CIPT IAPP Exam Questions and Free Practice Test

Question 31

SCENARIO
Tom looked forward to starting his new position with a U.S —based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company). Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below.
Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.
Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.
Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.
When employees are working remotely, they usually connect to a Wi-Fi network. What should Harry advise for maintaining company security in this situation?

A. Hiding wireless service set identifiers (SSID).

B. Retaining the password assigned by the network.

C. Employing Wired Equivalent Privacy (WEP) encryption.

D. Using tokens sent through HTTP sites to verify user identity.

Correct Answer:A

Question 32

What must be done to destroy data stored on "write once read many" (WORM) media?

A. The data must be made inaccessible by encryption.

B. The erase function must be used to remove all data.

C. The media must be physically destroyed.

D. The media must be reformatted.

Correct Answer:C

Question 33

What is the main privacy threat posed by Radio Frequency Identification (RFID)?

A. An individual with an RFID receiver can track people or consumer products.

B. An individual can scramble computer transmissions in weapons systems.

C. An individual can use an RFID receiver to engage in video surveillance.

D. An individual can tap mobile phone communications.

Correct Answer:D

Question 34

Which of the following are the mandatory pieces of information to be included in the documentation of records of processing activities for an organization that processes personal data on behalf of another organization?

A. Copies of the consent forms from each data subject.

B. Time limits for erasure of different categories of data.

C. Contact details of the processor and Data Protection Offer (DPO).

D. Descriptions of the processing activities and relevant data subjects.

Correct Answer:B