Value Sensitive Design (VSD) focuses on which of the following?
A. Quality and benefit.
B. Ethics and morality.
C. Principles and standards.
D. Privacy and human rights.
What tactic does pharming use to achieve its goal?
A. It modifies the user's Hosts file.
B. It encrypts files on a user's computer.
C. It creates a false display advertisement.
D. It generates a malicious instant message.
A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the
following data capture fields:
company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.
After her review, the privacy engineer recommends setting certain capture fields as "non- mandatory". Setting which of the following fields as "non-mandatory" would be the best example of the principle of data minimization?
A. The contact phone number field.
B. The company address and name.
C. The contact name and email address.
D. The company bank account detail field.
SCENARIO
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
1.
First and last name
2.
Date of birth (DOB)
3.
Mailing address
4.
Email address
5.
Car VIN number
6.
Car model
7.
License plate
8.
Insurance card number
9.
Photo 10.Vehicle diagnostics 11.Geolocation
What IT architecture would be most appropriate for this mobile platform?
A. Peer-to-peer architecture.
B. Client-server architecture.
C. Plug-in-based architecture.
D. Service-oriented architecture.
A sensitive biometrics authentication system is particularly susceptible to?
A. False positives.
B. False negatives.
C. Slow recognition speeds.
D. Theft of finely individualized personal data.
Which of the following is the best action to apply to personally identifiable data when the retention period ends?
A. Hashing
B. Pseudonymization
C. Tagging.
D. Deletion
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.
LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
What is the best way to minimize the potential harms from a data breach?
A. Dissociate the patient health data from the personal data
B. Employ Multi-Factor Authentication (MFA) to access the app
C. Exclude the collection of personal information from the health record
D. Ensure that all files collected by the app and stored on the device are password-protected
Failing to update software for a system that processes human resources data with the latest security patches may create what?
A. Privacy vulnerabilities
B. Data integrity issues
C. Increased threat sources
D. Data breaches
Which of the following is NOT a mechanism to de-identify data?
A. Aggregation
B. Interpolation
C. Obfuscation
D. Truncation
An organization has completed the acquisition of a smaller rival in a different but related industry. The acquisition was approved by the regulator on the condition that the personal data sets may not be combined. A way of achieving this objective is through?
A. Ciphertext
B. Disassociability
C. k-anonymity
D. Pseudonymization
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.