CIPT by IAPP Actual Free Exam Questions And Answers

Question 1

What must be done to destroy data stored on "write once read many" (WORM) media?

A. The media must be physically destroyed.

B. The data must be made inaccessible by encryption.

C. The erase function must be used to remove all data.

D. The media must be reformatted.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 2

Which Organization for Economic Co-operation and Development (OECD) privacy protection principle encourages an organization to obtain an individual s consent before transferring personal information?

A. Purpose specification.

B. Accountability.

C. Individual participation.

D. Collection limitation.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 3

A manufacturer has selected a vendor to develop a cloud-based worker health and safety application. Prior to signing a contract, the manufacturer's privacy technologist has been engaged to advise management on the operational effectiveness of the vendor's privacy controls. Which document would most likely contain an independent view of the operating effectiveness of the vendor's privacy controls?

A. A System and Organization Controls (SOC) 2 Type 2 Report.

B. The vendor's annual internal audit report.

C. An external penetration test attestation report.

D. The privacy controls addendum of the vendor's contract.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 4

An organization is launching a new smart speaker to the market. The device will have the capability to play music and provide news and weather updates. Which of the following would be a concern from a privacy perspective?

A. Appropriation.

B. Browser Fingerprinting.

C. Context aware computing.

D. Context of authority.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 5

Which of the following activities would be considered the best method for an organization to achieve the privacy principle of data quality'?

A. Build a system with user access controls and approval workflows to edit customer data

B. Provide a customer with a copy of their data in a machine-readable format

C. Clash customer information with information from a data broker

D. Set a privacy notice covering the purpose for collection of a customer's data

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 6

Organizations understand there are aggregation risks associated with the way the process their customer's data. They typically include the details of this aggregation risk in a privacy notice and ask that all customers acknowledge they understand these risks and consent to the processing.
What type of risk response does this notice and consent represent?

A. Risk acceptance.

B. Risk mitigation.

C. Risk avoidance.

D. Risk transfer.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 7

Which of the following scenarios best exemplifies the concept of Privacy by Default?

A. A software team realizes the product they have already built could potentially have privacy concerns and before deploying it, they request a meeting to get the privacy team's input.

B. A business engages a third party vendor to install cameras in the store to identify criminal behavior and stop criminals as soon as possible to protect customers.

C. An internal team builds a product that will perform analysis on employee site usages by leveraging the data loss prevention tool and use that to block popular risky websites.

D. An organization develops a website to provide customers the ability to purchase products and the choice to opt-in to personalized health marketing based off the products they purchase.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 8

Value Sensitive Design (VSD) focuses on which of the following?

A. Privacy and human rights.

B. Principles and standards.

C. Ethics and morality.

D. Quality and benefit.

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 9

A privacy technologist works at a company operating in a jurisdiction where customers have the right to have their personal data erased. What are the most important technological controls that the privacy technologist needs to implement to ensure personal data can be deleted?

A. Data discovery tools to identify where data resides.

B. Audit trails to track deletion requests and actions.

C. User-facing deletion tools to empower users to manage their own data.

D. Automated deletion tools to ensure efficiency and consistency.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 10

Which of the following entities would most likely be exempt from complying with the General Data Protection Regulation (GDPR)?

A. A South American company that regularly collects European customers' personal data.

B. A company that stores all customer data in Australia and is headquartered in a European Union (EU) member state.

C. A Chinese company that has opened a satellite office in a European Union (EU) member state to service European customers.

D. A North American company servicing customers in South Africa that uses a cloud storage system made by a European company.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 11

What Privacy by Design (PbD) element should include a de-identification or deletion plan?

A. Security

B. Retention.

C. Remediation.

D. Categorization.

Discussion 0

Correct Answer: B Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 12

SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data- not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system?

A. Hashing

B. Asymmetric Encryption

C. Symmetric Encryption

D. Obfuscation

Discussion 0

Correct Answer: C Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 13

An organization is considering launching enhancements to improve security and authentication mechanisms in their products. To better identify the user and reduce friction from the authentication process, they plan to track physical attributes of an individual. A privacy technologist assessing privacy implications would be most interested in which of the following?

A. The authentication mechanism proposed.

B. That the individual is aware tracking is occurring.

C. The purpose of the data tracking.

D. The encryption of individual physical attributes.

Discussion 0

Correct Answer: D Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

Question 14

An organization has recently experienced a data breach where large amounts of personal data were compromised. As part of a post-incident review, the privacy technologist wants to analyze available data to understand what vulnerabilities may have contributed to the incident occurring. He learns that a key vulnerability had been flagged by the system but that detective controls were not operating effectively. Which type of web application security risk does this finding most likely point to?

A. Logging and Monitoring Failures.

B. Insecure Design.

C. Vulnerable and Outdated Components.

D. Misconfiguration.

Discussion 0

Correct Answer: A Vote an answer

Explanation: Only visible for Fast2test members. You can sign-up / login (it's free).

IAPP Certified Information Privacy Technologist (CIPT) - CIPT Exam Practice Test

Contact Us

Useful Links

Latest Updated