IAPP cipt practice test

Certified Information Privacy Technologist Exam

Last exam update: Jul 13 ,2024
Page 1 out of 10. Viewing questions 1-15 out of 146

Question 1

Which of the following is an example of drone “swarming”?

  • A. A drone filming a cyclist from above as he rides.
  • B. A drone flying over a building site to gather data.
  • C. Drones delivering retailers’ packages to private homes.
  • D. Drones communicating with each other to perform a search and rescue.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 2

What is an Access Control List?

  • A. A list of steps necessary for an individual to access a resource.
  • B. A list that indicates the type of permission granted to each individual.
  • C. A list showing the resources that an individual has permission to access.
  • D. A list of individuals who have had their access privileges to a resource revoked.
Mark Question:
Answer:

C

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 3

Which is likely to reduce the types of access controls needed within an organization?

  • A. Decentralization of data.
  • B. Regular data inventories.
  • C. Standardization of technology.
  • D. Increased number of remote employees.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 4

Organizations understand there are aggregation risks associated with the way the process their
customers dat
a. They typically include the details of this aggregation risk in a privacy notice and ask that all
customers acknowledge they understand these risks and consent to the processing.
What type of risk response does this notice and consent represent?

  • A. Risk transfer.
  • B. Risk mitigation.
  • C. Risk avoidance.
  • D. Risk acceptance.
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 5

What risk is mitigated when routing video traffic through a companys application servers, rather
than sending the video traffic directly from one user to another?

  • A. The user is protected against phishing attacks.
  • B. The user’s identity is protected from the other user.
  • C. The user’s approximate physical location is hidden from the other user.
  • D. The user is assured that stronger authentication methods have been used.
Mark Question:
Answer:

B

User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 6

In day to day interactions with technology, consumers are presented with privacy choices. Which of
the following best represents the Privacy by Design (PbD) methodology of letting the user choose a
non-zero-sum choice?

  • A. Using images, words, and contexts to elicit positive feelings that result in proactive behavior, thus eliminating negativity and biases.
  • B. Providing plain-language design choices that elicit privacy-related responses, helping users avoid errors and minimize the negative consequences of errors when they do occur.
  • C. Displaying the percentage of users that chose a particular option, thus enabling the user to choose the most preferred option.
  • D. Using contexts, antecedent events, and other priming concepts to assist the user in making a better privacy choice.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 7

Which of the following would be the most appropriate solution for preventing privacy violations
related to information exposure through an error message?

  • A. Configuring the environment to use shorter error messages.
  • B. Handing exceptions internally and not displaying errors to the user.
  • C. Creating default error pages or error messages which do not include variable data.
  • D. Logging the session name and necessary parameters once the error occurs to enable trouble shooting.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 8

What logs should an application server retain in order to prevent phishing attacks while minimizing
data retention?

  • A. Limited-retention, de-identified logs including only metadata.
  • B. Limited-retention, de-identified logs including the links clicked in messages as well as metadata.
  • C. Limited-retention logs including the identity of parties sending and receiving messages as well as metadata.
  • D. Limited-retention logs including the links clicked in messages, the identity of parties sending and receiving them, as well as metadata.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 9

Which of the following modes of interaction often target both people who personally know and are
strangers to the attacker?

  • A. Spam.
  • B. Phishing.
  • C. Unsolicited sexual imagery.
  • D. Consensually-shared sexual imagery.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 10

A company seeking to hire engineers in Silicon Valley ran an ad campaign targeting women in a
specific age range who live in the San Francisco Bay Area.
Which Calo objective privacy harm is likely to result from this campaign?

  • A. Lost opportunity.
  • B. Economic loss.
  • C. Loss of liberty.
  • D. Social detriment.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 11

What privacy risk is NOT mitigated by the use of encrypted computation to target and serve online
ads?

  • A. The ad being served to the user may not be relevant.
  • B. The user’s sensitive personal information is used to display targeted ads.
  • C. The personal information used to target ads can be discerned by the server.
  • D. The user’s information can be leaked to an advertiser through weak de-identification techniques.
Mark Question:
Answer:

D

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 12

When analyzing user data, how is differential privacy applied?

  • A. By injecting noise into aggregated datasets.
  • B. By assessing differences between datasets.
  • C. By applying asymmetric encryption to datasets.
  • D. By removing personal identifiers from datasets.
Mark Question:
Answer:

A

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 13

Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit
card payment systems and bypassed security controls of a United States-based retailer with malware
that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection
software installed to prevent against such an attack.
Which of the following would best explain why the retailers consumer data was still exfiltrated?

  • A. The detection software alerted the retailers security operations center per protocol, but the information security personnel failed to act upon the alerts.
  • B. The U.S Department of Justice informed the retailer of the security breach on Dec. 12th, but the retailer took three days to confirm the breach and eradicate the malware.
  • C. The IT systems and security measures utilized by the retailers third-party vendors were in compliance with industry standards, but their credentials were stolen by black hat hackers who then entered the retailers system.
  • D. The retailers network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.
Mark Question:
Answer:

B

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 14

Which of the following is the least effective privacy preserving practice in the Systems Development
Life Cycle (SDLC)?

  • A. Conducting privacy threat modeling for the use-case.
  • B. Following secure and privacy coding standards in the development.
  • C. Developing data flow modeling to identify sources and destinations of sensitive data.
  • D. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000

Question 15

Which of the following functionalities can meet some of the General Data Protection Regulation’s
(GDPR’s) Data Portability requirements for a social networking app designed for users in the EU?

  • A. Allow users to modify the data they provided the app.
  • B. Allow users to delete the content they provided the app.
  • C. Allow users to download the content they have provided the app.
  • D. Allow users to get a time-stamped list of what they have provided the app.
Mark Question:
Answer:

C

User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
vote your answer:
A
B
C
D
0 / 1000
To page 2