Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPT Exam Questions With 100% Correct Answers 2024, Exams of Advanced Education

CIPT Exam Questions With 100% Correct Answers 2024 IT Risks: Security Policy and Personnel - Correct Answer-Encryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - Correct Answer-Privileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - Correct Answer-Malware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - Correct Answer-Cloud, Apps, Web, DB, Tapes, Files, Hardware

Typology: Exams

2023/2024

Available from 07/13/2024

professoraxel
professoraxel 🇺🇸

3.7

(29)

10K documents

1 / 24

Toggle sidebar

Related documents


Partial preview of the text

Download CIPT Exam Questions With 100% Correct Answers 2024 and more Exams Advanced Education in PDF only on Docsity!

CIPT Exam Questions With 100% Correct

Answers 2024

IT Risks: Security Policy and Personnel - Correct Answer- Encryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - Correct Answer-Privileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - Correct Answer-Malware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - Correct Answer-Cloud, Apps, Web, DB, Tapes, Files, Hardware IT Risks: Common Mistakes by Organizations - Correct Answer- Poor Policies and Training, Disjointed Practices, 3rd Party Contracts, Complacency

Role of IT Professionals: Privacy Professionals - Correct Answer-Responsible for the company's overall privacy program. Define policies, standards, guidelines, auditing, Controls, training and internal/external relationships. Role of IT Professionals: Company Executives - Correct Answer-Responsible for supporting privacy programs through words and actions. Role of IT Professionals: Lawyers - Correct Answer- Responsible for creating privacy statements, writing contracts, ensuring compliance with laws and regulations and addressing formal inquiries from regulators. Role of IT Professionals: Marketers - Correct Answer-Must follow company's privacy practices in their exchanges Role of IT Professionals: All Employees - Correct Answer- Employees are ambassadors to privacy and must ensure compliance with company policies. Outline of a Privacy Notice - Correct Answer-Information Lifecycle + Common Privacy Principles, Marketing Contact, Use

of Cookies, Resolving Privacy Issues, Release Date of Privacy Notice, Changes to Privacy Notice Multilayered Privacy Notice - Correct Answer-Provide an abbreviated form of an organizations privacy notice while providing links to more detailed information. Internal Privacy Policy Considerations - Correct Answer-Data Classification, Data Collection, Data Protection, Retention, Treatment of Sensitive Data, Sharing Data, Privacy Policy Review, Responding to Privacy Inquiries and Data Requests. Data Classification - Correct Answer-Classification is based on the level of sensitivity of the data Data Retention - Correct Answer-An agreed upon maximum period of time should be established. Regulatory requirements may influence retention periods if applicable. Data Deletion - Correct Answer-Deletion can be triggered by: Termination of a contract, acquisitions, completion of a transaction, regulatory requirements, deletion request by data subjects.

Organization Security Policy Requirements - Correct Answer- Access Control, Encryption, Password Control, Machine Access Restriction, Intrusion Detection Access Control: Discretionary Access Control - Correct Answer- The use has complete control over the resources he owns. Access Control: Mandatory Access Control - Correct Answer- Only the administrator can assign access rights to a resource. Access Control: Role-Based Access Control (RBAC) - Correct Answer-Access is based on organizational roles Access Control: Attribute-based Access Control (ABAC) - Correct Answer-RBAC + the addition of attributes to gain access. Attributes could be time, location, nationality, age, etc. Encryption: TLS vs SSL - Correct Answer-TLS (Transport Layer Security): Protects emails between email servers.

SSL (Secure Socket Layer): Protects Communications between browser and server. Incident Response Program - Correct Answer-IRP should consist of: IR Center, web form, email address, phone number, and representatives from PR, Legal and Privacy. Security and Privacy in the SDLC - Correct Answer-Privacy by Design should be considered to save time in the long run. Privacy Impact Assessments - Correct Answer-Helps to identify privacy risks and measure the critical of each risk. Privacy review statistics should be included in a PIA. Triggers for a Privacy Impact Assessment - Correct Answer-1) Creation of a new service.

  1. New or Updated program for processing data.
  2. Merger or acquisition.
  3. Creation of a new data center.
  4. Onboarding new data.
  5. Movement of data to a different country.
  6. Changes in regulations covering data use.

Four Ways to Address Risk - Correct Answer-Avoid, Mitigate, Accept, Transfer Notable Regulations - Correct Answer--PIPEDA: PI Protection and Electronics Documents Act (Canada). -EU Data Protection Directive -Hong Kong Personal Data Ordinance -Law on the Protection of Personal Data Held by Private Parties (Hong Kong) -COPPA: Children's Online Privacy Protection Act (US) FIPS - Correct Answer-Fair Information Practices - first IT Framework for processing personal data. Common Privacy Principles - Correct Answer-1) Collection Limitation

  1. Data Quality
  2. Purpose Specification
  3. Use Limitation
  4. Security Safeguards
  1. Openness
  2. Individual Participation
  3. Accessibility Information Life Cycle Phases - Correct Answer-1) Collection
  4. Use
  5. Disclosure
  6. Retention
  7. Deletion Information Life Cycle: Collection - Correct Answer-Choice/Consent, Collection Limitation, Secure Transfer, Reliable Sources, Collection of Information Other than the Data Subject. Information Life Cycle: Use - Correct Answer-Regulatory Compliance, Data Minimization, Secondary Uses, Authentication & Access Control & Audit Trails, Security in Motion and Storage, Personal Data For Testing, Limitations on Use for unclear sources

Information Life Cycle: Disclosure - Correct Answer-According to Notice, Pseudonymization/Anonymization, Define Limitations, Vendor Management Programs, Using Intermediaries, Secure Remote Access. Information Life Cycle: Retention - Correct Answer-Records Management, Regulation Limitations, Data Subject Access, Secure Transfers, BC/DR, Portable Media. Information Life Cycle: Destruction - Correct Answer-Digital Content, Portable Media, Hard Copy, Appropriate Time for Deletion, Secure Transfer and Return of Media from Third Parties, Regulatory Requirements for Destruction Standards, Architecture Considerations: Technology Standardization - Correct Answer-Standardizing Hardware, Software, Operating Systems, and Applications simplifies training, application interaction, setting of policy, configuration management, and sharing of information. Architecture Considerations: Policy Consolidation - Correct Answer-Large Companies Should have a global privacy policy to make it easier to comply with safe practices.

Architecture Considerations: Data Center Distribution - Correct Answer-Data will be impacted by laws and regulations depending on the location of data centers. Cross-Border data transfers can trigger new laws and regulations. Mergers & Acquisitions - Correct Answer-A thorough review should be done to undersand inconsistencies between old and new policies. Internet Service Provider Contracts, Vendor Data, Customer Data, and Online Data. IAM: Limitations - Correct Answer-Employees or users with access could have mal-intentions or misuse data. IAM: Least Privilege - Correct Answer-Granting the lowest possible access rights to a resource. Minimizes that ability to access unnecessary resources or execute unneeded programs. IAM: User-Based Access Control - Correct Answer-Relies on the identity of the person to determine the type of access to permit.

IAM: User-Based Access Control: Mandatory Access Control - Correct Answer-Only Administrators are able to modify the Access Control List IAM: User-Based Access Control: Discretionary Access Control

  • Correct Answer-Users who own a resource determine the Access Control List. IAM: Context of Authority - Correct Answer-The control over the access to resources on a network is based on the context in which the employee is connected to a network. Cross-Site Authentication - Correct Answer-The ability to access resources from another enterprise with your credentials from another enterprise (SSO) Skimming - Correct Answer-Illegally Copying the Magnetic Strip on a Credit Card PCI DSS (Payment Card Industry Data Security Standard) - Correct Answer-Includes 12 requirements that apply to any organization that accepts payment cards or cardholder data:
  1. Firewalls
  1. Don't use default passwords
  2. Protect cardholder data
  3. Encrypt transmitted data
  4. Use antivirus software
  5. Develop secure applications
  6. Need to Know Basis
  7. Assign a Unique ID
  8. Restrict Physical Access
  9. Track and Monitor access
  10. Test suecirty systems and policies
  11. Maintain an Information Security Policy Remote Access: Security Considerations - Correct Answer-1) Use Corporate Devices
  12. Use Approve Devices
  13. Limit Data Transfers
  14. Limit Types of Access
  15. Mandate Device Controls
  16. Limit Social Access
  17. Provide Notice and Obtain Consent.

Remote Access: Access to Computers - Correct Answer-1) Limit Computer Access

  1. Require Manual Authentication
  2. Use MFA Remote Access: Architecture Controls - Correct Answer-1) VPN
  3. DMZ: Separate Network for visitors
  4. MFA Encryption: Field vs Record - Correct Answer-Field: Ability to only encrypt sensitive fields within a record while leaving non- sensitive fields unencrypted. Record: Encrypts one records at a time within the entire data set. (Ex: a row in a table) Encryption: Disk Encryption - Correct Answer-Ability to encrypt the entire hard drive on a computer.

Encryption: Common Regulations - Correct Answer-1) Basel III: Mandatory encryption for financial reporting data and other related sensitive information at rest and in transit.

  1. HIPAA: Suggests encryption for health data.
  2. PCI DSS: Requires encryption for cardholder data
  3. Financial Instruments and Exchange Law of Japan: Requires encryption for sensitive financial data. Encryption: Cryptographic Standards - Correct Answer- Asymmetric: Uses a different key for encryption and decryption: Public key (used to encrypt) private key (used to decrypt). Symmetric: Uses the same key for encryption and decryption. Hashing: Encryption of data so that it can never be decrypted. Automated Data Retrieval - Correct Answer-Prevents users from accessing data without proper authentication. Automated System Audits - Correct Answer-Validates system logs to ensure that each access to a customer record has an

associated customer call record. Help to ensure that data is being accessed during normal business hours. Data Masking and Data Obfuscation - Correct Answer-Data Masking: Permitting parts of a sensitive value to be visible, but not others. Data Obfuscation: Hiding contents of a value while maintaining its utility. Data Loss Prevention - Correct Answer-Helps to ensure that sensitive data is not inadvertently released to the wrong person or entity. Authentication: Portable Devices - Correct Answer-RSA SecureID: Displays a One-Time password used for authentication. TAILS: The Amnesiac Incognito Live System: This deice lets a user turn any computer into a personal computer with its own encryption.

Identifiers: Device IDs - Correct Answer-IP Address and MAC Address Identifiers: Pseudonymous vs Anonymous - Correct Answer- Pseudonymous: An ID, rather than PII, is used to identify a data record as being from a specific subject. Anonymous: There is truly no way to know who a person is. Identifiers: Imprecise Data - Correct Answer-Making data less- precise is a way to deidentify data. This is typically seen as using a data range as opposed to a specific element. Ex: Age range between 18 and 24, but not asking for specific birthday. Identifiers: Identifiability vs Linkability - Correct Answer- Identifiable: Extent to which a person can be identified. Linkable: The possibility/probability that a person can be identified.

Identifiers: Data Aggregation - Correct Answer-Data Aggregation is a process of combining data from multiple records into a single record around a common index. Aggregation is a reasonable way to achieve de-identification and unlinkability. Privacy By Design - Correct Answer-Article 23 of GDPR. Companies should promote consumer privacy throughout their organizations and at every stage of development of their products and services. Privacy By Design Practices - Correct Answer-1) Commit to a PbD Program

  1. Create a Privacy Standard
  2. Perform a Privacy Review
  3. Perform Data Flow Analysis
  4. Transparency
  5. Control
  6. Access
  7. Retention
  1. Security Online Privacy: Regulations - Correct Answer-Children's Online Privacy Protection Act (COPPA): Restricts processing and targeted advertising of data subjects under 13. ePrivacy Directive: Websites that use cookies must provide notice. California Online Privacy Protection Act (CalOPPA): Requires a privacy notice/statement is sent to website visitors. Online Threats: Phishing - Correct Answer-A fake email is disguised to look like it is from a legitimate organization or person to lure an unsuspecting consumer to click on a link embedded in the email. Online Threats: Spearphishing - Correct Answer-Used to send phishing emails to a group of people from a known organization. Online Threats: Whaling - Correct Answer-A phishing attempt that goes after people known to have a lot of money.

Online Threats: Pharming - Correct Answer-Redirects a valid Internet request to a malicious site by modifying a Hosts file or corrupting the Domain Name System server. Online Threats: SQL Injections - Correct Answer-When a person intentionally inserts an SQL command in places where data may be captured and sent to a database for processing. Online Threats: Cross-Site Scripting - Correct Answer-When an attacker embeds client-side script into a page that gets executed when a user visits the site. Online Advertising: Remnant - Correct Answer-Ads run when there is no data about a user. The cheapest type of ad. Online Advertising: Premium - Correct Answer-Ads run to improve the brand of a company. Typically the most expensive. Online Advertising: Contextual - Correct Answer-The content of the ad is based on the topic of the web page, website or data entered by the user. This is the most common type of ad.

Online Advertising: Demographic - Correct Answer-Content of the ad is based on the individual's demographic data. Online Advertising: Psychographic - Correct Answer-The content of the ad is based on the person's interests. Online Advertising: Behaviorial - Correct Answer-Ads based on a user's browsing habits. Online Advertising: Search Ads - Correct Answer-Displayed alongside the results from a search performed by a search engine. Online Advertising: Display Ads - Correct Answer-Imade ads that are commonly viewed on a web page (side banners or top banners) Online Advertising: Publisher Ads - Correct Answer-Owners of websites publish their own ads using their own network.

Online Advertising: Third Party Ads - Correct Answer-Third Partyies display ads on various publisher sites with who it has made agreements to serve ads. Tracking Technologies: Cookies - Correct Answer-Text files that are used to store information for a website. They store configuration, demographic, and identity information. Tracking Technologies: Beacons - Correct Answer-REsources that exist on a webpage, but are not visible to the naked eye. Tracking Technologies: Local Shared Object (LSO) - Correct Answer-Represent memory within a browser component that can be used to store data similar to the way it is stored in a cookie. Tracking Technologies: Other - Correct Answer-HTML5: Similar to a cookie, but data is stored in the web browser. Browser Fingerprinting: Consists of using the UP address sent during a browsing session to a website and the browsers user agent string to uniquely identify the browser.

Super Cookie: Ensures the value of a cookie persists even if it is deleted. SAML and XACML - Correct Answer-SAML (Security Assertion Markup Language): SAML allows organizations to make assertion about the identity, attributes, and entitlements of an individual to entities. eXtensible Access Control Markup Language (XACML): Provides a mechanism for protecting access to data, but goes further by providing a request/response language that permits the development of an access request. Browser Privacy - Correct Answer-Private Browsing (Incognito): Cookies and history will be deleted. Tracking Protection: Cookie Blocking, Cookie Deletion and Tracking Protection removes the ability to track users. Do Not Track (DNT): Allows the user to opt in or opt out of tracking.

Web Security: SSL vs TLS - Correct Answer-TLS mitigates man- in-the-middle attacks. SSL verifies the authority of the certificate producer validating the IP address. Web Security: HSTS vs HTTPS - Correct Answer-HSTS (HTTP Strict Transport Security): Ensures that websites that support secure communications are connected over a secure link between browsers that supports HSTS. HTTPS: Secure HTTP that operates on top of SSL. Encrypts the browsing session. Cloud: Different Types - Correct Answer-Personal Cloud: Typically used for storage Private Cloud: Emphasis on enterprise sharing between data centers. Must have BCDR plan in place. Public Cloud: Responsibility lies in someone else's hands. Must ensure security, access controls, and backup is in place. Community Cloud: Benefits of private cloud with restricted access and benefits of public cloud with shared resources.

Cloud: Services - Correct Answer-Storage: Backup purposes Database: Lowers the cost of an in house database. Infrastructure: Extra hardware and operating power to host applications, etc. Platform: Operating Systems Software: Software as a Service. Accounting, email, photo, billing, etc. Cloud: Privacy Concerns - Correct Answer-Contracts with the Cloud Provider must align with policies that the data processor has in their policies and notices. Access must be restricted. Usage of data must be defined.

Wireless Technologies - Correct Answer-RFID: Near Field Communication: Used in Point of Sale systems and hosts credit card data. Bluetooth: Devices have two way communication. WiFi: Location Based Services - Correct Answer-Global Positioning System (GPS): Determines location based on data from orbiting satellites. Geographic Information Systems (GIS): Consists of computer service or application that combines geographic data with descriptive information associate with that data (buildings, coordinates, etc). Smart Technologies - Correct Answer-Data Analytics/Big Data, Deep Learning, AI, IoT, Automated vehicles, etc.