- All Exams Instant Download
Which of the following would best explain why the retailer’s consumer data was still exfiltrated?
Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack. Which...
Which procedure should be employed to identify the types and locations of data held by Wesley Energy?
SCENARIO Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. “The old...
Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?
Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?A . Use Limitation B. Data Minimization C. Purpose Limitation D. Security SafeguardsView AnswerAnswer: B Explanation: truncating the last octet of an IP address because it is not needed is an...
Which data practice is Barney most likely focused on improving?
SCENARIO Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's...
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?A . Conducting privacy threat modeling for the use-case. B. Following secure and privacy coding standards in the development. C. Developing data flow modeling to identify sources and destinations of sensitive data. D....
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago?
SCENARIO Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive...
What type of risk response does this notice and consent represent?
Organizations understand there are aggregation risks associated with the way the process their customer’s data. They typically include the details of this aggregation risk in a privacy notice and ask that all customers acknowledge they understand these risks and consent to the processing. What type of risk response does this...
Which of the following is likely to be the most important issue with the choices presented in the 'Information Sharing and Consent' pages?
SCENARIO Please use the following to answer the next questions: Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure...
Which is true regarding the type of encryption Lancelot uses?
SCENARIO Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. “The old...
What is the main benefit of using dummy data during software testing?
What is the main benefit of using dummy data during software testing?A . The data comes in a format convenient for testing. B. Statistical disclosure controls are applied to the data. C. The data enables the suppression of particular values in a set. D. Developers do not need special privacy...
