IAPP CIPT Exam Practice Test Instant Access

Question 1

What is the name of an alternative technique to counter the reduction in use of third-party cookies, where web publishers may consider utilizing data cached by a browser and returned with a subsequent request from the same resource to track unique users?

AWeb beacon tracking.

BBrowser fingerprinting.

CEntity tagging.

DCanvas fingerprinting.

Answer : B

Browser fingerprinting is a technique used to track users by collecting information about their browser and device characteristics, which are then used to create a unique identifier. This technique can be employed as an alternative to third-party cookies and can track users across different sessions and sites.

Reference: IAPP CIPT Study Guide, 'Tracking Technologies,' which covers various methods of user tracking including cookies, web beacons, and browser fingerprinting.

Question 2

Which privacy engineering objective proposed by the US National Institute of Science and Technology (NIST) decreases privacy risk by ensuring that connections between individuals and their personal data are reduced?

ADisassoc lability

BManageability

CMinimization

DPredictability

Answer : A

Disassociability is one of the privacy engineering objectives proposed by the US National Institute of Science and Technology (NIST) that aims to reduce privacy risk by ensuring that connections between individuals and their personal data are minimized. This objective helps to protect individual privacy by making it more difficult to link personal data back to specific individuals, thereby reducing the risk of re-identification and misuse of personal information. (Reference: NIST Privacy Framework, Appendix D: Privacy Engineering Objectives)

Question 3

Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?

AUse Limitation

BData Minimization

CPurpose Limitation

DSecurity Safeguards

Answer : B

Truncating the last octet of an IP address because it is not needed is an example of the privacy principle of Data Minimization. This principle states that only the minimum amount of personal data necessary for the purpose should be collected and processed. By truncating the IP address, the data is reduced to the minimum needed, thus limiting the potential for privacy breaches and data misuse. (Reference: IAPP CIPT Study Guide, Chapter on Data Minimization and Retention)

Question 4

An organization needs to be able to manipulate highly sensitive personal information without revealing the contents of the data to the users. The organization should investigate the use of?

AAdvanced Encryption Standard (AES)

BHomomorphic encryption

CQuantum encryption

CPseudonymization

Answer : B

Homomorphic encryption allows an organization to manipulate highly sensitive personal information without revealing the contents of the data to the users. This encryption method enables computations to be performed on encrypted data, producing an encrypted result that, when decrypted, matches the result of operations performed on the plain data. This technique maintains data confidentiality while allowing for meaningful analysis and processing, as detailed in the IAPP's CIPT resources on advanced encryption techniques.

Question 5

SCENARIO

Please use the following to answer the next questions:

Your company is launching a new track and trace health app during the outbreak of a virus pandemic in the US. The developers claim the app is based on privacy by design because personal data collected was considered to ensure only necessary data is captured, users are presented with a privacy notice, and they are asked to give consent before data is shared. Users can update their consent after logging into an account, through a dedicated privacy and consent hub. This is accessible through the 'Settings' icon from any app page, then clicking 'My Preferences', and selecting 'Information Sharing and Consent' where the following choices are displayed:

* "I consent to receive notifications and infection alerts";

* "I consent to receive information on additional features or services, and new products";

* "I consent to sharing only my risk result and location information, for exposure and contact tracing purposes";

* "I consent to share my data for medical research purposes"; and

* "I consent to share my data with healthcare providers affiliated to the company".

For each choice, an ON* or OFF tab is available The default setting is ON for all

Users purchase a virus screening service for USS29 99 for themselves or others using the app The virus screening

service works as follows:

* Step 1 A photo of the user's face is taken.

* Step 2 The user measures their temperature and adds the reading in the app

* Step 3 The user is asked to read sentences so that a voice analysis can detect symptoms

* Step 4 The user is asked to answer questions on known symptoms

* Step 5 The user can input information on family members (name date of birth, citizenship, home address, phone number, email and relationship).)

The results are displayed as one of the following risk status "Low. "Medium" or "High" if the user is deemed at "Medium " or "High" risk an alert may be sent to other users and the user is Invited to seek a medical consultation and diagnostic from a healthcare provider.

A user's risk status also feeds a world map for contact tracing purposes, where users are able to check if they have been or are in dose proximity of an infected person If a user has come in contact with another individual classified as "medium' or 'high' risk an instant notification also alerts the user of this. The app collects location trails of every user to monitor locations visited by an infected individual Location is collected using the phone's GPS functionary, whether the app is in use or not however, the exact location of the user is "blurred' for privacy reasons Users can only see on the map circles

What is likely to be the biggest privacy concern with the current 'Information Sharing and Consent' page?

AThe ON or OFF default setting for each item.

BThe navigation needed in the app to get to the consent page.

CThe option to consent to receive potential marketing information.

DThe information sharing with healthcare providers affiliated with the company.

Answer : A

The biggest privacy concern with the current 'Information Sharing and Consent' page is that all consent options are set to ON by default. According to privacy by design principles and data protection regulations, such as the General Data Protection Regulation (GDPR), consent should be freely given, specific, informed, and unambiguous. Pre-ticked boxes do not constitute valid consent because they do not provide a clear affirmative action from the user. The default ON setting could lead to unintentional data sharing and potential privacy breaches, making this a significant concern. (Reference: IAPP CIPT Study Guide, Chapter on Privacy by Design and Default)

Question 6

An organization is deciding between building a solution in-house versus purchasing a solution for a new customer facing application. When security threat are taken into consideration, a key advantage of purchasing a solution would be the availability of?

AOutsourcing.

BPersistent VPN.

CPatching and updates.

DDigital Rights Management.

Answer : C

When an organization considers whether to build a solution in-house or purchase it, one key advantage of purchasing a solution is the availability of regular patching and updates. Purchased solutions typically come with vendor support that includes security patches and updates. This ensures that the software remains protected against newly discovered vulnerabilities and threats. In contrast, in-house solutions require the organization to manage and implement these patches and updates on their own, which can be resource-intensive and may lead to delays in addressing security threats. (Reference: IAPP CIPT Study Guide, Chapter on Security Controls and Enhancements)

Question 7

Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

APhishing emails.

BDenial of service.

CBrute-force attacks.

DSocial engineering.

Answer : D

Social engineering, as mentioned in option D, can bypass even the best physical and logical security mechanisms to gain access to a system. Social engineering exploits human psychology to manipulate individuals into divulging confidential information or performing actions that compromise security. This technique is recognized as a significant security threat in the IAPP's CIPT materials, where it is discussed in the context of both physical and cybersecurity threats, emphasizing the importance of comprehensive security awareness training.

IAPP CIPT Certified Information Privacy Technologist Exam Practice Test