IAPP CIPT Certified Information Privacy Technologist Online Training
IAPP CIPT Online Training
The questions for CIPT were last updated at Nov 26,2024.
- Exam Code: CIPT
- Exam Name: Certified Information Privacy Technologist
- Certification Provider: IAPP
- Latest update: Nov 26,2024
Which of the following is considered a records management best practice?
- A . Archiving expired data records and fles.
- B . Storing decryption keys with their associated backup systems.
- C . Implementing consistent handling practices across all record types.
- D . Using classifcation to determine access rules and retention policy.
Which of the following provides a mechanism that allows an end-user to use a single sign-on (SSO) for multiple services?
- A . The Open ID Federation.
- B . PCI Data Security Standards Council
- C . International Organization for Standardization.
- D . Personal Information Protection and Electronic Documents Act.
A user who owns a resource wants to give other individuals access to the resource.
What control would apply?
- A . Mandatory access control.
- B . Role-based access controls.
- C . Discretionary access control.
- D . Context of authority controls.
What is the potential advantage of homomorphic encryption?
- A . Encrypted information can be analyzed without decrypting it frst.
- B . Ciphertext size decreases as the security level increases.
- C . It allows greater security and faster processing times.
- D . It makes data impenetrable to attacks.
What has been found to undermine the public key infrastructure system?
- A . Man-in-the-middle attacks.
- B . Inability to track abandoned keys.
- C . Disreputable certifcate authorities.
- D . Browsers missing a copy of the certifcate authority’s public key.
SCENARIO
Wesley Energy has fnally made its move, acquiring the venerable oil and gas exploration frm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson’s quirky nature affected even Lancelot’s data practices, which are maddeningly inconsistent. `The old man hired and fred IT people like he was changing his necktie,` one of Wilson’s seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
For instance, while some proprietary data and personal information on clients and employees is encrypted, other sensitive information, including health information from surveillance testing of employees for toxic exposures, remains unencrypted, particularly when included within longer records with less-sensitive data. You also fnd that data is scattered across applications, servers and facilities in a manner that at frst glance seems almost random.
Among your preliminary fndings of the condition of data at Lancelot are the following:
✑ Cloud technology is supplied by vendors around the world, including frms that you have not heard of. You are told by a former Lancelot employee that these vendors operate with divergent security requirements and protocols.
✑ The company’s proprietary recovery process for shale oil is stored on servers among a variety of less-sensitive information that can be accessed not only by scientists, but by personnel of all types at most company locations.
✑ DES is the strongest encryption algorithm currently used for any fle.
✑ Several company facilities lack physical security controls, beyond visitor check-in, which familiar vendors often bypass.
✑ Fixing all of this will take work, but frst you need to grasp the scope of the mess and formulate a plan of action to address it.
Which is true regarding the type of encryption Lancelot uses?
- A . It employs the data scrambling technique known as obfuscation.
- B . Its decryption key is derived from its encryption key.
- C . It uses a single key for encryption and decryption.
- D . It is a data masking methodology.
SCENARIO
Wesley Energy has fnally made its move, acquiring the venerable oil and gas exploration frm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson’s quirky nature affected even Lancelot’s data practices, which are maddeningly inconsistent. `The old man hired and fred IT people like he was changing his necktie,` one of Wilson’s seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
For instance, while some proprietary data and personal information on clients and employees is encrypted, other sensitive information, including health information from surveillance testing of employees for toxic exposures, remains unencrypted, particularly when included within longer records with less-sensitive data. You also fnd that data is scattered across applications, servers and facilities in a manner that at frst glance seems almost random.
Among your preliminary fndings of the condition of data at Lancelot are the following:
✑ Cloud technology is supplied by vendors around the world, including frms that you have not heard of. You are told by a former Lancelot employee that these vendors operate with divergent security requirements and protocols.
✑ The company’s proprietary recovery process for shale oil is stored on servers among a variety of less-sensitive information that can be accessed not only by scientists, but by personnel of all types at most company locations.
✑ DES is the strongest encryption algorithm currently used for any fle.
✑ Several company facilities lack physical security controls, beyond visitor check-in, which familiar vendors often bypass.
✑ Fixing all of this will take work, but frst you need to grasp the scope of the mess and formulate a plan of action to address it.
Which procedure should be employed to identify the types and locations of data held by Wesley Energy?
- A . Privacy audit.
- B . Log collection
- C . Data inventory.
- D . Data classifcation.
A credit card with the last few numbers visible is an example of what?
- A . Masking data
- B . Synthetic data
- C . Sighting controls.
- D . Partial encryption
What is an example of a just-in-time notice?
- A . A warning that a website may be unsafe.
- B . A full organizational privacy notice publicly available on a website
- C . A credit card company calling a user to verify a purchase before it is authorized
- D . Privacy information given to a user when he attempts to comment on an online article.
A vendor has been collecting data under an old contract, not aligned with the practices of the organization.
Which is the preferred response?
- A . Destroy the data
- B . Update the contract to bring the vendor into alignment.
- C . Continue the terms of the existing contract until it expires.
- D . Terminate the contract and begin a vendor selection process.