Certified Information Privacy Technologist (CIPT) v1.0 (CIPT)

Page:    1 / 10   
Total 154 questions

What is the main reason the Do Not Track (DNT) header is not acknowledged by more companies?

  • A. Most web browsers incorporate the DNT feature.
  • B. The financial penalties for violating DNT guidelines are too high.
  • C. There is a lack of consensus about what the DNT header should mean.
  • D. It has been difficult to solve the technological challenges surrounding DNT.


Answer : C

Reference:
https://en.wikipedia.org/wiki/Do_Not_Track

Why is first-party web tracking very difficult to prevent?

  • A. The available tools to block tracking would break most sitesג€™ functionality.
  • B. Consumers enjoy the many benefits they receive from targeted advertising.
  • C. Regulatory frameworks are not concerned with web tracking.
  • D. Most browsers do not support automatic blocking.


Answer : D

Reference:
https://www.opentracker.net/article/third-party-cookies-vs-first-party-cookies

During a transport layer security (TLS) session, what happens immediately after the web browser creates a random PreMasterSecret?

  • A. The server decrypts the PremasterSecret.
  • B. The web browser opens a TLS connection to the PremasterSecret.
  • C. The web browser encrypts the PremasterSecret with the server's public key.
  • D. The server and client use the same algorithm to convert the PremasterSecret into an encryption key.


Answer : C

Reference:
https://books.google.com.pk/books?id=OaXise4B-p8C&pg=PA175&lpg=PA175&dq=iapp+During+a+transport+layer+security+(TLS)+session,+what
+happens+immediately+after+the+web+browser+creates+a+random
+PreMasterSecret&source=bl&ots=zR0RCfnx3c&sig=ACfU3U0bTOeOfPfcoq_Y95SZs6imKKilug&hl=en&sa=X&ved=2ahUKEwjkscDHpcbnAhUJuRoKHU5iC9cQ
6AEwCnoECAkQAQ#v=onepage&q=iapp%20During%20a%20transport%20layer%20security%20(TLS)%20session%2C%20what%20happens%20immediately%
20after%20the%20web%20browser%20creates%20a%20random%20PreMasterSecret&f=false

What is the main benefit of using a private cloud?

  • A. The ability to use a backup system for personal files.
  • B. The ability to outsource data support to a third party.
  • C. The ability to restrict data access to employees and contractors.
  • D. The ability to cut costs for storing, maintaining, and accessing data.


Answer : C

SCENARIO -
You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen implements, visors and shields for computer screens, passport holders, gardening tools and lawn ornaments, and catalogs full of health and beauty products. The list seems endless. As the CEO likes to say, Ancillary offers, without doubt, the widest assortment of low-price consumer products from a single company anywhere.
Ancillary's operations are similarly diverse. The company originated with a team of sales consultants selling home and beauty products at small parties in the homes of customers, and this base business is still thriving. However, the company now sells online through retail sites designated for industries and demographics, sites such as ג€My Cool Ride" for automobile-related products or ג€Zoomerג€ for gear aimed toward young adults. The company organization includes a plethora of divisions, units and outrigger operations, as Ancillary has been built along a decentered model rewarding individual initiative and flexibility, while also acquiring key assets. The retail sites seem to all function differently, and you wonder about their compliance with regulations and industry standards. Providing tech support to these sites is also a challenge, partly due to a variety of logins and authentication protocols.
You have been asked to lead three important new projects at Ancillary:
The first is the personal data management and security component of a multi-faceted initiative to unify the companyג€™s culture. For this project, you are considering using a series of third- party servers to provide company data and approved applications to employees.
The second project involves providing point of sales technology for the home sales force, allowing them to move beyond paper checks and manual credit card imprinting.
Finally, you are charged with developing privacy protections for a single web store housing all the companyג€™s product lines as well as products from affiliates. This new omnibus site will be known, aptly, as ג€Under the Sun.ג€ The Director of Marketing wants the site not only to sell Ancillaryג€™s products, but to link to additional products from other retailers through paid advertisements. You need to brief the executive team of security concerns posed by this approach.
If you are asked to advise on privacy concerns regarding paid advertisements, which is the most important aspect to cover?

  • A. Unseen web beacons that combine information on multiple users.
  • B. Latent keys that trigger malware when an advertisement is selected.
  • C. Personal information collected by cookies linked to the advertising network.
  • D. Sensitive information from Structured Query Language (SQL) commands that may be exposed.


Answer : C

SCENARIO -
You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen implements, visors and shields for computer screens, passport holders, gardening tools and lawn ornaments, and catalogs full of health and beauty products. The list seems endless. As the CEO likes to say, Ancillary offers, without doubt, the widest assortment of low-price consumer products from a single company anywhere.
Ancillary's operations are similarly diverse. The company originated with a team of sales consultants selling home and beauty products at small parties in the homes of customers, and this base business is still thriving. However, the company now sells online through retail sites designated for industries and demographics, sites such as ג€My Cool Ride" for automobile-related products or ג€Zoomerג€ for gear aimed toward young adults. The company organization includes a plethora of divisions, units and outrigger operations, as Ancillary has been built along a decentered model rewarding individual initiative and flexibility, while also acquiring key assets. The retail sites seem to all function differently, and you wonder about their compliance with regulations and industry standards. Providing tech support to these sites is also a challenge, partly due to a variety of logins and authentication protocols.
You have been asked to lead three important new projects at Ancillary:
The first is the personal data management and security component of a multi-faceted initiative to unify the companyג€™s culture. For this project, you are considering using a series of third- party servers to provide company data and approved applications to employees.
The second project involves providing point of sales technology for the home sales force, allowing them to move beyond paper checks and manual credit card imprinting.
Finally, you are charged with developing privacy protections for a single web store housing all the companyג€™s product lines as well as products from affiliates. This new omnibus site will be known, aptly, as ג€Under the Sun.ג€ The Director of Marketing wants the site not only to sell Ancillaryג€™s products, but to link to additional products from other retailers through paid advertisements. You need to brief the executive team of security concerns posed by this approach.
What technology is under consideration in the first project in this scenario?

  • A. Server driven controls.
  • B. Cloud computing
  • C. Data on demand
  • D. MAC filtering


Answer : A

SCENARIO -
You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen implements, visors and shields for computer screens, passport holders, gardening tools and lawn ornaments, and catalogs full of health and beauty products. The list seems endless. As the CEO likes to say, Ancillary offers, without doubt, the widest assortment of low-price consumer products from a single company anywhere.
Ancillary's operations are similarly diverse. The company originated with a team of sales consultants selling home and beauty products at small parties in the homes of customers, and this base business is still thriving. However, the company now sells online through retail sites designated for industries and demographics, sites such as ג€My Cool Ride" for automobile-related products or ג€Zoomerג€ for gear aimed toward young adults. The company organization includes a plethora of divisions, units and outrigger operations, as Ancillary has been built along a decentered model rewarding individual initiative and flexibility, while also acquiring key assets. The retail sites seem to all function differently, and you wonder about their compliance with regulations and industry standards. Providing tech support to these sites is also a challenge, partly due to a variety of logins and authentication protocols.
You have been asked to lead three important new projects at Ancillary:
The first is the personal data management and security component of a multi-faceted initiative to unify the companyג€™s culture. For this project, you are considering using a series of third- party servers to provide company data and approved applications to employees.
The second project involves providing point of sales technology for the home sales force, allowing them to move beyond paper checks and manual credit card imprinting.
Finally, you are charged with developing privacy protections for a single web store housing all the companyג€™s product lines as well as products from affiliates. This new omnibus site will be known, aptly, as ג€Under the Sun.ג€ The Director of Marketing wants the site not only to sell Ancillaryג€™s products, but to link to additional products from other retailers through paid advertisements. You need to brief the executive team of security concerns posed by this approach.
Which should be used to allow the home sales force to accept payments using smartphones?

  • A. Field transfer protocol.
  • B. Cross-current translation.
  • C. Near-field communication
  • D. Radio Frequency Identification


Answer : C

What is the best way to protect privacy on a geographic information system?

  • A. Limiting the data provided to the system.
  • B. Using a wireless encryption protocol.
  • C. Scrambling location information.
  • D. Using a firewall.


Answer : A

Reference:
https://www.researchgate.net/publication/2873114_Protecting_Personal_Privacy_in_Using_Geographic_Information_Systems

In the realm of artificial intelligence, how has deep learning enabled greater implementation of machine learning?

  • A. By using hand-coded classifiers like edge detection filters so that a program can identify where an object starts and stops.
  • B. By increasing the size of neural networks and running massive amounts of data through the network to train it.
  • C. By using algorithmic approaches such as decision tree learning and inductive logic programming.
  • D. By hand coding software routines with a specific set of instructions to accomplish a task.


Answer : B

Reference:
https://towardsdatascience.com/notes-on-artificial-intelligence-ai-machine-learning-ml-and-deep-learning-dl-for-56e51a2071c2

Which of the following is an example of the privacy risks associated with the Internet of Things (loT)?

  • A. A group of hackers infiltrate a power grid and cause a major blackout.
  • B. An insurance company raises a personג€™s rates based on driving habits gathered from a connected car.
  • C. A website stores a cookie on a user's hard drive so the website can recognize the user on subsequent visits.
  • D. A water district fines an individual after a meter reading reveals excess water use during drought conditions.


Answer : B

How can a hacker gain control of a smartphone to perform remote audio and video surveillance?

  • A. By performing cross-site scripting.
  • B. By installing a roving bug on the phone.
  • C. By manipulating geographic information systems.
  • D. By accessing a phone's global positioning system satellite signal.


Answer : B

SCENARIO -
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:


Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed
Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
In a business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues.
These vendors included Application developers and cloud solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
✑ A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
✑ A resource facing web interface that enables resources to apply and manage their assigned jobs.
✑ An online payment facility for customers to pay for services.
If Clean-Q were to utilize LeadOps' services, what is a contract clause that may be included in the agreement entered into with LeadOps?

  • A. A provision that holds LeadOps liable for a data breach involving Clean-Q's information.
  • B. A provision prescribing technical and organizational controls that LeadOps must implement.
  • C. A provision that requires LeadOps to notify Clean-Q of any suspected breaches of information that involves customer or resource information managed on behalf of Clean-Q.
  • D. A provision that allows Clean-Q to conduct audits of LeadOpsג€™ information processing and information security environment, at LeadOpsג€™ cost and at any time that Clean-Q requires.


Answer : D

SCENARIO -
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:


Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed
Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
In a business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues.
These vendors included Application developers and cloud solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
✑ A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
✑ A resource facing web interface that enables resources to apply and manage their assigned jobs.
✑ An online payment facility for customers to pay for services.
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?

  • A. Nothing at this stage as the Managing Director has made a decision.
  • B. Determine if any Clean-Q competitors currently use LeadOps as a solution.
  • C. Obtain a legal opinion from an external law firm on contracts management.
  • D. Involve the Information Security team to understand in more detail the types of services and solutions LeadOps is proposing.


Answer : D

SCENARIO -
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:


Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed
Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
In a business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues.
These vendors included Application developers and cloud solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
✑ A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
✑ A resource facing web interface that enables resources to apply and manage their assigned jobs.
✑ An online payment facility for customers to pay for services.
Which question would you most likely ask to gain more insight about LeadOps and provide practical privacy recommendations?

  • A. What is LeadOpsג€™ annual turnover?
  • B. How big is LeadOpsג€™ employee base?
  • C. Where are LeadOps' operations and hosting services located?
  • D. Does LeadOps practice agile development and maintenance of their system?


Answer : D

SCENARIO -
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:


Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed
Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
In a business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues.
These vendors included Application developers and cloud solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
✑ A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
✑ A resource facing web interface that enables resources to apply and manage their assigned jobs.
✑ An online payment facility for customers to pay for services.
What is a key consideration for assessing external service providers like LeadOps, which will conduct personal information processing operations on Clean-Q's behalf?

  • A. Understanding LeadOpsג€™ costing model.
  • B. Establishing a relationship with the Managing Director of LeadOps.
  • C. Recognizing the value of LeadOpsג€™ website holding a verified security certificate.
  • D. Obtaining knowledge of LeadOps' information handling practices and information security environment.


Answer : D

Page:    1 / 10   
Total 154 questions