IAPP CIPT Certified Information Privacy Technologist Online Training
IAPP CIPT Online Training
The questions for CIPT were last updated at Nov 26,2024.
- Exam Code: CIPT
- Exam Name: Certified Information Privacy Technologist
- Certification Provider: IAPP
- Latest update: Nov 26,2024
SCENARIO
Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company’s information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his frst day of new-hire orientation, Kyle’s schedule included participating in meetings and observing work in the IT and compliance departments.
Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and
Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization’s wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of ofine data storage.
Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could fnd some support. Jill also shared results of the company’s privacy risk assessment, noting that the secondary use of personal information was considered a high risk.
By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifcations and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn’t wait to recommend his friend Ben who would be perfect for the job.
Which data practice is Barney most likely focused on improving?
- A . Deletion
- B . Inventory.
- C . Retention.
- D . Sharing
What is the main function of a breach response center?
- A . Detecting internal security attacks.
- B . Addressing privacy incidents.
- C . Providing training to internal constituencies.
- D . Interfacing with privacy regulators and governmental bodies.
Which is NOT a suitable action to apply to data when the retention period ends?
- A . Aggregation.
- B . De-identifcation.
- C . Deletion.
- D . Retagging.
What is the distinguishing feature of asymmetric encryption?
- A . It has a stronger key for encryption than for decryption.
- B . It employs layered encryption using dissimilar methods.
- C . It uses distinct keys for encryption and decryption.
- D . It is designed to cross operating systems.
What is the most important requirement to fulfll when transferring data out of an organization?
- A . Ensuring the organization sending the data controls how the data is tagged by the receiver.
- B . Ensuring the organization receiving the data performs a privacy impact assessment.
- C . Ensuring the commitments made to the data owner are followed.
- D . Extending the data retention schedule as needed.
Which activity would best support the principle of data quality?
- A . Providing notice to the data subject regarding any change in the purpose for collecting such data.
- B . Ensuring that the number of teams processing personal information is limited.
- C . Delivering information in a format that the data subject understands.
- D . Ensuring that information remains accurate.
Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?
- A . Individual participation.
- B . Purpose specifcation.
- C . Collection limitation.
- D . Accountability.
Granting data subjects the right to have data corrected, amended, or deleted describes?
- A . Use limitation.
- B . Accountability.
- C . A security safeguard
- D . Individual participation
What is a mistake organizations make when establishing privacy settings during the development of applications?
- A . Providing a user with too many choices.
- B . Failing to use "Do Not Trackג technology.
- C . Providing a user with too much third-party information.
- D . Failing to get explicit consent from a user on the use of cookies.
Which of the following suggests the greatest degree of transparency?
- A . A privacy disclosure statement clearly articulates general purposes for collection
- B . The data subject has multiple opportunities to opt-out after collection has occurred.
- C . A privacy notice accommodates broadly defned future collections for new products.
- D . After reading the privacy notice, a data subject confdently infers how her information will be used.