SCENARIO
Tom looked forward to starting his new position with a U.S --based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company). Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below.
Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.
Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.
Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.
When employees are working remotely, they usually connect to a Wi-Fi network. What should Harry advise for maintaining company security in this situation?
A. Hiding wireless service set identifiers (SSID).
B. Retaining the password assigned by the network.
C. Employing Wired Equivalent Privacy (WEP) encryption.
D. Using tokens sent through HTTP sites to verify user identity.
After stringent testing an organization has launched a new web-facing ordering system for its consumer medical products. As the medical products could provide indicators of health conditions, the organization could further strengthen its privacy controls by deploying?
A. Run time behavior monitoring.
B. A content delivery network.
C. Context aware computing.
D. Differential identifiability.
What term describes two re-identifiable data sets that both come from the same unidentified individual?
A. Pseudonymous data.
B. Anonymous data.
C. Aggregated data.
D. Imprecise data.
Which of the following statements best describes the relationship between privacy and security?
A. Security systems can be used to enforce compliance with privacy policies.
B. Privacy and security are independent; organizations must decide which should by emphasized.
C. Privacy restricts access to personal information; security regulates how information should be used.
D. Privacy protects data from being viewed during collection and security governs how collected data should be shared.
A clinical research organization is processing highly sensitive personal data, including numerical attributes, from medical trial results. The organization needs to manipulate the data without revealing the contents to data users. This can be achieved by utilizing?
A. k-anonymity.
B. Microdata sets.
C. Polymorphic encryption.
D. Homomorphic encryption.
Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?
A. Individual participation.
B. Purpose specification.
C. Collection limitation.
D. Accountability.
A key principle of an effective privacy policy is that it should be?
A. Written in enough detail to cover the majority of likely scenarios.
B. Made general enough to maximize flexibility in its application.
C. Presented with external parties as the intended audience.
D. Designed primarily by the organization's lawyers.
An organization needs to be able to manipulate highly sensitive personal information without revealing the contents of the data to the users. The organization should investigate the use of?
A. Advanced Encryption Standard (AES)
B. Homomorphic encryption
C. Quantum encryption
D. Pseudonymization
During a transport layer security (TLS) session, what happens immediately after the web browser creates a random PreMasterSecret?
A. The server decrypts the PremasterSecret.
B. The web browser opens a TLS connection to the PremasterSecret.
C. The web browser encrypts the PremasterSecret with the server's public key.
D. The server and client use the same algorithm to convert the PremasterSecret into an encryption key.
Which of the following statements is true regarding software notifications and agreements?
A. Website visitors must view the site's privacy statement before downloading software.
B. Software agreements are designed to be brief, while notifications provide more details.
C. It is a good practice to provide users with information about privacy prior to software installation.
D. "Just in time" software agreement notifications provide users with a final opportunity to modify the agreement.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.