IAPP CIPT Practice Exam Questions

IAPP CIPT Sample Question Answers

Question # 1

How should the sharing of information within an organization be documented?

A. With a binding contract. 
B. With a data flow diagram. 
C. With a disclosure statement. 
D. With a memorandum of agreement. 

Show Answer

Question # 2

What risk is mitigated when routing video traffic through a company’s application servers,rather than sending the video traffic directly from one user to another?

A. The user is protected against phishing attacks. 
B. The user’s identity is protected from the other user. 
C. The user’s approximate physical location is hidden from the other user. 
D. The user is assured that stronger authentication methods have been used. 

Show Answer

Question # 3

During a transport layer security (TLS) session, what happens immediately after the webbrowser creates a random PreMasterSecret?

A. The server decrypts the PremasterSecret. 
B. The web browser opens a TLS connection to the PremasterSecret. 
C. The web browser encrypts the PremasterSecret with the server's public key. 
D. The server and client use the same algorithm to convert the PremasterSecret into anencryption key. 

Show Answer

Question # 4

SCENARIOCarol was a U.S.-based glassmaker who sold her work at art festivals. She kept thingssimple by only accepting cash and personal checks.As business grew, Carol couldn't keep up with demand, and traveling to festivals becameburdensome. Carol opened a small boutique and hired Sam to run it while she worked inthe studio. Sam was a natural salesperson, and business doubled. Carol told Sam, “I don'tknow what you are doing, but keep doing it!"But months later, the gift shop was in chaos. Carol realized that Sam needed help so shehired Jane, who had business expertise and could handle the back-office tasks. Sam wouldcontinue to focus on sales. Carol gave Jane a few weeks to get acquainted with the artisancraft business, and then scheduled a meeting for the three of them to discuss Jane's firstimpressions.At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared forwhat Jane had to say. “Carol, I know that he doesn't realize it, but some of Sam’s efforts toincrease sales have put you in a vulnerable position. You are not protecting customers’personal information like you should.”Sam said, “I am protecting our information. I keep it in the safe with our bank deposit. It'sonly a list of customers’ names, addresses and phone numbers that I get from their checksbefore I deposit them. I contact them when you finish a piece that I think they would like.That's the only information I have! The only other thing I do is post photos and informationabout your work on the photo sharing site that I use with family and friends. I provide myemail address and people send me their information if they want to see more of your work.Posting online really helps sales, Carol. In fact, the only complaint I hear is about having tocome into the shop to make a purchase.”Carol replied, “Jane, that doesn’t sound so bad. Could you just fix things and help us topost even more online?"‘I can," said Jane. “But it's not quite that simple. I need to set up a new program to makesure that we follow the best practices in data management. And I am concerned for ourcustomers. They should be able to manage how we use their personal information. Wealso should develop a social media strategy.”Sam and Jane worked hard during the following year. One of the decisions they made wasto contract with an outside vendor to manage online sales. At the end of the year, Carolshared some exciting news. “Sam and Jane, you have done such a great job that one ofthe biggest names in the glass business wants to buy us out! And Jane, they want to talk toyou about merging all of our customer and vendor information with theirs beforehand."When initially collecting personal information from customers, what should Jane be guidedby?

A. Onward transfer rules. 
B. Digital rights management. 
C. Data minimization principles. 
D. Vendor management principles 

Show Answer

Question # 5

SCENARIOPlease use the following to answer next question:EnsureClaim is developing a mobile app platform for managing data used for assessing caraccident insurance claims. Individuals use the app to take pictures at the crash site,eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hostingprovider to store data collected by the app. EnsureClaim customer service employees alsoreceive and review app data before sharing with insurance claim adjusters.The app collects the following information:First and last nameDate of birth (DOB)Mailing addressEmail addressCar VIN numberCar modelLicense plateInsurance card numberPhotoVehicle diagnosticsGeolocationWhat IT architecture would be most appropriate for this mobile platform?

A. Peer-to-peer architecture. 
B. Client-server architecture. 
C. Plug-in-based architecture. 
D. Service-oriented architecture. 

Show Answer

Question # 6

What must be used in conjunction with disk encryption?

A. Increased CPU speed. 
B. A strong password. 
C. A digital signature. 
D. Export controls. 

Show Answer

Question # 7

Which of the following are the mandatory pieces of information to be included in thedocumentation of records of processing activities for an organization that processespersonal data on behalf of another organization?

A. Copies of the consent forms from each data subject. 
B. Time limits for erasure of different categories of data. 
C. Contact details of the processor and Data Protection Offer (DPO). 
D. Descriptions of the processing activities and relevant data subjects. 

Show Answer

Question # 8

SCENARIOYou have just been hired by Ancillary.com, a seller of accessories for everything under thesun, including waterproof stickers for pool floats and decorative bands and cases forsunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hangingair fresheners for homes and automobiles, book ends, kitchen implements, visors andshields for computer screens, passport holders, gardening tools and lawn ornaments, andcatalogs full of health and beauty products. The list seems endless. As the CEO likes tosay, Ancillary offers, without doubt, the widest assortment of low-price consumer productsfrom a single company anywhere.Ancillary's operations are similarly diverse. The company originated with a team of salesconsultants selling home and beauty products at small parties in the homes of customers,and this base business is still thriving. However, the company now sells online throughretail sites designated for industries and demographics, sites such as “My Cool Ride" forautomobile-related products or “Zoomer” for gear aimed toward young adults. Thecompany organization includes a plethora of divisions, units and outrigger operations, asAncillary has been built along a decentered model rewarding individual initiative andflexibility, while also acquiring key assets. The retail sites seem to all function differently,and you wonder about their compliance with regulations and industry standards. Providingtech support to these sites is also a challenge, partly due to a variety of logins andauthentication protocols.You have been asked to lead three important new projects at Ancillary:The first is the personal data management and security component of a multi-facetedinitiative to unify the company’s culture. For this project, you are considering using a seriesof third- party servers to provide company data and approved applications to employees.The second project involves providing point of sales technology for the home sales force,allowing them to move beyond paper checks and manual credit card imprinting.Finally, you are charged with developing privacy protections for a single web store housingall the company’s product lines as well as products from affiliates. This new omnibus sitewill be known, aptly, as “Under the Sun.” The Director of Marketing wants the site not onlyto sell Ancillary’s products, but to link to additional products from other retailers throughpaid advertisements. You need to brief the executive team of security concerns posed bythis approach.Which should be used to allow the home sales force to accept payments usingsmartphones?

A. Field transfer protocol. 
B. Cross-current translation. 
C. Near-field communication 
D. Radio Frequency Identification 

Show Answer

Question # 9

In order to prevent others from identifying an individual within a data set, privacy engineersuse a cryptographically-secure hashing algorithm. Use of hashes in this way illustrates theprivacy tactic known as what?

A. Isolation. 
B. Obfuscation. 
C. Perturbation. 
D. Stripping. 

Show Answer

Question # 10

Which of the following entities would most likely be exempt from complying with theGeneral Data Protection Regulation (GDPR)?

A. A South American company that regularly collects European customers’ personal data. 
B. A company that stores all customer data in Australia and is headquartered in aEuropean Union (EU) member state. 
C. A Chinese company that has opened a satellite office in a European Union (EU)member state to service European customers. 
D. A North American company servicing customers in South Africa that uses a cloudstorage system made by a European company. 

Show Answer