IAPP Certified Information Privacy Technologist (CIPT) - CIPT Exam Practice Test
Question 1
Which of the following is NOT relevant to a user exercising their data portability rights?
Correct Answer: C
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 2
A company configures their information system to have the following capabilities:
Allow for selective disclosure of attributes to certain parties, but not to others.
Permit the sharing of attribute references instead of attribute values - such as "I am over 21" instead of birthday date.
Allow for information to be altered or deleted as needed.
These capabilities help to achieve which privacy engineering objective?
Allow for selective disclosure of attributes to certain parties, but not to others.
Permit the sharing of attribute references instead of attribute values - such as "I am over 21" instead of birthday date.
Allow for information to be altered or deleted as needed.
These capabilities help to achieve which privacy engineering objective?
Correct Answer: C
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 3
SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data- not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system?
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data- not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system?
Correct Answer: B
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 4
Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?
Correct Answer: D
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 5
How does k-anonymity help to protect privacy in micro data sets?
Correct Answer: C
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 6
Not updating software for a system that processes human resources data with the latest security patches may create what?
Correct Answer: D
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 7
Which of the following is an example of the privacy risks associated with the Internet of Things (loT)?
Correct Answer: C
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 8
What is the most important requirement to fulfill when transferring data out of an organization?
Correct Answer: A
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 9
Which of the following is considered a records management best practice?
Correct Answer: C
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 10
When designing a new system, which of the following is a privacy threat that the privacy technologist should consider?
Correct Answer: A
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
Question 11
Which of the following is NOT a workplace surveillance best practice?
Correct Answer: B
Explanation: Only visible for Actualtests4sure members. You can sign-up / login (it's free).
