"; and • "I consent to share my data with healthcare providers affiliated to the company". For each choice, an ON* or OFF tab is available The default setting is ON for all Users purchase a virus screening service for USS29 99 for themselves or others using the app The virus screening service works as follows: • Step 1 A photo of the user's face is taken. • Step 2 The user measures their temperature and adds the reading in the app • Step 3 The user is asked to read sentences so that a voice analysis can detect symptoms • Step 4 The user is asked to answer questions on known symptoms • Step 5 The user can input information on family members (name date of birth, citizenship, home address, phone number, email and relationship).) The results are displayed as one of the following risk status "Low. "Medium" or "High" if the user is deemed at "Medium " or "High" risk an alert may be sent to other users and the user is Invited to seek a medical consultation and diagnostic from a healthcare provider. A user's risk status also feeds a world map for contact tracing purposes, where users are able to check if they have been or are in dose proximity of an infected person If a user has come in contact with another individual classified as "medium' or 'high' risk an instant notification also alerts the user of this. The app collects location trails of every user to monitor locations visited by an infected individual Location is collected using the phone's GPS functionary, whether the app is in use or not however, the exact location of the user is "blurred' for privacy reasons Users can only see on the map circles Which of the following is likely to be the most important issue with the choices presented in the 'Information Sharing and Consent' pages?
A clinical research organization is processing highly sensitive personal data, including numerical attributes, from medical trial results. The organization needs to manipulate the data without revealing the contents to data users. This can be achieved by utilizing?
Which of the following is a stage in the data life cycle?
Value sensitive design focuses on which of the following?
An individual drives to the grocery store for dinner. When she arrives at the store, she receives several unsolicited notifications on her phone about discounts on items at the grocery store she is about to shop at. Which type of privacy problem does the represent?
What is an Access Control List?
When should code audits be concluded?

Question 121

Report
Export
Collapse

Properly configured databases and well-written website codes are the best protection against what online threat?

A.

Pharming.

A.

Pharming.

Answers
B.

SQL injection.

B.

SQL injection.

Answers
C.

Malware execution.

C.

Malware execution.

Answers
D.

System modification.

D.

System modification.

Answers
Suggested answer: B

Question 122

Report
Export
Collapse

A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.

After her review, the privacy engineer recommends setting certain capture fields as "nonmandatory".

Setting which of the following fields as "non-mandatory" would be the best example of the principle of data minimization?

A.

The contact phone number field.

A.

The contact phone number field.

Answers
B.

The company address and name.

B.

The company address and name.

Answers
C.

The contact name and email address.

C.

The contact name and email address.

Answers
D.

The company bank account detail field.

D.

The company bank account detail field.

Answers
Suggested answer: B

Question 123

Report
Export
Collapse

What Privacy by Design (PbD) element should include a de-identification or deletion plan?

A.

Categorization.

A.

Categorization.

Answers
B.

Remediation.

B.

Remediation.

Answers
C.

Retention.

C.

Retention.

Answers
D.

Security

D.

Security

Answers
Suggested answer: C

Question 124

Report
Export
Collapse

Which of the following would be the best method of ensuring that Information Technology projects follow Privacy by Design (PbD) principles?

A.

Develop a technical privacy framework that integrates with the development lifecycle.

A.

Develop a technical privacy framework that integrates with the development lifecycle.

Answers
B.

Utilize Privacy Enhancing Technologies (PETs) as a part of product risk assessment and management.

B.

Utilize Privacy Enhancing Technologies (PETs) as a part of product risk assessment and management.

Answers
C.

Identify the privacy requirements as a part of the Privacy Impact Assessment (PIA) process during development and evaluation stages.

C.

Identify the privacy requirements as a part of the Privacy Impact Assessment (PIA) process during development and evaluation stages.

Answers
D.

Develop training programs that aid the developers in understanding how to turn privacy requirements into actionable code and design level specifications.

D.

Develop training programs that aid the developers in understanding how to turn privacy requirements into actionable code and design level specifications.

Answers
Suggested answer: D

Question 125

Report
Export
Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

What is the best way to ensure that the application only collects personal data that is needed to fulfill its primary purpose of providing potential medical and healthcare recommendations?

A.

Obtain consent before using personal health information for data analytics purposes.

A.

Obtain consent before using personal health information for data analytics purposes.

Answers
B.

Provide the user with an option to select which personal data the application may collect.

B.

Provide the user with an option to select which personal data the application may collect.

Answers
C.

Disclose what personal data the application the collecting in the company Privacy Policy posted online.

C.

Disclose what personal data the application the collecting in the company Privacy Policy posted online.

Answers
D.

Document each personal category collected by the app and ensure it maps to an app function or feature.

D.

Document each personal category collected by the app and ensure it maps to an app function or feature.

Answers
Suggested answer: D

Explanation:

By documenting each personal data category collected by the app and ensuring that it maps to an app function or feature, Light Blue Health can help ensure that only necessary data is collected. This can help prevent over-collection of personal data and increase transparency about how user data is used.

Question 126

Report
Export
Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) for the new Light Blue Health application currently in development. Which of the following best describes a risk that is likely to result in a privacy breach?

A.

Limiting access to the app to authorized personnel.

A.

Limiting access to the app to authorized personnel.

Answers
B.

Including non-transparent policies, terms and conditions in the app.

B.

Including non-transparent policies, terms and conditions in the app.

Answers
C.

Insufficiently deleting personal data after an account reaches its retention period.

C.

Insufficiently deleting personal data after an account reaches its retention period.

Answers
D.

Not encrypting the health record when it is transferred to the Light Blue Health servers.

D.

Not encrypting the health record when it is transferred to the Light Blue Health servers.

Answers
Suggested answer: D

Explanation:

Not encrypting health records when they are transferred to Light Blue Health servers can leave sensitive personal information vulnerable to interception and unauthorized access. This could result in a privacy breach if an attacker were able to access this unencrypted data.

Question 127

Report
Export
Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

Regarding the app, which action is an example of a decisional interference violation?

A.

The app asks income level to determine the treatment of care.

A.

The app asks income level to determine the treatment of care.

Answers
B.

The app sells aggregated data to an advertising company without prior consent.

B.

The app sells aggregated data to an advertising company without prior consent.

Answers
C.

The app has a pop-up ad requesting sign-up for a pharmaceutical company newsletter.

C.

The app has a pop-up ad requesting sign-up for a pharmaceutical company newsletter.

Answers
D.

The app asks questions during account set-up to disclose family medical history that is not necessary for the treatment of the individual's symptoms.

D.

The app asks questions during account set-up to disclose family medical history that is not necessary for the treatment of the individual's symptoms.

Answers
Suggested answer: A

Explanation:

Asking for income level to determine treatment of care could be considered decisional interference because it could influence or interfere with an individual's ability to make decisions about their own healthcare. This type of information may not be necessary for providing medical recommendations and could potentially lead to discrimination or unequal treatment.

Question 128

Report
Export
Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

What is the best way to minimize the risk of an exposure violation through the use of the app?

A.

Prevent the downloading of photos stored in the app.

A.

Prevent the downloading of photos stored in the app.

Answers
B.

Dissociate the patient health data from the personal data.

B.

Dissociate the patient health data from the personal data.

Answers
C.

Exclude the collection of personal information from the health record.

C.

Exclude the collection of personal information from the health record.

Answers
D.

Create a policy to prevent combining data with external data sources.

D.

Create a policy to prevent combining data with external data sources.

Answers
Suggested answer: B

Explanation:

By dissociating patient health data from personal data, Light Blue Health can help reduce the risk of an exposure violation. This can help prevent sensitive health information from being linked to an individual's identity and reduce the potential harm that could result from a privacy breach.

Question 129

Report
Export
Collapse

Not updating software for a system that processes human resources data with the latest security patches may create what?

A.

Authentication issues.

A.

Authentication issues.

Answers
B.

Privacy vulnerabilities.

B.

Privacy vulnerabilities.

Answers
C.

Privacy threat vectors.

C.

Privacy threat vectors.

Answers
D.

Reportable privacy violations.

D.

Reportable privacy violations.

Answers
Suggested answer: B

Question 130

Report
Export
Collapse

When should code audits be concluded?

A.

At code check-in time.

A.

At code check-in time.

Answers
B.

At engineering design time.

B.

At engineering design time.

Answers
C.

While code is being sent to production.

C.

While code is being sent to production.

Answers
D.

Before launch after all code for a feature is complete.

D.

Before launch after all code for a feature is complete.

Answers
Suggested answer: D
Total 220 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms