What is an example of a just-in-time notice?
A. A warning that a website may be unsafe.
B. A full organizational privacy notice publicly available on a website
C. A credit card company calling a user to verify a purchase before itis authorized
D. Privacy information given to a user when he attempts to comment on an online article.
Which of these actions is NOT generally part of the responsibility of an IT or software engineer?
A. Providing feedback on privacy policies.
B. Implementing multi-factor authentication.
C. Certifying compliance with security and privacy law.
D. Building privacy controls into the organization's IT systems or software.
A BaaS provider backs up the corporate data and stores it in an outsider provider under contract with the organization. A researcher notifies the organization that he found unsecured data in the cloud. The organization looked into the issue and realized one of its backups was misconfigured on the outside provider's cloud and the data fully exposed to the open internet. They quickly secured the backup. Which is the best next step the organization should take?
A. Review the content of the data exposed.
B. Review its contract with the outside provider.
C. Investigate how the researcher discovered the unsecured data.
D. Investigate using alternate BaaS providers or on-premise backup systems.
SCENARIO
It should be the most secure location housing data in all of Europe, if not the world. The Global Finance Data Collective (GFDC) stores financial information and other types of client data from large banks, insurance companies, multinational corporations and governmental agencies. After a long climb on a mountain road that leads only to the facility, you arrive at the security booth. Your credentials are checked and checked again by the guard to visually verify that you are the person pictured on your passport and national identification card. You are led down a long corridor with server rooms on each side, secured by combination locks built into the doors. You climb a flight of stairs and are led into an office that is lighted brilliantly by skylights where the GFDC Director of Security, Dr. Monique Batch, greets you. On the far wall you notice a bank of video screens showing different rooms in the facility. At the far end, several screens show different sections of the road up the mountain
Dr. Batch explains once again your mission. As a data security auditor and consultant, it is a dream assignment: The GFDC does not want simply adequate controls, but the best and most effective security that current technologies allow.
"We were hacked twice last year," Dr. Batch says, "and although only a small number of records were stolen, the bad press impacted our business. Our clients count on us to provide security that is nothing short of impenetrable and to do so quietly. We hope to never make the news again." She notes that it is also essential that the facility is in compliance with all relevant security regulations and standards.
You have been asked to verify compliance as well as to evaluate all current security controls and security measures, including data encryption methods, authentication controls and the safest methods for transferring data into and out of the facility. As you prepare to begin your analysis, you find yourself considering an intriguing question: Can these people be sure that I am who I say I am?
You are shown to the office made available to you and are provided with system login information, including the name of the wireless network and a wireless key. Still pondering, you attempt to pull up the facility's wireless network, but no networks appear in the wireless list. When you search for the wireless network by name, however it is readily found.
Why would you recommend that GFC use record encryption rather than disk, file or table encryption?
A. Record encryption is asymmetric, a stronger control measure.
B. Record encryption is granular, limiting the damage of potential breaches.
C. Record encryption involves tag masking, so its metadata cannot be decrypted
D. Record encryption allows for encryption of personal data only.
An organization is reliant on temporary contractors for performing data analytics and they require access to personal data via software-as-a-service to perform their job. When the temporary contractor completes their work assignment, what woul^.be the most effective way to safeguard privacy and access to personal data when they leave?
A. Set a system-based expiry that requires management reauthorization for online access for accounts that have been active more than 6 months.
B. Establish a predetermined automatic account expiration date based on contract timescales.
C. Require temporary contractors to sign a non-disclosure agreement, security acceptable use policy, and online access authorizations by hiring managers.
D. Mandate hiring managers to email IT or Security team when the contractor leaves.
Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifiable information from a student's educational record requires written permission from the parent or eligible student in order for information to be?
A. Released to a prospective employer.
B. Released to schools to which a student is transferring.
C. Released to specific individuals for audit or evaluation purposes.
D. Released in response to a judicial order or lawfully ordered subpoena.
of the following best describes a network threat model and Its uses?
A. It Is used in software development to detect programming errors. .
B. It is a risk-based model used to calculate the probabilities of risks identified during vulnerability tests.
C. It helps assess the probability, the potential harm, and the priority of attacks to help minimize or eradicate the threats.
D. It combines the results of vulnerability and penetration tests to provide useful insights into the network's overall threat and security posture.
Which of the following modes of interaction often target both people who personally know and are strangers to the attacker?
A. Spam.
B. Phishing.
C. Unsolicited sexual imagery.
D. Consensually-shared sexual imagery.
Which of the following is a vulnerability of a sensitive biometrics authentication system?
A. False positives.
B. False negatives.
C. Slow recognition speeds.
D. Theft of finely individualized personal data.
An individual drives to the grocery store for dinner. When she arrives at the store, she receives several unsolicited notifications on her phone about discounts on items at the grocery store she is about to shop at. Which type of privacy problem does the represent?
A. Intrusion.
B. Surveillance.
C. Decisional Interference.
D. Exposure.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPT exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.