ExamGecko
Login
Home / IAPP / CIPT / List of questions
Ask Question

IAPP CIPT Practice Test - Questions Answers, Page 13

Add to Whishlist

List of questions

Question 121

Report Export Collapse

Properly configured databases and well-written website codes are the best protection against what online threat?

Pharming.

Pharming.

SQL injection.

SQL injection.

Malware execution.

Malware execution.

System modification.

System modification.

Suggested answer: B
asked 22/11/2024
Raja Tarazi
46 questions

Question 122

Report Export Collapse

A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.

After her review, the privacy engineer recommends setting certain capture fields as "nonmandatory".

Setting which of the following fields as "non-mandatory" would be the best example of the principle of data minimization?

The contact phone number field.

The contact phone number field.

The company address and name.

The company address and name.

The contact name and email address.

The contact name and email address.

The company bank account detail field.

The company bank account detail field.

Suggested answer: B
asked 22/11/2024
rayan rayanalbanna
48 questions

Question 123

Report Export Collapse

What Privacy by Design (PbD) element should include a de-identification or deletion plan?

Categorization.

Categorization.

Remediation.

Remediation.

Retention.

Retention.

Security

Security

Suggested answer: C
asked 22/11/2024
DHANANJAY TIWARI
36 questions

Question 124

Report Export Collapse

Which of the following would be the best method of ensuring that Information Technology projects follow Privacy by Design (PbD) principles?

Develop a technical privacy framework that integrates with the development lifecycle.

Develop a technical privacy framework that integrates with the development lifecycle.

Utilize Privacy Enhancing Technologies (PETs) as a part of product risk assessment and management.

Utilize Privacy Enhancing Technologies (PETs) as a part of product risk assessment and management.

Identify the privacy requirements as a part of the Privacy Impact Assessment (PIA) process during development and evaluation stages.

Identify the privacy requirements as a part of the Privacy Impact Assessment (PIA) process during development and evaluation stages.

Develop training programs that aid the developers in understanding how to turn privacy requirements into actionable code and design level specifications.

Develop training programs that aid the developers in understanding how to turn privacy requirements into actionable code and design level specifications.

Suggested answer: D
asked 22/11/2024
Tony Minjarez
47 questions

Question 125

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

What is the best way to ensure that the application only collects personal data that is needed to fulfill its primary purpose of providing potential medical and healthcare recommendations?

Obtain consent before using personal health information for data analytics purposes.

Obtain consent before using personal health information for data analytics purposes.

Provide the user with an option to select which personal data the application may collect.

Provide the user with an option to select which personal data the application may collect.

Disclose what personal data the application the collecting in the company Privacy Policy posted online.

Disclose what personal data the application the collecting in the company Privacy Policy posted online.

Document each personal category collected by the app and ensure it maps to an app function or feature.

Document each personal category collected by the app and ensure it maps to an app function or feature.

Suggested answer: D
Explanation:

By documenting each personal data category collected by the app and ensuring that it maps to an app function or feature, Light Blue Health can help ensure that only necessary data is collected. This can help prevent over-collection of personal data and increase transparency about how user data is used.

asked 22/11/2024
Franjo Tomurad
34 questions

Question 126

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) for the new Light Blue Health application currently in development. Which of the following best describes a risk that is likely to result in a privacy breach?

Limiting access to the app to authorized personnel.

Limiting access to the app to authorized personnel.

Including non-transparent policies, terms and conditions in the app.

Including non-transparent policies, terms and conditions in the app.

Insufficiently deleting personal data after an account reaches its retention period.

Insufficiently deleting personal data after an account reaches its retention period.

Not encrypting the health record when it is transferred to the Light Blue Health servers.

Not encrypting the health record when it is transferred to the Light Blue Health servers.

Suggested answer: D
Explanation:

Not encrypting health records when they are transferred to Light Blue Health servers can leave sensitive personal information vulnerable to interception and unauthorized access. This could result in a privacy breach if an attacker were able to access this unencrypted data.

asked 22/11/2024
john rosselot
44 questions

Question 127

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

Regarding the app, which action is an example of a decisional interference violation?

The app asks income level to determine the treatment of care.

The app asks income level to determine the treatment of care.

The app sells aggregated data to an advertising company without prior consent.

The app sells aggregated data to an advertising company without prior consent.

The app has a pop-up ad requesting sign-up for a pharmaceutical company newsletter.

The app has a pop-up ad requesting sign-up for a pharmaceutical company newsletter.

The app asks questions during account set-up to disclose family medical history that is not necessary for the treatment of the individual's symptoms.

The app asks questions during account set-up to disclose family medical history that is not necessary for the treatment of the individual's symptoms.

Suggested answer: A
Explanation:

Asking for income level to determine treatment of care could be considered decisional interference because it could influence or interfere with an individual's ability to make decisions about their own healthcare. This type of information may not be necessary for providing medical recommendations and could potentially lead to discrimination or unequal treatment.

asked 22/11/2024
Sunil Reddy
41 questions

Question 128

Report Export Collapse

SCENARIO

Please use the following to answer the next question:

Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.

The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app.

The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.

LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.

The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.

What is the best way to minimize the risk of an exposure violation through the use of the app?

Prevent the downloading of photos stored in the app.

Prevent the downloading of photos stored in the app.

Dissociate the patient health data from the personal data.

Dissociate the patient health data from the personal data.

Exclude the collection of personal information from the health record.

Exclude the collection of personal information from the health record.

Create a policy to prevent combining data with external data sources.

Create a policy to prevent combining data with external data sources.

Suggested answer: B
Explanation:

By dissociating patient health data from personal data, Light Blue Health can help reduce the risk of an exposure violation. This can help prevent sensitive health information from being linked to an individual's identity and reduce the potential harm that could result from a privacy breach.

asked 22/11/2024
fabio josca
41 questions

Question 129

Report Export Collapse

Not updating software for a system that processes human resources data with the latest security patches may create what?

Authentication issues.

Authentication issues.

Privacy vulnerabilities.

Privacy vulnerabilities.

Privacy threat vectors.

Privacy threat vectors.

Reportable privacy violations.

Reportable privacy violations.

Suggested answer: B
asked 22/11/2024
Nicola Grossi
45 questions

Question 130

Report Export Collapse

When should code audits be concluded?

At code check-in time.

At code check-in time.

At engineering design time.

At engineering design time.

While code is being sent to production.

While code is being sent to production.

Before launch after all code for a feature is complete.

Before launch after all code for a feature is complete.

Suggested answer: D
asked 22/11/2024
Ellee Chen
46 questions
Total 220 questions
Go to page: of 22
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

SCENARIO Please use the following to answer the next question: Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client's office to perform an onsite review of the client's operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client's office. The car rental agreement was electronically signed by Chuck and included his name, address, driver's license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file. Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine. After reviewing the incident through the AMP Payment Resources' web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental. What is the strongest method for authenticating Chuck's identity prior to allowing access to his violation information through the AMP Payment Resources web portal?
SCENARIO WebTracker Limited is a cloud-based online marketing service located in London. Last year, WebTracker migrated its IT infrastructure to the cloud provider AmaZure, which provides SQL Databases and Artificial Intelligence services to WebTracker. The roles and responsibilities between the two companies have been formalized in a standard contract, which includes allocating the role of data controller to WebTracker. The CEO of WebTracker, Mr. Bond, would like to assess the effectiveness of AmaZure's privacy controls, and he recently decided to hire you as an independent auditor. The scope of the engagement is limited only to the marketing services provided by WebTracker, you will not be evaluating any internal data processing activity, such as HR or Payroll. This ad-hoc audit was triggered due to a future partnership between WebTracker and SmartHome — a partnership that will not require any data sharing. SmartHome is based in the USA, and most recently has dedicated substantial resources to developing smart refrigerators that can suggest the recommended daily calorie intake based on DNA information. This and other personal data is collected by WebTracker. To get an idea of the scope of work involved, you have decided to start reviewing the company's documentation and interviewing key staff to understand potential privacy risks. The results of this initial work include the following notes: There are several typos in the current privacy notice of WebTracker, and you were not able to find the privacy notice for SmartHome. You were unable to identify all the sub-processors working for SmartHome. No subcontractor is indicated in the cloud agreement with AmaZure, which is responsible for the support and maintenance of the cloud infrastructure. There are data flows representing personal data being collected from the internal employees of WebTracker, including an interface from the HR system. Part of the DNA data collected by WebTracker was from employees, as this was a prototype approved by the CEO of WebTracker. All the WebTracker and SmartHome customers are based in USA and Canada. Based on the initial assessment and review of the available data flows, which of the following would be the most important privacy risk you should investigate first?
What Privacy by Design (PbD) element should include a de-identification or deletion plan?
Value Sensitive Design (VSD) focuses on which of the following?
What is the best way to protect privacy on a geographic information system (GIS)?
What has been identified as a significant privacy concern with chatbots?
An organization is launching a new smart speaker to the market. The device will have the capability to play music and provide news and weather updates. Which of the following would be a concern from a privacy perspective?
What has been found to undermine the public key infrastructure system?
What must be done to destroy data stored on "write once read many" (WORM) media?
Which of these is considered an ethical dark pattern on privacy?