CIPT IAPP Exam Questions and Free Practice Test

Question 25

To comply with the Sarbanes-Oxley Act (SOX), public companies in the United States are required to annually report on the effectiveness of the auditing controls of their financial reporting systems. These controls must be implemented to prevent unauthorized use, disclosure, modification, and damage or loss of financial data.
Why do these controls ensure both the privacy and security of data?

A. Modification of data is an aspect of privacy; unauthorized use, disclosure, and damage or loss of data are aspects of security.

B. Unauthorized use of data is an aspect of privacy; disclosure, modification, and damage or loss of data are aspects of security.

C. Disclosure of data is an aspect of privacy; unauthorized use, modification, and damage or loss of data are aspects of security.

D. Damage or loss of data are aspects of privacy; disclosure, unauthorized use, and modification of data are aspects of privacy.

Correct Answer:C

Question 26

When releasing aggregates, what must be performed to magnitude data to ensure privacy?

A. Value swapping.

B. Noise addition.

C. Basic rounding.

D. Top coding.

Correct Answer:B

Question 27

Which of these actions is NOT generally part of the responsibility of an IT or software engineer?

A. Providing feedback on privacy policies.

B. Implementing multi-factor authentication.

C. Certifying compliance with security and privacy law.

D. Building privacy controls into the organization’s IT systems or software.

Correct Answer:A

Question 28

What is the main benefit of using dummy data during software testing?

A. The data comes in a format convenient for testing.

B. Statistical disclosure controls are applied to the data.

C. The data enables the suppression of particular values in a set.

D. Developers do not need special privacy training to test the software.

Correct Answer:D

Question 29

Which is the most accurate type of biometrics?

A. DNA

B. Voiceprint.

C. Fingerprint.

D. Facial recognition.

Correct Answer:B

Question 30

SCENARIO
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information: First and last name
Date of birth (DOB) Mailing address Email address
Car VIN number Car model License plate
Insurance card number Photo
Vehicle diagnostics Geolocation
The app is designed to collect and transmit geolocation data. How can data collection best be limited to the necessary minimum?

A. Allow user to opt-out geolocation data collection at any time.

B. Allow access and sharing of geolocation data only after an accident occurs.

C. Present a clear and explicit Explanation about need for the geolocation data.

D. Obtain consent and capture geolocation data at all times after consent is received.

Correct Answer:D

START CIPT EXAM