CIPT IAPP Exam Questions and Free Practice Test

Question 19

SCENARIO
Please use the following to answer the next question:
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You recall a recent visit to the Records Storage Section in the basement of the old hospital next to the modern facility, where you noticed paper records sitting in crates labeled by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. On the back shelves of the section sat data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the records storage section, you noticed a man leaving whom you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
You quickly realize that you need a plan of action on the maintenance, secure storage and disposal of data. Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system at St. Anne’s Regional Medical Center?

A. Symmetric Encryption

B. Tokenization

C. Obfuscation

D. Certificates

Correct Answer:B

Question 20

What is typically NOT performed by sophisticated Access Management (AM) techniques?

A. Restricting access to data based on location.

B. Restricting access to data based on user role.

C. Preventing certain types of devices from accessing data.

D. Preventing data from being placed in unprotected storage.

Correct Answer:B

Question 21

What is a main benefit of data aggregation?

A. It is a good way to perform analysis without needing a statistician.

B. It applies two or more layers of protection to a single data record.

C. It allows one to draw valid conclusions from small data samples.

D. It is a good way to achieve de-identification and unlinkabilty.

Correct Answer:C

Question 22

Which of the following suggests the greatest degree of transparency?

A. A privacy disclosure statement clearly articulates general purposes for collection

B. The data subject has multiple opportunities to opt-out after collection has occurred.

C. A privacy notice accommodates broadly defined future collections for new products.

D. After reading the privacy notice, a data subject confidently infers how her information will be used.

Correct Answer:D

Question 23

A credit card with the last few numbers visible is an example of what?

A. Masking data

B. Synthetic data

C. Sighting controls.

D. Partial encryption

Correct Answer:A

Question 24

What is the most important requirement to fulfill when transferring data out of an organization?

A. Ensuring the organization sending the data controls how the data is tagged by the receiver.

B. Ensuring the organization receiving the data performs a privacy impact assessment.

C. Ensuring the commitments made to the data owner are followed.

D. Extending the data retention schedule as needed.

Correct Answer:C

START CIPT EXAM