Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Community
Ask the community for help and clear up your study doubts
Discover the best universities in your country according to Docsity users
Free resources
Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors
CIPT Exam Questions With 100% Correct Answers 2024 IT Risks: Security Policy and Personnel - Correct Answer-Encryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - Correct Answer-Privileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - Correct Answer-Malware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - Correct Answer-Cloud, Apps, Web, DB, Tapes, Files, Hardware
Typology: Exams
1 / 24
IT Risks: Security Policy and Personnel - Correct Answer- Encryption, Software Protection, Access Controls, Physical Protection, Social Engineering, Auditing. IT Risks: Application - Correct Answer-Privileged Access, Software Policy, Privacy Links, Application Research, IT Involvement (IT Controlled, IT Monitored, Employee Controlled). IT Risks: Network - Correct Answer-Malware, BYOD, Validate Devices/Apps, Network Monitoring, Network Encryption, Authentication IT Risks: Storage - Correct Answer-Cloud, Apps, Web, DB, Tapes, Files, Hardware IT Risks: Common Mistakes by Organizations - Correct Answer- Poor Policies and Training, Disjointed Practices, 3rd Party Contracts, Complacency
Role of IT Professionals: Privacy Professionals - Correct Answer-Responsible for the company's overall privacy program. Define policies, standards, guidelines, auditing, Controls, training and internal/external relationships. Role of IT Professionals: Company Executives - Correct Answer-Responsible for supporting privacy programs through words and actions. Role of IT Professionals: Lawyers - Correct Answer- Responsible for creating privacy statements, writing contracts, ensuring compliance with laws and regulations and addressing formal inquiries from regulators. Role of IT Professionals: Marketers - Correct Answer-Must follow company's privacy practices in their exchanges Role of IT Professionals: All Employees - Correct Answer- Employees are ambassadors to privacy and must ensure compliance with company policies. Outline of a Privacy Notice - Correct Answer-Information Lifecycle + Common Privacy Principles, Marketing Contact, Use
of Cookies, Resolving Privacy Issues, Release Date of Privacy Notice, Changes to Privacy Notice Multilayered Privacy Notice - Correct Answer-Provide an abbreviated form of an organizations privacy notice while providing links to more detailed information. Internal Privacy Policy Considerations - Correct Answer-Data Classification, Data Collection, Data Protection, Retention, Treatment of Sensitive Data, Sharing Data, Privacy Policy Review, Responding to Privacy Inquiries and Data Requests. Data Classification - Correct Answer-Classification is based on the level of sensitivity of the data Data Retention - Correct Answer-An agreed upon maximum period of time should be established. Regulatory requirements may influence retention periods if applicable. Data Deletion - Correct Answer-Deletion can be triggered by: Termination of a contract, acquisitions, completion of a transaction, regulatory requirements, deletion request by data subjects.
Organization Security Policy Requirements - Correct Answer- Access Control, Encryption, Password Control, Machine Access Restriction, Intrusion Detection Access Control: Discretionary Access Control - Correct Answer- The use has complete control over the resources he owns. Access Control: Mandatory Access Control - Correct Answer- Only the administrator can assign access rights to a resource. Access Control: Role-Based Access Control (RBAC) - Correct Answer-Access is based on organizational roles Access Control: Attribute-based Access Control (ABAC) - Correct Answer-RBAC + the addition of attributes to gain access. Attributes could be time, location, nationality, age, etc. Encryption: TLS vs SSL - Correct Answer-TLS (Transport Layer Security): Protects emails between email servers.
SSL (Secure Socket Layer): Protects Communications between browser and server. Incident Response Program - Correct Answer-IRP should consist of: IR Center, web form, email address, phone number, and representatives from PR, Legal and Privacy. Security and Privacy in the SDLC - Correct Answer-Privacy by Design should be considered to save time in the long run. Privacy Impact Assessments - Correct Answer-Helps to identify privacy risks and measure the critical of each risk. Privacy review statistics should be included in a PIA. Triggers for a Privacy Impact Assessment - Correct Answer-1) Creation of a new service.
Four Ways to Address Risk - Correct Answer-Avoid, Mitigate, Accept, Transfer Notable Regulations - Correct Answer--PIPEDA: PI Protection and Electronics Documents Act (Canada). -EU Data Protection Directive -Hong Kong Personal Data Ordinance -Law on the Protection of Personal Data Held by Private Parties (Hong Kong) -COPPA: Children's Online Privacy Protection Act (US) FIPS - Correct Answer-Fair Information Practices - first IT Framework for processing personal data. Common Privacy Principles - Correct Answer-1) Collection Limitation
Information Life Cycle: Disclosure - Correct Answer-According to Notice, Pseudonymization/Anonymization, Define Limitations, Vendor Management Programs, Using Intermediaries, Secure Remote Access. Information Life Cycle: Retention - Correct Answer-Records Management, Regulation Limitations, Data Subject Access, Secure Transfers, BC/DR, Portable Media. Information Life Cycle: Destruction - Correct Answer-Digital Content, Portable Media, Hard Copy, Appropriate Time for Deletion, Secure Transfer and Return of Media from Third Parties, Regulatory Requirements for Destruction Standards, Architecture Considerations: Technology Standardization - Correct Answer-Standardizing Hardware, Software, Operating Systems, and Applications simplifies training, application interaction, setting of policy, configuration management, and sharing of information. Architecture Considerations: Policy Consolidation - Correct Answer-Large Companies Should have a global privacy policy to make it easier to comply with safe practices.
Architecture Considerations: Data Center Distribution - Correct Answer-Data will be impacted by laws and regulations depending on the location of data centers. Cross-Border data transfers can trigger new laws and regulations. Mergers & Acquisitions - Correct Answer-A thorough review should be done to undersand inconsistencies between old and new policies. Internet Service Provider Contracts, Vendor Data, Customer Data, and Online Data. IAM: Limitations - Correct Answer-Employees or users with access could have mal-intentions or misuse data. IAM: Least Privilege - Correct Answer-Granting the lowest possible access rights to a resource. Minimizes that ability to access unnecessary resources or execute unneeded programs. IAM: User-Based Access Control - Correct Answer-Relies on the identity of the person to determine the type of access to permit.
IAM: User-Based Access Control: Mandatory Access Control - Correct Answer-Only Administrators are able to modify the Access Control List IAM: User-Based Access Control: Discretionary Access Control
Remote Access: Access to Computers - Correct Answer-1) Limit Computer Access
Encryption: Common Regulations - Correct Answer-1) Basel III: Mandatory encryption for financial reporting data and other related sensitive information at rest and in transit.
associated customer call record. Help to ensure that data is being accessed during normal business hours. Data Masking and Data Obfuscation - Correct Answer-Data Masking: Permitting parts of a sensitive value to be visible, but not others. Data Obfuscation: Hiding contents of a value while maintaining its utility. Data Loss Prevention - Correct Answer-Helps to ensure that sensitive data is not inadvertently released to the wrong person or entity. Authentication: Portable Devices - Correct Answer-RSA SecureID: Displays a One-Time password used for authentication. TAILS: The Amnesiac Incognito Live System: This deice lets a user turn any computer into a personal computer with its own encryption.
Identifiers: Device IDs - Correct Answer-IP Address and MAC Address Identifiers: Pseudonymous vs Anonymous - Correct Answer- Pseudonymous: An ID, rather than PII, is used to identify a data record as being from a specific subject. Anonymous: There is truly no way to know who a person is. Identifiers: Imprecise Data - Correct Answer-Making data less- precise is a way to deidentify data. This is typically seen as using a data range as opposed to a specific element. Ex: Age range between 18 and 24, but not asking for specific birthday. Identifiers: Identifiability vs Linkability - Correct Answer- Identifiable: Extent to which a person can be identified. Linkable: The possibility/probability that a person can be identified.
Identifiers: Data Aggregation - Correct Answer-Data Aggregation is a process of combining data from multiple records into a single record around a common index. Aggregation is a reasonable way to achieve de-identification and unlinkability. Privacy By Design - Correct Answer-Article 23 of GDPR. Companies should promote consumer privacy throughout their organizations and at every stage of development of their products and services. Privacy By Design Practices - Correct Answer-1) Commit to a PbD Program
Online Threats: Pharming - Correct Answer-Redirects a valid Internet request to a malicious site by modifying a Hosts file or corrupting the Domain Name System server. Online Threats: SQL Injections - Correct Answer-When a person intentionally inserts an SQL command in places where data may be captured and sent to a database for processing. Online Threats: Cross-Site Scripting - Correct Answer-When an attacker embeds client-side script into a page that gets executed when a user visits the site. Online Advertising: Remnant - Correct Answer-Ads run when there is no data about a user. The cheapest type of ad. Online Advertising: Premium - Correct Answer-Ads run to improve the brand of a company. Typically the most expensive. Online Advertising: Contextual - Correct Answer-The content of the ad is based on the topic of the web page, website or data entered by the user. This is the most common type of ad.
Online Advertising: Demographic - Correct Answer-Content of the ad is based on the individual's demographic data. Online Advertising: Psychographic - Correct Answer-The content of the ad is based on the person's interests. Online Advertising: Behaviorial - Correct Answer-Ads based on a user's browsing habits. Online Advertising: Search Ads - Correct Answer-Displayed alongside the results from a search performed by a search engine. Online Advertising: Display Ads - Correct Answer-Imade ads that are commonly viewed on a web page (side banners or top banners) Online Advertising: Publisher Ads - Correct Answer-Owners of websites publish their own ads using their own network.
Online Advertising: Third Party Ads - Correct Answer-Third Partyies display ads on various publisher sites with who it has made agreements to serve ads. Tracking Technologies: Cookies - Correct Answer-Text files that are used to store information for a website. They store configuration, demographic, and identity information. Tracking Technologies: Beacons - Correct Answer-REsources that exist on a webpage, but are not visible to the naked eye. Tracking Technologies: Local Shared Object (LSO) - Correct Answer-Represent memory within a browser component that can be used to store data similar to the way it is stored in a cookie. Tracking Technologies: Other - Correct Answer-HTML5: Similar to a cookie, but data is stored in the web browser. Browser Fingerprinting: Consists of using the UP address sent during a browsing session to a website and the browsers user agent string to uniquely identify the browser.
Super Cookie: Ensures the value of a cookie persists even if it is deleted. SAML and XACML - Correct Answer-SAML (Security Assertion Markup Language): SAML allows organizations to make assertion about the identity, attributes, and entitlements of an individual to entities. eXtensible Access Control Markup Language (XACML): Provides a mechanism for protecting access to data, but goes further by providing a request/response language that permits the development of an access request. Browser Privacy - Correct Answer-Private Browsing (Incognito): Cookies and history will be deleted. Tracking Protection: Cookie Blocking, Cookie Deletion and Tracking Protection removes the ability to track users. Do Not Track (DNT): Allows the user to opt in or opt out of tracking.
Web Security: SSL vs TLS - Correct Answer-TLS mitigates man- in-the-middle attacks. SSL verifies the authority of the certificate producer validating the IP address. Web Security: HSTS vs HTTPS - Correct Answer-HSTS (HTTP Strict Transport Security): Ensures that websites that support secure communications are connected over a secure link between browsers that supports HSTS. HTTPS: Secure HTTP that operates on top of SSL. Encrypts the browsing session. Cloud: Different Types - Correct Answer-Personal Cloud: Typically used for storage Private Cloud: Emphasis on enterprise sharing between data centers. Must have BCDR plan in place. Public Cloud: Responsibility lies in someone else's hands. Must ensure security, access controls, and backup is in place. Community Cloud: Benefits of private cloud with restricted access and benefits of public cloud with shared resources.
Cloud: Services - Correct Answer-Storage: Backup purposes Database: Lowers the cost of an in house database. Infrastructure: Extra hardware and operating power to host applications, etc. Platform: Operating Systems Software: Software as a Service. Accounting, email, photo, billing, etc. Cloud: Privacy Concerns - Correct Answer-Contracts with the Cloud Provider must align with policies that the data processor has in their policies and notices. Access must be restricted. Usage of data must be defined.
Wireless Technologies - Correct Answer-RFID: Near Field Communication: Used in Point of Sale systems and hosts credit card data. Bluetooth: Devices have two way communication. WiFi: Location Based Services - Correct Answer-Global Positioning System (GPS): Determines location based on data from orbiting satellites. Geographic Information Systems (GIS): Consists of computer service or application that combines geographic data with descriptive information associate with that data (buildings, coordinates, etc). Smart Technologies - Correct Answer-Data Analytics/Big Data, Deep Learning, AI, IoT, Automated vehicles, etc.