IAPP CIPT 시험

Question No : 1

Why is first-party web tracking very difficult to prevent?

• A.The available tools to block tracking would break most sites’ functionality.
• B.Consumers enjoy the many benefits they receive from targeted advertising.
• C.Regulatory frameworks are not concerned with web tracking.
• D.Most browsers do not support automatic blocking.

답을 확인하기

정답:
Explanation:
Reference: https://www.opentracker.net/article/third-party-cookies-vs-first-party-cookies

Question No : 2

What is the most important requirement to fulfill when transferring data out of an organization?

• A.Ensuring the organization sending the data controls how the data is tagged by the receiver.
• B.Ensuring the organization receiving the data performs a privacy impact assessment.
• C.Ensuring the commitments made to the data owner are followed.
• D.Extending the data retention schedule as needed.

답을 확인하기

정답:

Question No : 3

In day to day interactions with technology, consumers are presented with privacy choices .
Which of the following best represents the Privacy by Design (PbD) methodology of letting the user choose a non-zero-sum choice?

• A.Using images, words, and contexts to elicit positive feelings that result in proactive behavior, thus eliminating negativity and biases.
• B.Providing plain-language design choices that elicit privacy-related responses, helping users avoid errors and minimize the negative consequences of errors when they do occur.
• C.Displaying the percentage of users that chose a particular option, thus enabling the user to choose the most preferred option.
• D.Using contexts, antecedent events, and other priming concepts to assist the user in making a better privacy choice.

답을 확인하기

정답:

Question No : 4

A vendor has been collecting data under an old contract, not aligned with the practices of the organization.
Which is the preferred response?

• A.Destroy the data
• B.Update the contract to bring the vendor into alignment.
• C.Continue the terms of the existing contract until it expires.
• D.Terminate the contract and begin a vendor selection process.

답을 확인하기

정답:

Question No : 5

Which of the following is a vulnerability of a sensitive biometrics authentication system?

• A.False positives.
• B.False negatives.
• C.Slow recognition speeds.
• D.Theft of finely individualized personal data.

답을 확인하기

정답:

Question No : 6

Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?

• A.Individual participation.
• B.Purpose specification.
• C.Collection limitation.
• D.Accountability.

답을 확인하기

정답:
Explanation:
Reference: http://oecdprivacy.org

Question No : 7

A key principle of an effective privacy policy is that it should be?

• A.Written in enough detail to cover the majority of likely scenarios.
• B.Made general enough to maximize flexibility in its application.
• C.Presented with external parties as the intended audience.
• D.Designed primarily by the organization's lawyers.

답을 확인하기

정답:

Question No : 8

Which is likely to reduce the types of access controls needed within an organization?

• A.Decentralization of data.
• B.Regular data inventories.
• C.Standardization of technology.
• D.Increased number of remote employees.

답을 확인하기

정답:

Question No : 9

What term describes two re-identifiable data sets that both come from the same unidentified individual?

• A.Pseudonymous data.
• B.Anonymous data.
• C.Aggregated data.
• D.Imprecise data.

답을 확인하기

정답:
Explanation:
Reference: https://ico.org.uk/media/1061/anonymisation-code.pdf

Question No : 10

After committing to a Privacy by Design program, which activity should take place first?

• A.Create a privacy standard that applies to all projects and services.
• B.Establish a retention policy for all data being collected.
• C.Implement easy to use privacy settings for users.
• D.Perform privacy reviews on new projects.

답을 확인하기

정답:

Question No : 11

What Privacy by Design (PbD) element should include a de-identification or deletion plan?

• A.Categorization.
• B.Remediation.
• C.Retention.
• D.Security

답을 확인하기

정답:

Question No : 12

What was the first privacy framework to be developed?

• A.OECD Privacy Principles.
• B.Generally Accepted Privacy Principles.
• C.Code of Fair Information Practice Principles (FIPPs).
• D.The Asia-Pacific Economic Cooperation (APEC) Privacy Framework.

답을 확인하기

정답:
Explanation:
Reference: http://oecdprivacy.org

Question No : 13

What would be an example of an organization transferring the risks associated with a data breach?

• A.Using a third-party service to process credit card transactions.
• B.Encrypting sensitive personal data during collection and storage
• C.Purchasing insurance to cover the organization in case of a breach.
• D.Applying industry standard data handling practices to the organization’ practices.

답을 확인하기

정답:
Explanation:
Reference: http://www.hpso.com/Documents/pdfs/newsletters/firm09-rehabv1.pdf

Question No : 14

An organization based in California, USA is implementing a new online helpdesk solution for recording customer call information. The organization considers the capture of personal data on the online helpdesk solution to be in the interest of the company in best servicing customer calls.
Before implementation, a privacy technologist should conduct which of the following?

• A.A Data Protection Impact Assessment (DPIA) and consultation with the appropriate regulator to ensure legal compliance.
• B.A privacy risk and impact assessment to evaluate potential risks from the proposed processing operations.
• C.A Legitimate Interest Assessment (LIA) to ensure that the processing is proportionate and does not override the privacy, rights and freedoms of the customers.
• D.A security assessment of the help desk solution and provider to assess if the technology was developed with a security by design approach.

답을 확인하기

정답:

Question No : 15

SCENARIO
Please use the following to answer the next question:
Chuck, a compliance auditor for a consulting firm focusing on healthcare clients, was required to travel to the client’s office to perform an onsite review of the client’s operations. He rented a car from Finley Motors upon arrival at the airport as so he could commute to and from the client’s office. The car rental agreement was electronically signed by Chuck and included his name, address, driver’s license, make/model of the car, billing rate, and additional details describing the rental transaction. On the second night, Chuck was caught by a red light camera not stopping at an intersection on his way to dinner. Chuck returned the car back to the car rental agency at the end week without mentioning the infraction and Finley Motors emailed a copy of the final receipt to the address on file.
Local law enforcement later reviewed the red light camera footage. As Finley Motors is the registered owner of the car, a notice was sent to them indicating the infraction and fine incurred. This notice included the license plate number, occurrence date and time, a photograph of the driver, and a web portal link to a video clip of the violation for further review. Finley Motors, however, was not responsible for the violation as they were not driving the car at the time and transferred the incident to AMP Payment Resources for further review. AMP Payment Resources identified Chuck as the driver based on the rental agreement he signed when picking up the car and then contacted Chuck directly through a written letter regarding the infraction to collect the fine.
After reviewing the incident through the AMP Payment Resources’ web portal, Chuck paid the fine using his personal credit card. Two weeks later, Finley Motors sent Chuck an email promotion offering 10% off a future rental.
What is the most secure method Finley Motors should use to transmit Chuck’s information to AMP Payment Resources?

• A.Cloud file transfer services.
• B.Certificate Authority (CA).
• C.HyperText Transfer Protocol (HTTP).
• D.Transport Layer Security (TLS).

답을 확인하기

정답: