Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.

[Sep 30, 2021] Step by Step Guide to Prepare for CIPT Exam BrainDumps [Q54-Q76]

Share

Sep 30, 2021 Step by Step Guide to Prepare for CIPT Exam BrainDumps

Information Privacy Technologist CIPT Real Exam Questions and Answers FREE Updated on 2021

NEW QUESTION 54
What is the goal of privacy enhancing technologies (PETS) like multiparty computation and differential privacy?

  • A. To standardize privacy activities across organizational groups.
  • B. To protect sensitive data while maintaining its utility.
  • C. To protect the security perimeter and the data items themselves.
  • D. To facilitate audits of third party vendors.

Answer: B

Explanation:
Explanation/Reference: https://royalsociety.org/-/media/policy/projects/privacy-enhancing-technologies/privacy-report- summary.pdf

 

NEW QUESTION 55
SCENARIO
Please use the following to answer the next question:
Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client's office to perform an onsite review of the client's operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client's office. The car rental agreement was electronically signed by Chuck and included his name, address, driver's license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources' web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
What is the strongest method for authenticating Chuck's identity prior to allowing access to his violation information through the AMP Payment Resources web portal?

  • A. By requiring Chuck use the rental agreement number in combination with his email address.
  • B. By requiring Chuck to call AMP Payment Resources directly and provide his date of birth and home address.
  • C. By requiring Chuck use his credit card number in combination with the last 4 digits of his driver's license.
  • D. By requiring Chuck use the last 4 digits of his driver's license number in combination with a unique PIN provided within the violation notice.

Answer: B

 

NEW QUESTION 56
SCENARIO
WebTracker Limited is a cloud-based online marketing service located in London. Last year, WebTracker migrated its IT infrastructure to the cloud provider AmaZure, which provides SQL Databases and Artificial Intelligence services to WebTracker. The roles and responsibilities between the two companies have been formalized in a standard contract, which includes allocating the role of data controller to WebTracker.
The CEO of WebTracker, Mr. Bond, would like to assess the effectiveness of AmaZure's privacy controls, and he recently decided to hire you as an independent auditor. The scope of the engagement is limited only to the marketing services provided by WebTracker, you will not be evaluating any internal data processing activity, such as HR or Payroll.
This ad-hoc audit was triggered due to a future partnership between WebTracker and SmartHome - a partnership that will not require any data sharing. SmartHome is based in the USA, and most recently has dedicated substantial resources to developing smart refrigerators that can suggest the recommended daily calorie intake based on DNA information. This and other personal data is collected by WebTracker.
To get an idea of the scope of work involved, you have decided to start reviewing the company's documentation and interviewing key staff to understand potential privacy risks.
The results of this initial work include the following notes:
* There are several typos in the current privacy notice of WebTracker, and you were not able to find the privacy notice for SmartHome.
* You were unable to identify all the sub-processors working for SmartHome. No subcontractor is indicated in the cloud agreement with AmaZure, which is responsible for the support and maintenance of the cloud infrastructure.
* There are data flows representing personal data being collected from the internal employees of WebTracker, including an interface from the HR system.
* Part of the DNA data collected by WebTracker was from employees, as this was a prototype approved by the CEO of WebTracker.
* All the WebTracker and SmartHome customers are based in USA and Canada.
Based on the initial assessment and review of the available data flows, which of the following would be the most important privacy risk you should investigate first?

  • A. Review the list of subcontractors employed by AmaZure and ensure these are included in the formal agreement with WebTracker.
  • B. Confirm whether the data transfer from London to the USA has been fully approved by AmaZure and the appropriate institutions in the USA and the European Union.
  • C. Evaluate and review the basis for processing employees' personal data in the context of the prototype created by WebTracker and approved by the CEO.
  • D. Verify that WebTracker's HR and Payroll systems implement the current privacy notice (after the typos are fixed).

Answer: C

 

NEW QUESTION 57
Which is NOT a suitable method for assuring the quality of data collected by a third-party company?

  • A. Tracking changes to data through auditing.
  • B. Introducing erroneous data to see if its detected.
  • C. Verifying the accuracy of the data by contacting users.
  • D. Validating the company's data collection procedures.

Answer: C

 

NEW QUESTION 58
SCENARIO
You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen implements, visors and shields for computer screens, passport holders, gardening tools and lawn ornaments, and catalogs full of health and beauty products. The list seems endless. As the CEO likes to say, Ancillary offers, without doubt, the widest assortment of low-price consumer products from a single company anywhere.
Ancillary's operations are similarly diverse. The company originated with a team of sales consultants selling home and beauty products at small parties in the homes of customers, and this base business is still thriving. However, the company now sells online through retail sites designated for industries and demographics, sites such as "My Cool Ride" for automobile-related products or "Zoomer" for gear aimed toward young adults. The company organization includes a plethora of divisions, units and outrigger operations, as Ancillary has been built along a decentered model rewarding individual initiative and flexibility, while also acquiring key assets. The retail sites seem to all function differently, and you wonder about their compliance with regulations and industry standards. Providing tech support to these sites is also a challenge, partly due to a variety of logins and authentication protocols.
You have been asked to lead three important new projects at Ancillary:
The first is the personal data management and security component of a multi-faceted initiative to unify the company's culture. For this project, you are considering using a series of third- party servers to provide company data and approved applications to employees.
The second project involves providing point of sales technology for the home sales force, allowing them to move beyond paper checks and manual credit card imprinting.
Finally, you are charged with developing privacy protections for a single web store housing all the company's product lines as well as products from affiliates. This new omnibus site will be known, aptly, as "Under the Sun." The Director of Marketing wants the site not only to sell Ancillary's products, but to link to additional products from other retailers through paid advertisements. You need to brief the executive team of security concerns posed by this approach.
What technology is under consideration in the first project in this scenario?

  • A. MAC filtering
  • B. Cloud computing
  • C. Data on demand
  • D. Server driven controls.

Answer: D

 

NEW QUESTION 59
SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which data lifecycle phase needs the most attention at this Ontario medical center?

  • A. Disclosure
  • B. Use
  • C. Retention
  • D. Collection

Answer: C

 

NEW QUESTION 60
What is the main reason the Do Not Track (DNT) header is not acknowledged by more companies?

  • A. There is a lack of consensus about what the DNT header should mean.
  • B. Most web browsers incorporate the DNT feature.
  • C. The financial penalties for violating DNT guidelines are too high.
  • D. It has been difficult to solve the technological challenges surrounding DNT

Answer: A

 

NEW QUESTION 61
Which of these actions is NOT generally part of the responsibility of an IT or software engineer?

  • A. Providing feedback on privacy policies.
  • B. Building privacy controls into the organization's IT systems or software.
  • C. Certifying compliance with security and privacy law.
  • D. Implementing multi-factor authentication.

Answer: A

 

NEW QUESTION 62
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
* A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
* A resource facing web interface that enables resources to apply and manage their assigned jobs.
* An online payment facility for customers to pay for services.
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?

  • A. Involve the Information Security team to understand in more detail the types of services and solutions LeadOps is proposing.
  • B. Nothing at this stage as the Managing Director has made a decision.
  • C. Determine if any Clean-Q competitors currently use LeadOps as a solution.
  • D. Obtain a legal opinion from an external law firm on contracts management.

Answer: A

 

NEW QUESTION 63
SCENARIO
Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. "The old man hired and fired IT people like he was changing his necktie," one of Wilson's seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
For instance, while some proprietary data and personal information on clients and employees is encrypted, other sensitive information, including health information from surveillance testing of employees for toxic exposures, remains unencrypted, particularly when included within longer records with less-sensitive data.
You also find that data is scattered across applications, servers and facilities in a manner that at first glance seems almost random.
Among your preliminary findings of the condition of data at Lancelot are the following:
* Cloud technology is supplied by vendors around the world, including firms that you have not heard of.
You are told by a former Lancelot employee that these vendors operate with divergent security requirements and protocols.
* The company's proprietary recovery process for shale oil is stored on servers among a variety of less-sensitive information that can be accessed not only by scientists, but by personnel of all types at most company locations.
* DES is the strongest encryption algorithm currently used for any file.
* Several company facilities lack physical security controls, beyond visitor check-in, which familiar vendors often bypass.
* Fixing all of this will take work, but first you need to grasp the scope of the mess and formulate a plan of action to address it.
Which procedure should be employed to identify the types and locations of data held by Wesley Energy?

  • A. Privacy audit.
  • B. Data classification.
  • C. Data inventory.
  • D. Log collection

Answer: C

 

NEW QUESTION 64
What term describes two re-identifiable data sets that both come from the same unidentified individual?

  • A. Anonymous data.
  • B. Pseudonymous data.
  • C. Imprecise data.
  • D. Aggregated data.

Answer: A

 

NEW QUESTION 65
Which of the following functionalities can meet some of the General Data Protection Regulation's (GDPR's) Data Portability requirements for a social networking app designed for users in the EU?

  • A. Allow users to modify the data they provided the app.
  • B. Allow users to get a time-stamped list of what they have provided the app.
  • C. Allow users to delete the content they provided the app.
  • D. Allow users to download the content they have provided the app.

Answer: D

 

NEW QUESTION 66
What is true of providers of wireless technology?

  • A. They are typically exempt from data security regulations.
  • B. They routinely backup data that crosses their system.
  • C. They have the legal right in most countries to control and use any data on their systems.
  • D. They can see all unencrypted data that crosses the system.

Answer: C

 

NEW QUESTION 67
Which is the most accurate type of biometrics?

  • A. Voiceprint.
  • B. Facial recognition.
  • C. Fingerprint.
  • D. DNA

Answer: A

Explanation:
Explanation/Reference: https://www.bayometric.com/biometrics-face-finger-iris-palm-voice/

 

NEW QUESTION 68
What can be used to determine the type of data in storage without exposing its contents?

  • A. Data mapping.
  • B. Collection records.
  • C. Server logs.
  • D. Metadata.

Answer: D

 

NEW QUESTION 69
Which of the following suggests the greatest degree of transparency?

  • A. The data subject has multiple opportunities to opt-out after collection has occurred.
  • B. A privacy notice accommodates broadly defined future collections for new products.
  • C. A privacy disclosure statement clearly articulates general purposes for collection.
  • D. After reading the privacy notice, a data subject confidently infers how her information will be used.

Answer: C

 

NEW QUESTION 70
You are a wine collector who uses the web to do research about your hobby. You navigate to a news site and an ad for wine pops up. What kind of advertising is this?

  • A. Contextual.
  • B. Demographic.
  • C. Remnant.
  • D. Behavioral.

Answer: D

Explanation:
Explanation
Explanation/Reference: https://neilpatel.com/blog/behavioral-advertising/

 

NEW QUESTION 71
What has been found to undermine the public key infrastructure system?

  • A. Inability to track abandoned keys.
  • B. Browsers missing a copy of the certificate authority's public key.
  • C. Disreputable certificate authorities.
  • D. Man-in-the-middle attacks.

Answer: D

 

NEW QUESTION 72
What is the main benefit of using dummy data during software testing?

  • A. Statistical disclosure controls are applied to the data.
  • B. The data enables the suppression of particular values in a set.
  • C. Developers do not need special privacy training to test the software.
  • D. The data comes in a format convenient for testing.

Answer: C

 

NEW QUESTION 73
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in- house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
* A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
* A resource facing web interface that enables resources to apply and manage their assigned jobs.
* An online payment facility for customers to pay for services.
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?

  • A. Involve the Information Security team to understand in more detail the types of services and solutions LeadOps is proposing.
  • B. Nothing at this stage as the Managing Director has made a decision.
  • C. Determine if any Clean-Q competitors currently use LeadOps as a solution.
  • D. Obtain a legal opinion from an external law firm on contracts management.

Answer: A

 

NEW QUESTION 74
SCENARIO
It should be the most secure location housing data in all of Europe, if not the world. The Global Finance Data Collective (GFDC) stores financial information and other types of client data from large banks, insurance companies, multinational corporations and governmental agencies. After a long climb on a mountain road that leads only to the facility, you arrive at the security booth. Your credentials are checked and checked again by the guard to visually verify that you are the person pictured on your passport and national identification card.
You are led down a long corridor with server rooms on each side, secured by combination locks built into the doors. You climb a flight of stairs and are led into an office that is lighted brilliantly by skylights where the GFDC Director of Security, Dr. Monique Batch, greets you. On the far wall you notice a bank of video screens showing different rooms in the facility. At the far end, several screens show different sections of the road up the mountain Dr. Batch explains once again your mission. As a data security auditor and consultant, it is a dream assignment: The GFDC does not want simply adequate controls, but the best and most effective security that current technologies allow.
"We were hacked twice last year," Dr. Batch says, "and although only a small number of records were stolen, the bad press impacted our business. Our clients count on us to provide security that is nothing short of impenetrable and to do so quietly. We hope to never make the news again." She notes that it is also essential that the facility is in compliance with all relevant security regulations and standards.
You have been asked to verify compliance as well as to evaluate all current security controls and security measures, including data encryption methods, authentication controls and the safest methods for transferring data into and out of the facility. As you prepare to begin your analysis, you find yourself considering an intriguing question: Can these people be sure that I am who I say I am?
You are shown to the office made available to you and are provided with system login information, including the name of the wireless network and a wireless key. Still pondering, you attempt to pull up the facility's wireless network, but no networks appear in the wireless list. When you search for the wireless network by name, however it is readily found.
Why would you recommend that GFC use record encryption rather than disk, file or table encryption?

  • A. Record encryption is asymmetric, a stronger control measure.
  • B. Record encryption allows for encryption of personal data only.
  • C. Record encryption involves tag masking, so its metadata cannot be decrypted
  • D. Record encryption is granular, limiting the damage of potential breaches.

Answer: D

 

NEW QUESTION 75
Which of the following is NOT relevant to a user exercising their data portability rights?

  • A. Validation of users with unauthenticated identifiers (e.g. IP address, physical address).
  • B. Notice and consent for the downloading of data.
  • C. Re-authentication of an account, including two-factor authentication as appropriate.
  • D. Detection of phishing attacks against the portability interface.

Answer: A

 

NEW QUESTION 76
......

Ultimate Guide to Prepare CIPT Certification Exam for Information Privacy Technologist: https://www.actual4test.com/CIPT_examcollection.html

CIPT Ultimate Study Guide: https://drive.google.com/open?id=1igfXb5_kQear2ebH-pSuupQ4v5jpGBZG