• Home
  • Articles
  • Excellent CIPT Updated 2021 Dumps With 100% Exam Passing Guarantee [Q75-Q97]

Excellent CIPT Updated 2021 Dumps With 100% Exam Passing Guarantee [Q75-Q97]

Share

Excellent CIPT Updated 2021 Dumps With 100% Exam Passing Guarantee

Best way to practice test for IAPP CIPT

NEW QUESTION 75
Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack.
Which of the following would best explain why the retailer's consumer data was still exfiltrated?

  • A. The retailer's network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.
  • B. The IT systems and security measures utilized by the retailer's third-party vendors were in compliance with industry standards, but their credentials were stolen by black hat hackers who then entered the retailer's system.
  • C. The detection software alerted the retailer's security operations center per protocol, but the information security personnel failed to act upon the alerts.
  • D. The U.S Department of Justice informed the retailer of the security breach on Dec. 12th, but the retailer took three days to confirm the breach and eradicate the malware.

Answer: D

 

NEW QUESTION 76
What is true of providers of wireless technology?

  • A. They are typically exempt from data security regulations.
  • B. They routinely backup data that crosses their system.
  • C. They have the legal right in most countries to control and use any data on their systems.
  • D. They can see all unencrypted data that crosses the system.

Answer: C

 

NEW QUESTION 77
SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which regulation most likely applies to the data stored by Berry Country Regional Medical Center?

  • A. Health Insurance Portability and Accountability Act
  • B. The Health Records Act 2001
  • C. Personal Information Protection and Electronic Documents Act
  • D. The European Union Directive 95/46/EC

Answer: C

 

NEW QUESTION 78
What has been found to undermine the public key infrastructure system?

  • A. Inability to track abandoned keys.
  • B. Browsers missing a copy of the certificate authority's public key.
  • C. Disreputable certificate authorities.
  • D. Man-in-the-middle attacks.

Answer: D

 

NEW QUESTION 79
Which of the following suggests the greatest degree of transparency?

  • A. The data subject has multiple opportunities to opt-out after collection has occurred.
  • B. A privacy notice accommodates broadly defined future collections for new products.
  • C. A privacy disclosure statement clearly articulates general purposes for collection.
  • D. After reading the privacy notice, a data subject confidently infers how her information will be used.

Answer: C

 

NEW QUESTION 80
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?

  • A. Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks.
  • B. Developing data flow modeling to identify sources and destinations of sensitive data.
  • C. Following secure and privacy coding standards in the development.
  • D. Conducting privacy threat modeling for the use-case.

Answer: B

 

NEW QUESTION 81
What term describes two re-identifiable data sets that both come from the same unidentified individual?

  • A. Anonymous data.
  • B. Pseudonymous data.
  • C. Imprecise data.
  • D. Aggregated data.

Answer: A

Explanation:
Explanation/Reference: https://ico.org.uk/media/1061/anonymisation-code.pdf

 

NEW QUESTION 82
When releasing aggregates, what must be performed to magnitude data to ensure privacy?

  • A. Basic rounding.
  • B. Top coding.
  • C. Noise addition.
  • D. Value swapping.

Answer: C

 

NEW QUESTION 83
What must be used in conjunction with disk encryption?

  • A. Export controls.
  • B. Increased CPU speed.
  • C. A digital signature.
  • D. A strong password.

Answer: C

 

NEW QUESTION 84
Which of the following is an example of the privacy risks associated with the Internet of Things (loT)

  • A. A website stores a cookie on a user s hard drive so the website can recognize the user on subsequent visits.
  • B. A water district fines an individual after a meter reading reveals excess water use during drought conditions.
  • C. A group of hackers infiltrate a power grid and cause a major blackout.
  • D. An insurance company raises a person s rates based on driving habits gathered from a connected car.

Answer: C

 

NEW QUESTION 85
SCENARIO
WebTracker Limited is a cloud-based online marketing service located in London. Last year, WebTracker migrated its IT infrastructure to the cloud provider AmaZure, which provides SQL Databases and Artificial Intelligence services to WebTracker. The roles and responsibilities between the two companies have been formalized in a standard contract, which includes allocating the role of data controller to WebTracker.
The CEO of WebTracker, Mr. Bond, would like to assess the effectiveness of AmaZure's privacy controls, and he recently decided to hire you as an independent auditor. The scope of the engagement is limited only to the marketing services provided by WebTracker, you will not be evaluating any internal data processing activity, such as HR or Payroll.
This ad-hoc audit was triggered due to a future partnership between WebTracker and SmartHome - a partnership that will not require any data sharing. SmartHome is based in the USA, and most recently has dedicated substantial resources to developing smart refrigerators that can suggest the recommended daily calorie intake based on DNA information. This and other personal data is collected by WebTracker.
To get an idea of the scope of work involved, you have decided to start reviewing the company's documentation and interviewing key staff to understand potential privacy risks.
The results of this initial work include the following notes:
* There are several typos in the current privacy notice of WebTracker, and you were not able to find the privacy notice for SmartHome.
* You were unable to identify all the sub-processors working for SmartHome. No subcontractor is indicated in the cloud agreement with AmaZure, which is responsible for the support and maintenance of the cloud infrastructure.
* There are data flows representing personal data being collected from the internal employees of WebTracker, including an interface from the HR system.
* Part of the DNA data collected by WebTracker was from employees, as this was a prototype approved by the CEO of WebTracker.
* All the WebTracker and SmartHome customers are based in USA and Canada.
Which of the following issues is most likely to require an investigation by the Chief Privacy Officer (CPO) of WebTracker?

  • A. File Integrity Monitoring is being deployed in SQL servers, as indicated by the IT Architect Manager.
  • B. Data flows use encryption for data at rest, as defined by the IT manager.
  • C. Employees' personal data are being stored in a cloud HR system, as approved by the HR Manager.
  • D. AmaZure sends newsletter to WebTracker customers, as approved by the Marketing Manager.

Answer: D

 

NEW QUESTION 86
What was the first privacy framework to be developed?

  • A. OECD Privacy Principles.
  • B. Code of Fair Information Practice Principles (FIPPs).
  • C. The Asia-Pacific Economic Cooperation (APEC) Privacy Framework.
  • D. Generally Accepted Privacy Principles.

Answer: A

 

NEW QUESTION 87
How does k-anonymity help to protect privacy in micro data sets?

  • A. By switching values between records in order to preserve most statistics while still maintaining privacy.
  • B. By top-coding all age data above a value of "k."
  • C. By adding sufficient noise to the data in order to hide the impact of any one individual.
  • D. By ensuring that every record in a set is part of a group of "k" records having similar identifying information. .

Answer: A

 

NEW QUESTION 88
SCENARIO
Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only accepting cash and personal checks.
As business grew, Carol couldn't keep up with demand, and traveling to festivals became burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the studio. Sam was a natural salesperson, and business doubled. Carol told Sam, "I don't know what you are doing, but keep doing it!" But months later, the gift shop was in chaos. Carol realized that Sam needed help so she hired Jane, who had business expertise and could handle the back-office tasks. Sam would continue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisan craft business, and then scheduled a meeting for the three of them to discuss Jane's first impressions.
At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared for what Jane had to say.
"Carol, I know that he doesn't realize it, but some of Sam's efforts to increase sales have put you in a vulnerable position. You are not protecting customers' personal information like you should." Sam said, "I am protecting our information. I keep it in the safe with our bank deposit. It's only a list of customers' names, addresses and phone numbers that I get from their checks before I deposit them. I contact them when you finish a piece that I think they would like. That's the only information I have! The only other thing I do is post photos and information about your work on the photo sharing site that I use with family and friends. I provide my email address and people send me their information if they want to see more of your work. Posting online really helps sales, Carol. In fact, the only complaint I hear is about having to come into the shop to make a purchase." Carol replied, "Jane, that doesn't sound so bad. Could you just fix things and help us to post even more online?"
'I can," said Jane. "But it's not quite that simple. I need to set up a new program to make sure that we follow the best practices in data management. And I am concerned for our customers. They should be able to manage how we use their personal information. We also should develop a social media strategy." Sam and Jane worked hard during the following year. One of the decisions they made was to contract with an outside vendor to manage online sales. At the end of the year, Carol shared some exciting news. "Sam and Jane, you have done such a great job that one of the biggest names in the glass business wants to buy us out!
And Jane, they want to talk to you about merging all of our customer and vendor information with theirs beforehand." When initially collecting personal information from customers, what should Jane be guided by?

  • A. Digital rights management.
  • B. Vendor management principles
  • C. Onward transfer rules.
  • D. Data minimization principles.

Answer: A

 

NEW QUESTION 89
To comply with the Sarbanes-Oxley Act (SOX), public companies in the United States are required to annually report on the effectiveness of the auditing controls of their financial reporting systems. These controls must be implemented to prevent unauthorized use, disclosure, modification, and damage or loss of financial data.
Why do these controls ensure both the privacy and security of data?

  • A. Disclosure of data is an aspect of privacy; unauthorized use, modification, and damage or loss of data are aspects of security.
  • B. Damage or loss of data are aspects of privacy; disclosure, unauthorized use, and modification of data are aspects of privacy.
  • C. Unauthorized use of data is an aspect of privacy; disclosure, modification, and damage or loss of data are aspects of security.
  • D. Modification of data is an aspect of privacy; unauthorized use, disclosure, and damage or loss of data are aspects of security.

Answer: A

 

NEW QUESTION 90
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.
LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) for the new Light Blue Health application currently in development. Which of the following best describes a risk that is likely to result in a privacy breach?

  • A. Not encrypting the health record when it is transferred to the Light Blue Health servers.
  • B. Limiting access to the app to authorized personnel.
  • C. Including non-transparent policies, terms and conditions in the app.
  • D. Insufficiently deleting personal data after an account reaches its retention period.

Answer: B

 

NEW QUESTION 91
What is the main privacy threat posed by Radio Frequency Identification (RFID)?

  • A. An individual can scramble computer transmissions in weapons systems.
  • B. An individual can tap mobile phone communications.
  • C. An individual with an RFID receiver can track people or consumer products.
  • D. An individual can use an RFID receiver to engage in video surveillance.

Answer: B

 

NEW QUESTION 92
Which of the following is an example of the privacy risks associated with the Internet of Things (loT)?

  • A. A group of hackers infiltrate a power grid and cause a major blackout.
  • B. A water district fines an individual after a meter reading reveals excess water use during drought conditions.
  • C. An insurance company raises a person's rates based on driving habits gathered from a connected car.
  • D. A website stores a cookie on a user's hard drive so the website can recognize the user on subsequent visits.

Answer: C

 

NEW QUESTION 93
What distinguishes a "smart" device?

  • A. It is programmable by a user without specialized training.
  • B. It can perform multiple data functions simultaneously.
  • C. It can reapply access controls stored in its internal memory.
  • D. It augments its intelligence with information from the internet.

Answer: D

Explanation:
Explanation/Reference: https://towardsdatascience.com/what-is-a-smart-device-the-key-concept-of-the-internet-of-things-
52da69f6f91b

 

NEW QUESTION 94
Which is NOT a drawback to using a biometric recognition system?

  • A. It has limited compatibility across systems.
  • B. It can be more expensive than other systems
  • C. It is difficult for people to use.
  • D. It can require more maintenance and support.

Answer: D

 

NEW QUESTION 95
Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifiable information from a student s educational record requires written permission from the parent or eligible student in order for information to be?

  • A. Released to specific individuals for audit or evaluation purposes.
  • B. Released to a prospective employer.
  • C. Released in response to a judicial order or lawfully ordered subpoena.
  • D. Released to schools to which a student is transferring.

Answer: D

 

NEW QUESTION 96
SCENARIO
Please use the following to answer the next question:
Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client's office to perform an onsite review of the client's operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client's office. The car rental agreement was electronically signed by Chuck and included his name, address, driver's license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources' web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
What is the most secure method Finley Motors should use to transmit Chuck's information to AMP Payment Resources?

  • A. Cloud file transfer services.
  • B. Transport Layer Security (TLS).
  • C. Certificate Authority (CA).
  • D. HyperText Transfer Protocol (HTTP).

Answer: B

 

NEW QUESTION 97
......

Certified Information Privacy Technologist (CIPT) Certification Sample Questions and Practice Exam: https://www.free4dump.com/CIPT-braindumps-torrent.html

Real Exam Questions & Answers - IAPP CIPT Dump is Ready: https://drive.google.com/open?id=1thfO0D_6GhXfKEqbIq4gIqhKvQxsUtMa

Related Articles

more
IAPP CIPT Certification Practice Exam