









































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The Ethics and Privacy Concerns Ultimate Exam focuses on the intersection of ethics, data protection, and privacy in the digital age. Topics include data security, personal information protection, surveillance, consent, and regulatory frameworks such as GDPR. Candidates will explore ethical challenges related to big data, artificial intelligence, and online privacy. The exam emphasizes responsible data handling practices and ethical decision-making in technology-driven environments, making it ideal for IT professionals, data analysts, and compliance officers.
Typology: Exams
1 / 81
This page cannot be seen from the preview
Don't miss anything!










































































Question 1. Which ethical framework emphasizes duties and rules over consequences when evaluating digital surveillance programs? A) Utilitarianism B) Deontology C) Virtue ethics D) Care ethics Answer: B Explanation: Deontology judges actions by adherence to moral duties and principles, irrespective of outcomes, making it the primary lens for rule‑based assessments of surveillance. Question 2. In the context of AI system design, “dark patterns” are best described as: A) Open‑source libraries that improve transparency B) UI tricks that manipulate users into unintended actions C) Encryption methods that hide data flow D) Algorithmic fairness metrics Answer: B Explanation: Dark patterns are deliberately deceptive design choices that coerce users, violating principles of autonomy and beneficence. Question 3. The principle of “Beneficence” in Principlism primarily requires that digital services: A) Maximize profit for shareholders B) Avoid causing harm to users C) Act in the best interest of users and society D) Ensure data is stored indefinitely Answer: C Explanation: Beneficence obliges actors to promote well‑being and positive outcomes for individuals and communities.
Question 4. A “Human‑in‑the‑Loop” (HITL) requirement is most critical for which type of automated decision? A) Personalized movie recommendations B) Automated spam filtering C) Credit‑scoring that determines loan approval D) Auto‑completion of email text Answer: C Explanation: High‑stakes decisions like credit approval affect rights and livelihoods, demanding human oversight to ensure fairness and accountability. Question 5. An AI Ethics Steering Committee should not include which of the following members to maintain balanced governance? A) Chief Legal Officer B) Head of Marketing C) Senior Data Scientist D) External ethicist Answer: B Explanation: While marketing insights are valuable, including a head of marketing can create conflicts of interest when commercial goals clash with ethical considerations. Question 6. Which of the following is an example of an “ethical red line” for AI deployment? A A/B testing of UI colors B Predictive maintenance for industrial equipment C Social scoring systems that assign citizen ratings D Chatbot for customer support Answer: C Explanation: Social scoring infringes on autonomy, privacy, and justice, and is widely recognized as ethically prohibited.
Question 10. India’s DPDP Act of 2023 introduces which novel consent mechanism? A One‑time blanket consent for all services B Dynamic, purpose‑specific consent with revocation rights C No consent required for anonymized data D Implied consent through website usage Answer: B Explanation: The DPDP Act mandates granular, revocable consent for each processing purpose. Question 11. California’s CPRA expands the consumer’s right to: A Delete data only after a 10‑year retention period B Opt‑out of the sale of personal information and request correction of inaccurate data C Share data with third parties without restriction D Receive free credit monitoring for all data breaches Answer: B Explanation: CPRA strengthens opt‑out and correction rights, enhancing consumer control. Question 12. A “Transfer Impact Assessment” (TIA) is required when: A Data is processed solely within the same country B Data is transferred to a jurisdiction lacking an adequacy decision C Data is encrypted before transfer D Data is aggregated for internal reporting Answer: B Explanation: TIAs evaluate risks associated with cross‑border transfers to jurisdictions without recognized adequacy. Question 13. In Privacy‑by‑Design, the principle of “Purpose Limitation” dictates that: A Data may be reused for any future project without consent B Data must be collected only for specified, explicit, and legitimate purposes
C Data can be stored indefinitely for analytics D Data can be shared freely among all departments Answer: B Explanation: Purpose limitation restricts processing to the original, clearly defined objectives. Question 14. “Dynamic consent” differs from traditional consent by: A Providing a one‑time checkbox at account creation B Allowing users to adjust permissions in real‑time as contexts change C Eliminating the need for any user interaction after initial sign‑up D Requiring notarized signatures for each data use Answer: B Explanation: Dynamic consent enables ongoing, context‑aware control over data processing. Question 15. The “Least Privilege” access principle ensures that: A All employees have admin rights to increase productivity B Users receive only the minimum permissions necessary to perform their duties C Permissions are granted based on seniority alone D Access rights are never reviewed after initial assignment Answer: B Explanation: Least privilege minimizes exposure by restricting access to essential functions. Question 16. Which type of bias arises when a training dataset underrepresents a demographic group, leading to poorer model performance for that group? A Historical bias B Technical bias C Sampling bias D Emergent bias Answer: C
Question 20. “Datasheets for Datasets” primarily aim to: A Compress large datasets for faster training B Document provenance, composition, and intended use of datasets C Encrypt datasets for secure storage D Generate synthetic data automatically Answer: B Explanation: Datasheets increase transparency by providing detailed metadata about dataset characteristics. Question 21. In the context of LLMs, “inference risk” refers to: A The chance that a model will crash during training B The possibility that the model can reconstruct or guess sensitive training data from prompts C The likelihood of overfitting on a small dataset D The probability of generating grammatically incorrect sentences Answer: B Explanation: Inference attacks exploit model outputs to reveal private information present in the training corpus. Question 22. Ethical scraping of copyrighted content for training an LLM should include: A No attribution because the model is a “fair use” product B Obtaining explicit permission or relying on a clear, documented fair‑use analysis C Downloading the entire website without limits D Ignoring the rights of original creators because the data is transformed Answer: B Explanation: Respecting intellectual property requires either permission or a defensible fair‑use justification.
Question 23. Deepfake voice cloning poses a privacy violation because it: A Improves user experience in virtual assistants B Enables impersonation, leading to identity theft and unauthorized transactions C Reduces bandwidth usage in streaming services D Allows faster speech synthesis for accessibility Answer: B Explanation: Synthetic replication of a person’s voice can be used maliciously, violating autonomy and security. Question 24. Differential privacy protects individuals by: A Storing all raw data on a public blockchain B Adding calibrated random noise to query results, limiting re‑identification risk C Removing all data points from a dataset D Encrypting data with a reversible algorithm Answer: B Explanation: The injected noise ensures that the presence or absence of any single individual does not significantly affect outputs. Question 25. Federated learning reduces privacy risk primarily because: A All data is transmitted to a central server for processing B Model updates, not raw data, are shared with a central aggregator C It eliminates the need for any machine learning altogether D It stores data in plaintext on edge devices Answer: B Explanation: By keeping raw data on devices and sending only model gradients, federated learning limits data exposure. Question 26. Homomorphic encryption enables:
Answer: B Explanation: ISO 42001 is being drafted to specifically address ethical AI governance and auditability. Question 30. An effective “right of redress” mechanism must include: A Only an automated email response B Clear, accessible procedures for individuals to contest decisions and obtain remediation C A requirement that users waive all claims before using the service D No timeline for response to maintain flexibility Answer: B Explanation: Redress must be transparent, timely, and empower individuals to challenge adverse outcomes. Question 31. According to the 2026 ethical guidelines, a breach notification should be sent to affected users within: A 72 hours of discovery B 30 days after the breach is fully understood C Immediately, as soon as the breach is confirmed D Only after a regulator approves the release Answer: A Explanation: Many jurisdictions, including GDPR, require notification within 72 hours to limit harm. Question 32. The “digital divide” refers to: A A gap in internet speeds between urban and rural areas only B Disparities in access to digital technologies and the benefits they confer across socioeconomic groups C Differences in software licensing costs D The competition between different operating systems Answer: B
Explanation: The digital divide captures inequities in access, skills, and outcomes related to digital technology. Question 33. Environmental ethics in AI primarily concerns: A The visual design of user interfaces B The carbon emissions associated with large‑scale model training and inference C The speed of algorithmic convergence D The number of patents filed by AI firms Answer: B Explanation: Training massive models consumes significant energy, raising sustainability concerns. Question 34. “Surveillance capitalism” is best defined as: A A marketplace where users purchase surveillance equipment B The monetization of personal data through pervasive monitoring and targeted advertising C A government program for national security D An open‑source initiative for privacy tools Answer: B Explanation: Surveillance capitalism exploits personal data for profit, often eroding privacy and autonomy. Question 35. Which of the following is a core component of the “Four Principles of Principlism” when applied to data lifecycle? A Profit maximization B Autonomy C Speed of processing D Data redundancy Answer: B Explanation: Autonomy respects individuals’ right to control their own information throughout collection, use, and deletion.
Question 39. A “privacy impact assessment” (PIA) is required when: A Processing data that is already public B Introducing a new system that handles high‑risk personal data C Only storing data for less than 30 days D Using anonymized aggregate statistics Answer: B Explanation: PIAs evaluate potential privacy risks of new projects, especially when handling sensitive or high‑volume data. Question 40. Which of the following best describes “purpose limitation” in the context of the California CPRA? A Data may be repurposed without user consent after 90 days B Data must be processed only for the specific purposes disclosed at collection, unless the user consents to new uses C All data can be sold to advertisers by default D Purpose limitation does not apply to de‑identified data Answer: B Explanation: CPRA reinforces that data may not be used beyond the original, disclosed purpose without explicit consent. Question 41. In AI fairness auditing, the “disparate impact” ratio is calculated as: A True positive rate of privileged group ÷ true positive rate of unprivileged group B Selection rate of unprivileged group ÷ selection rate of privileged group C Number of false negatives divided by total predictions D Precision of the model across all groups Answer: B Explanation: Disparate impact assesses whether the selection (or adverse) rate for a protected group is substantially different from that of the majority group.
Question 42. Which cryptographic technique allows multiple parties to jointly compute a function over their inputs while keeping those inputs private? A Homomorphic encryption B Secure multi‑party computation (SMPC) C Hashing D TLS Answer: B Explanation: SMPC enables collaborative computation without revealing each participant’s raw data. Question 43. The “right to be forgotten” under GDPR requires organizations to: A Delete personal data only upon the user’s death B Erase personal data upon a valid request, unless overriding legal obligations exist C Permanently store all data for historical analysis D Transfer data to a third party instead of deleting it Answer: B Explanation: The right to erasure mandates removal of personal data when requested, subject to certain legal exemptions. Question 44. An example of “technical bias” introduced by a poorly chosen loss function is: A A model that penalizes false negatives more heavily, leading to higher false‑positive rates for a minority group B Collecting data only from urban areas C Updating the model after deployment without monitoring outcomes D Using a dataset that includes historical discrimination Answer: A Explanation: The loss function shapes model behavior; an imbalanced penalty can systematically disadvantage certain groups.
B Data processing occurs locally on the device, reducing the need to transmit personal information C Edge devices automatically delete all logs after processing D Edge computing guarantees zero data collection Answer: B Explanation: By keeping computation close to the data source, edge computing limits exposure of sensitive information. Question 49. Under the concept of “data sovereignty,” a multinational company must: A Store all global data in a single data center for efficiency B Ensure that personal data of a country’s citizens is subject to that country’s laws and possibly stored locally C Ignore local regulations if they conflict with corporate policy D Only comply with the laws of the country where its headquarters reside Answer: B Explanation: Data sovereignty asserts that data is governed by the jurisdiction where it is generated or resides. Question 50. Which fairness metric ensures that the proportion of positive outcomes is equal across groups? A Predictive parity B Statistical parity C Equalized odds D Calibration within groups Answer: B Explanation: Statistical parity (or demographic parity) requires equal selection rates regardless of group membership. Question 51. A “model card” is intended to: A Provide a concise summary of a machine‑learning model’s intended use, performance, and limitations
B Encrypt model parameters for security C Generate synthetic training data automatically D Replace the need for any documentation Answer: A Explanation: Model cards promote transparency by documenting key aspects of a model. Question 52. Which of the following best exemplifies a “privacy‑by‑default” setting? A Opt‑in for location tracking only after explicit user action B Automatic sharing of contact lists with third‑party apps C Collecting all sensor data by default and deleting it after one year D Allowing unlimited data retention unless the user requests deletion Answer: A Explanation: Privacy‑by‑default ensures the most protective configuration is the default state. Question 53. The “right to explanation” under GDPR differs from the “right to access” because it: A Requires the controller to provide a plain‑language description of how a decision was made, not just the data itself B Allows users to see the raw database entries only C Mandates that the organization publish its source code D Only applies to non‑automated decisions Answer: A Explanation: The right to explanation focuses on the logic behind automated decisions, while the right to access concerns the data itself. Question 54. Which of the following is a potential negative societal impact of widespread facial‑recognition deployment? A Improved traffic flow through automated tolls B Increased surveillance leading to chilling effects on free expression
C Accelerating data processing speed D Eliminating all data collection activities Answer: A Explanation: Justice demands fairness in who gains and who bears the costs of data practices. Question 58. A “privacy‑enhancing technology” (PET) that adds random noise to aggregated statistics is known as: A Homomorphic encryption B Differential privacy C Zero‑knowledge proof D Secure enclave Answer: B Explanation: Differential privacy protects individual contributions by perturbing query results. Question 59. Which of the following is a legal requirement for “data minimization” under most modern privacy statutes? A Collecting every possible data point to enable future analytics B Limiting collection to data that is necessary for the specified purpose C Storing data indefinitely for historical reference D Sharing all collected data with third‑party advertisers Answer: B Explanation: Data minimization mandates gathering only what is essential for the declared purpose. Question 60. The “right to rectification” allows individuals to: A Request deletion of all their data without any justification B Correct inaccurate personal data held by a controller C Force a company to provide free services D Prevent any future data collection permanently
Answer: B Explanation: Rectification ensures that personal information is accurate and up‑to‑date. Question 61. Which of the following best describes “algorithmic transparency”? A Keeping the source code hidden to protect intellectual property B Providing stakeholders with understandable information about how an algorithm works and makes decisions C Ensuring the algorithm runs faster than human decision‑making D Allowing only the development team to view model parameters Answer: B Explanation: Transparency involves openness about design, data, and decision logic to enable scrutiny. Question 62. A “privacy breach” that results in the exposure of encrypted data without the decryption key is generally considered: A A severe breach because encryption does not matter B A low‑risk incident if the encryption is strong and keys remain secure C Never reportable under any regulation D Automatically a violation of the right to erasure Answer: B Explanation: If encryption is robust and keys are not compromised, the risk to individuals is minimal. Question 63. In the context of AI governance, “risk‑based categorization” means: A All AI systems are treated the same regardless of impact B Systems are classified according to the potential harm they can cause, guiding required safeguards C Only high‑profit AI applications are regulated D Risk is ignored in favor of rapid innovation Answer: B