ExamGecko
Search Search Login
Home Home / IAPP / CIPT

IAPP CIPT Practice Test - Questions Answers, Page 16

Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A computer user navigates to a page on the Internet. The privacy notice pops up and the user clicks the box to accept cookies, then continues to scroll the page to read the Information displayed. This is an example of which type of consent?
How does browser fingerprinting compromise privacy?
An organization needs to be able to manipulate highly sensitive personal information without revealing the contents of the data to the users. The organization should investigate the use of?
SCENARIO Please use the following to answer the next questions: Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure only necessary data is captured, users are presented with a privacy notice, and they are asked to give consent before data is shared. Users can update their consent after logging into an account, through a dedicated privacy and consent hub. This is accessible through the 'Settings' icon from any app page, then clicking 'My Preferences', and selecting 'Information Sharing and Consent' where the following choices are displayed: • "I consent to receive notifications and infection alerts"; • "I consent to receive information on additional features or services, and new products"; • "I consent to sharing only my risk result and location information, for exposure and contact tracing purposes"; • "I consent to share my data for medical research purposes"; and • "I consent to share my data with healthcare providers affiliated to the company". For each choice, an ON* or OFF tab is available The default setting is ON for all Users purchase a virus screening service for USS29 99 for themselves or others using the app The virus screening service works as follows: • Step 1 A photo of the user's face is taken. • Step 2 The user measures their temperature and adds the reading in the app • Step 3 The user is asked to read sentences so that a voice analysis can detect symptoms • Step 4 The user is asked to answer questions on known symptoms • Step 5 The user can input information on family members (name date of birth, citizenship, home address, phone number, email and relationship).) The results are displayed as one of the following risk status "Low. "Medium" or "High" if the user is deemed at "Medium " or "High" risk an alert may be sent to other users and the user is Invited to seek a medical consultation and diagnostic from a healthcare provider. A user's risk status also feeds a world map for contact tracing purposes, where users are able to check if they have been or are in dose proximity of an infected person If a user has come in contact with another individual classified as "medium' or 'high' risk an instant notification also alerts the user of this. The app collects location trails of every user to monitor locations visited by an infected individual Location is collected using the phone's GPS functionary, whether the app is in use or not however, the exact location of the user is "blurred' for privacy reasons Users can only see on the map circles Which of the following is likely to be the most important issue with the choices presented in the 'Information Sharing and Consent' pages?
A clinical research organization is processing highly sensitive personal data, including numerical attributes, from medical trial results. The organization needs to manipulate the data without revealing the contents to data users. This can be achieved by utilizing?
Which of the following is a stage in the data life cycle?
Value sensitive design focuses on which of the following?
An individual drives to the grocery store for dinner. When she arrives at the store, she receives several unsolicited notifications on her phone about discounts on items at the grocery store she is about to shop at. Which type of privacy problem does the represent?
What is an Access Control List?
When should code audits be concluded?

Question 151

Report
Export
Collapse

Which of the following would be an example of an "objective" privacy harm to an individual?

A.

Receiving spam following the sale an of email address.

A.

Receiving spam following the sale an of email address.

Answers
B.

Negative feelings derived from government surveillance.

B.

Negative feelings derived from government surveillance.

Answers
C.

Social media profile views indicating unexpected interest in a person.

C.

Social media profile views indicating unexpected interest in a person.

Answers
D.

Inaccuracies in personal data.

D.

Inaccuracies in personal data.

Answers
Suggested answer: D

Explanation:

Inaccuracies in personal data would be an example of an "objective" privacy harm to an individual.

This is because inaccuracies in personal data can lead to incorrect decisions being made about an individual, which can have negative consequences for the individual.

Question 152

Report
Export
Collapse

Value sensitive design focuses on which of the following?

A.

Quality and benefit.

A.

Quality and benefit.

Answers
B.

Ethics and morality.

B.

Ethics and morality.

Answers
C.

Confidentiality and integrity.

C.

Confidentiality and integrity.

Answers
D.

Consent and human rights.

D.

Consent and human rights.

Answers
Suggested answer: B

Explanation:

Value sensitive design (VSD) is a theoretically grounded approach to the design of technology that accounts for human values in a principled and comprehensive manner1. It brings human values to the forefront of the technical design process2.

Question 153

Report
Export
Collapse

Which of the following is most important to provide to the data subject before the collection phase of the data lifecycle?

A.

Privacy Notice.

A.

Privacy Notice.

Answers
B.

Disclosure Policy.

B.

Disclosure Policy.

Answers
C.

Consent Request.

C.

Consent Request.

Answers
D.

Data Protection Policy.

D.

Data Protection Policy.

Answers
Suggested answer: A

Explanation:

A Privacy Notice is important to provide to data subjects before collecting their personal data because it informs them about how their data will be used, who it will be shared with, how long it will be kept for, etc.

Question 154

Report
Export
Collapse

Which of the following is a stage in the data life cycle?

A.

Data classification.

A.

Data classification.

Answers
B.

Data inventory.

B.

Data inventory.

Answers
C.

Data masking.

C.

Data masking.

Answers
D.

Data retention.

D.

Data retention.

Answers
Suggested answer: D

Explanation:

The stages in a typical data lifecycle include creation/collection, processing, storage/retention, usage/access/sharing/distribution, archival/preservation and destruction/deletion/disposition 3.

Among these options provided here only "Data retention" is a stage in this cycle.

Question 155

Report
Export
Collapse

An organization must terminate their cloud vendor agreement immediately. What is the most secure way to delete the encrypted data stored in the cloud?

A.

Transfer the data to another location.

A.

Transfer the data to another location.

Answers
B.

Invoke the appropriate deletion clause in the cloud terms and conditions.

B.

Invoke the appropriate deletion clause in the cloud terms and conditions.

Answers
C.

Obtain a destruction certificate from the cloud vendor.

C.

Obtain a destruction certificate from the cloud vendor.

Answers
D.

Destroy all encryption keys associated with the data.

D.

Destroy all encryption keys associated with the data.

Answers
Suggested answer: D

Explanation:

Destroying all encryption keys associated with encrypted data stored on a cloud server would make that encrypted data inaccessible even if it still exists on that server 4.

Question 156

Report
Export
Collapse

A BaaS provider backs up the corporate data and stores it in an outsider provider under contract with the organization. A researcher notifies the organization that he found unsecured data in the cloud.

The organization looked into the issue and realized $ne of its backups was misconfigured on the outside provider's cloud and the data fully exposed to the open internet. They quickly secured the backup. Which is the best next step the organization should take?

A.

Review the content of the data exposed.

A.

Review the content of the data exposed.

Answers
B.

Review its contract with the outside provider.

B.

Review its contract with the outside provider.

Answers
C.

Investigate how the researcher discovered the unsecured data.

C.

Investigate how the researcher discovered the unsecured data.

Answers
D.

Investigate using alternate BaaS providers or on-premise backup systems.

D.

Investigate using alternate BaaS providers or on-premise backup systems.

Answers
Suggested answer: B

Explanation:

The best next step the organization should take is to review its contract with the outside provider.

This will help the organization to identify the responsibilities of the outside provider and the organization in the event of a data breach.

Question 157

Report
Export
Collapse

When writing security policies, the most important consideration is to?

A.

Require all employees to read and acknowledge their understanding.

A.

Require all employees to read and acknowledge their understanding.

Answers
B.

Ensure they are based on the organization's risk profile.

B.

Ensure they are based on the organization's risk profile.

Answers
C.

Ensure they cover enough details for common situations.

C.

Ensure they cover enough details for common situations.

Answers
D.

Follow industry best practices.

D.

Follow industry best practices.

Answers
Suggested answer: B

Question 158

Report
Export
Collapse

In terms of data extraction, which of the following should NOT be considered by a privacy technologist in relation to data portability?

A.

The size of the data.

A.

The size of the data.

Answers
B.

The format of the data.

B.

The format of the data.

Answers
C.

The range of the data.

C.

The range of the data.

Answers
D.

The medium of the data.

D.

The medium of the data.

Answers
Suggested answer: D

Explanation:

The medium of the data. Data portability refers to an individual's right to receive their personal data in a structured and commonly used format so that they can transfer it to another service provider.

The size (A), format (B), and range © of the data are all relevant considerations when extracting data for portability purposes. However, the medium of the data is not relevant in this context.

Question 159

Report
Export
Collapse

Which activity should the privacy technologist undertake to reduce potential privacy risk when evaluating options to process data in a country other than where it would be collected?

^

A.

Review the Data Life Cycle.

A.

Review the Data Life Cycle.

Answers
B.

Review data retention policies.

B.

Review data retention policies.

Answers
C.

Create enterprise data flow diagrams.

C.

Create enterprise data flow diagrams.

Answers
D.

Recommend controls for data transfers.

D.

Recommend controls for data transfers.

Answers
Suggested answer: D

Question 160

Report
Export
Collapse

Information classification helps an organization protect confidential and nonpublic information primarily because?

A.

It helps identify sensitive and critical information that require very strict safeguards.

A.

It helps identify sensitive and critical information that require very strict safeguards.

Answers
B.

It falls under the security principles of confidentiality, integrity, and availability.

B.

It falls under the security principles of confidentiality, integrity, and availability.

Answers
C.

It promotes employee accountability for safeguarding confidential information.

C.

It promotes employee accountability for safeguarding confidential information.

Answers
D.

It is legally required under most regulations.

D.

It is legally required under most regulations.

Answers
Suggested answer: A

Explanation:

Information classification helps an organization protect confidential and nonpublic information primarily because it helps identify sensitive and critical information that require very strict safeguards.

Total 220 questions
Go to page: of 22
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms