CIPT exam

An organization has recently experienced a data breach where large amounts of personal data were compromised. As part of a post-incident review, the privacy technologist wants to analyze available data to understand what vulnerabilities may have contributed to the incident occurring. He learns that a key vulnerability had been flagged...

When writing security policies, the most important consideration is to?A . Require all employees to read and acknowledge their understanding. B. Ensure they are based on the organization's risk profile. C. Ensure they cover enough details for common situations. D. Follow industry best practices.View AnswerAnswer: B Explanation: the most important...

To meet data protection and privacy legal requirements that may require personal data to be disposed of or deleted when no longer necessary for the use it was collected, what is the best privacy-enhancing solution a privacy technologist should recommend be implemented in application design to meet this requirement?A ....

Which activity best supports the principle of data quality from a privacy perspective?A . Ensuring the data is classified. B. Protecting the data against unauthorized access. C. Ensuring the data is available for use. D. Protecting the data against unauthorized changes.View AnswerAnswer: D Explanation: protecting data against unauthorized changes best...

To comply with the Sarbanes-Oxley Act (SOX), public companies in the United States are required to annually report on the effectiveness of the auditing controls of their financial reporting systems. These controls must be implemented to prevent unauthorized use, disclosure, modification, and damage or loss of financial data. Why do...

A jurisdiction requiring an organization to place a link on the website that allows a consumer to opt-out of sharing is an example of what type of requirement?A . Functional B. Operational C. Technical D. Use caseView AnswerAnswer: B Explanation: a jurisdiction requiring an organization to place a link on...

Data oriented strategies Include which of the following?A . Minimize. Separate, Abstract, Hide. B. Inform, Control, Enforce, Demonstrate. C. Encryption, Hashing, Obfuscation, Randomization. D. Consent. Contract, Legal Obligation, Legitimate interests.View AnswerAnswer: A Explanation: data oriented strategies include minimizing the amount of personal data collected and processed (Minimize), separating personal data...

Users of a web-based email service have their accounts breached through compromised login credentials. Which possible consequences of the breach illustrate the two categories of Calo’s Harm Dimensions?A . Financial loss and blackmail. B. Financial loss and solicitation. C. Identity theft and embarrassment. D. Identity theft and the leaking of...

SCENARIO You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen...

A company seeking to hire engineers in Silicon Valley ran an ad campaign targeting women in a specific age range who live in the San Francisco Bay Area. Which Calo objective privacy harm is likely to result from this campaign?A . Lost opportunity. B. Economic loss. C. Loss of liberty....