Question 1

Not updating software for a system that processes human resources data with the latest security patches may create what?

Accepted Answer

B

Explanation: Not updating software with the latest security patches can expose systems to various vulnerabilities, including those that can compromise privacy. When systems processing sensitive data, such as human resources data, are not updated, they become susceptible to security exploits that can lead to unauthorized access or data breaches. This negligence creates privacy vulnerabilities because it increases the risk that personal data could be accessed, stolen, or altered by malicious actors. Privacy vulnerabilities are essentially weaknesses in a system that could be exploited to compromise the privacy of data subjects. This concept is emphasized in the IAPP's training materials, which highlight the importance of maintaining up-to-date software as part of a robust data protection strategy.

Question 2

There are two groups of users. In a company, where one group Is allowed to see credit card numbers,
while the other group Is not. Both are accessing the data through the same application. The most
effective and efficient way to achieve this would be?

Accepted Answer

C

Explanation: The most effective and efficient way to handle different access levels to credit card numbers within the same application is to obfuscate the credit card numbers whenever a user who does not have the right to see them accesses the data. Option C ensures that sensitive information is masked for unauthorized users without the need for maintaining multiple data copies or complex encryption schemes. This approach aligns with data minimization and access control principles discussed in the IAPP’s CIPT materials, which advocate for minimizing exposure of sensitive data.

Question 3

What can be used to determine the type of data in storage without exposing its contents?

Accepted Answer

D

Explanation: Metadata can be used to determine the type of data in storage without exposing its contents. Metadata is data about data, providing information such as file type, creation date, author, and other attributes that describe the data without revealing the actual content. This allows organizations to categorize and manage data effectively without compromising data privacy. Reference: IAPP CIPT Study Guide: Understanding the role of metadata in data management. GDPR, Recital 39: Emphasizes the importance of metadata in ensuring data accuracy and integrity without exposing the content.

Question 4

Which privacy engineering objective proposed by the US National Institute of Science and
Technology (NIST) decreases privacy risk by ensuring that connections between individuals and their
personal data are reduced?

Accepted Answer

A

Explanation: Disassociability is one of the privacy engineering objectives proposed by the US National Institute of Science and Technology (NIST) that aims to reduce privacy risk by ensuring that connections between individuals and their personal data are minimized. This objective helps to protect individual privacy by making it more difficult to link personal data back to specific individuals, thereby reducing the risk of re-identification and misuse of personal information. (Reference: NIST Privacy Framework, Appendix D: Privacy Engineering Objectives)

Question 5

SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and
Compliance for the St. Anne’s Regional Medical Center in Thorn Bay, Ontario, Canada, you see a
parade of accomplishments, from developing state-of-the-art simulation based training for
employees on privacy protection to establishing an interactive medical records system that is
accessible by patients as well as by the medical personnel. Now, however, a question you have put
off looms large: how do we manage all the data-not only records produced recently, but those still
on-hand from years ago? A data flow diagram generated last year shows multiple servers, databases,
and work stations, many of which hold files that have not yet been incorporated into the new records
system. While most of this data is encrypted, its persistence may pose security and compliance
concerns. The situation is further complicated by several long-term studies being conducted by the
medical staff using patient information. Having recently reviewed the major Canadian privacy
regulations, you want to make certain that the medical center is observing them.
You recall a recent visit to the Records Storage Section in the basement of the old hospital next to the
modern facility, where you noticed paper records sitting in crates labeled by years, medical condition
or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on
the floor. On the back shelves of the section sat data tapes and old hard drives that were often
unlabeled but appeared to be years old. On your way out of the records storage section, you noticed
a man leaving whom you did not recognize. He carried a batch of folders under his arm, apparently
records he had removed from storage.
You quickly realize that you need a plan of action on the maintenance, secure storage and disposal of
data.
Which cryptographic standard would be most appropriate for protecting patient credit card
information in the records system at St. Anne’s Regional Medical Center?

Accepted Answer

B

Explanation: Option A (Symmetric Encryption): Symmetric encryption uses the same key for both encryption and decryption. While effective for protecting data in transit or at rest, it does not address tokenization's specific use case for payment information. Option B (Tokenization): Tokenization replaces sensitive data with non-sensitive tokens that can be used within the system without exposing actual credit card details. It is particularly effective for protecting payment information by reducing the risk of data breaches. Option C (Obfuscation): Obfuscation is a technique to make data harder to understand but does not provide the strong security guarantees needed for protecting credit card information. Option D (Certificates): Certificates are used in public key infrastructure (PKI) to authenticate identities and secure communications. They are not specifically used for protecting stored credit card information. Reference: PCI DSS requirements for tokenization and data security. NIST Special Publication 800-57 on Cryptographic Key Management. Conclusion: Tokenization (Option B) is the most appropriate cryptographic standard for protecting patient credit card information, as it replaces sensitive data with tokens, reducing the risk of exposure.

Question 6

SCENARIO
Carol was a U.S.-based glassmaker who sold her work at art festivals. She kept things simple by only
accepting cash and personal checks.
As business grew, Carol couldn't keep up with demand, and traveling to festivals became
burdensome. Carol opened a small boutique and hired Sam to run it while she worked in the studio.
Sam was a natural salesperson, and business doubled. Carol told Sam, “I don't know what you are
doing, but keep doing it!"
But months later, the gift shop was in chaos. Carol realized that Sam needed help so she hired Jane,
who had business expertise and could handle the back-office tasks. Sam would continue to focus on
sales. Carol gave Jane a few weeks to get acquainted with the artisan craft business, and then
scheduled a meeting for the three of them to discuss Jane's first impressions.
At the meeting, Carol could not wait to hear Jane's thoughts, but she was unprepared for what Jane
had to say. “Carol, I know that he doesn't realize it, but some of Sam’s efforts to increase sales have
put you in a vulnerable position. You are not protecting customers’ personal information like you
should.”
Sam said, “I am protecting our information. I keep it in the safe with our bank deposit. It's only a list
of customers’ names, addresses and phone numbers that I get from their checks before I deposit
them. I contact them when you finish a piece that I think they would like. That's the only information
I have! The only other thing I do is post photos and information about your work on the photo
sharing site that I use with family and friends. I provide my email address and people send me their
information if they want to see more of your work. Posting online really helps sales, Carol. In fact, the
only complaint I hear is about having to come into the shop to make a purchase.”
Carol replied, “Jane, that doesn’t sound so bad. Could you just fix things and help us to post even
more online?"
‘I can," said Jane. “But it's not quite that simple. I need to set up a new program to make sure that
we follow the best practices in data management. And I am concerned for our customers. They
should be able to manage how we use their personal information. We also should develop a social
media strategy.”
Sam and Jane worked hard during the following year. One of the decisions they made was to contract
with an outside vendor to manage online sales. At the end of the year, Carol shared some exciting
news. “Sam and Jane, you have done such a great job that one of the biggest names in the glass
business wants to buy us out! And Jane, they want to talk to you about merging all of our customer
and vendor information with theirs beforehand."
Which regulator has jurisdiction over the shop's data management practices?

Accepted Answer

A

Explanation: The Federal Trade Commission (FTC) is responsible for protecting consumers in the U.S. by preventing fraudulent, deceptive, and unfair business practices. It has jurisdiction over commercial data privacy and security practices, including those of Carol’s shop. The FTC enforces data protection and privacy standards to ensure consumer information is handled appropriately. Reference: IAPP CIPT Study Guide: Regulatory Environment. IAPP Certified Information Privacy Technologist (CIPT) Handbook: Section on U.S. Privacy Laws and Regulations.

Question 7

Truncating the last octet of an IP address because it is NOT needed is an example of which privacy principle?

Accepted Answer

B

Explanation: Truncating the last octet of an IP address because it is not needed is an example of the privacy principle of Data Minimization. This principle states that only the minimum amount of personal data necessary for the purpose should be collected and processed. By truncating the IP address, the data is reduced to the minimum needed, thus limiting the potential for privacy breaches and data misuse. (Reference: IAPP CIPT Study Guide, Chapter on Data Minimization and Retention)

Question 8

Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit
card payment systems and bypassed security controls of a United States-based retailer with malware
that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection
software installed to prevent against such an attack.
Which of the following would best explain why the retailer’s consumer data was still exfiltrated?

Accepted Answer

Answer available on page.

Question 9

Which of the following would be an example of an "objective" privacy harm to an individual?

Accepted Answer

D

Explanation: Option A: Receiving spam is a negative outcome but is often considered more of an inconvenience than an objective harm. Option B: Negative feelings from surveillance are subjective because they pertain to personal emotions rather than measurable impacts. Option C: Social media profile views are again more subjective unless they lead to measurable negative consequences. Option D: Inaccuracies in personal data are objective because they can lead to concrete and measurable harms such as financial loss, wrongful decisions, or incorrect profiling. Reference: IAPP CIPT Study Guide Privacy Impact Assessment (PIA) frameworks discussing objective vs. subjective harm

Question 10

What has been found to undermine the public key infrastructure system?

Accepted Answer

C

Explanation: Public key infrastructure (PKI) relies heavily on the trustworthiness of certificate authorities (CAs). These CAs are responsible for issuing and verifying digital certificates. If a CA is compromised or disreputable, the entire PKI system's integrity can be undermined because the certificates it issues can no longer be trusted. This can lead to a range of security issues, including the potential for man- in-the-middle attacks, as malicious actors could exploit compromised certificates to impersonate legitimate entities. Thus, maintaining reputable and secure CAs is critical to the PKI system's effectiveness. Reference: IAPP CIPT Certification Textbook, Chapter on Cryptography and PKI, emphasizing the role and importance of CAs in PKI systems.

Question 11

Which of the following is NOT a valid basis for data retention?

Accepted Answer

A

Explanation: The size of the data is not a valid basis for data retention. Data retention policies should be based on factors like the type of data, its location, and the last time it was accessed, rather than its size. Retention decisions should consider the necessity and relevance of the data for legal, operational, and regulatory purposes. This principle is covered in the IAPP’s CIPT materials, specifically in the sections on data lifecycle management and retention policies.

Question 12

All of the following can be indications of a ransomware attack EXCEPT?

Accepted Answer

B

Explanation: Ransomware attacks are typically characterized by certain signs, including: Inability to access certain files (Option A): This is a primary indication as ransomware often encrypts files, making them inaccessible. Increased CPU activity for no apparent reason (Option C): This can be a sign of encryption processes running in the background. Detection of suspicious network communications (Option D): Ransomware often communicates with command and control servers for instructions or to send encryption keys. Option B, an increased amount of spam email, is not an indication of a ransomware attack. Spam emails are more commonly associated with phishing attacks or general email security issues. Reference: IAPP Information Privacy Technologist (CIPT) training materials NIST Special Publication 800-83 (Guide to Malware Incident Prevention and Handling)

Question 13

In day to day interactions with technology, consumers are presented with privacy choices. Which of
the following best represents the Privacy by Design (PbD) methodology of letting the user choose a
non-zero-sum choice?

Accepted Answer

B

Explanation: Option A: While using positive imagery and language can influence user behavior, it doesn't specifically address the principle of non-zero-sum choices, which are about providing meaningful privacy choices that do not require users to sacrifice one benefit for another. Option B: This option aligns with the Privacy by Design (PbD) principle of empowering users with clear, understandable choices that allow them to protect their privacy without facing undue complexity or negative consequences. This reflects a non-zero-sum approach where privacy is integrated seamlessly and transparently into the user experience. Option C: Displaying what other users chose can create a herd effect but does not inherently relate to non-zero-sum choices, which are about giving users meaningful and balanced privacy options. Option D: Using priming techniques can assist in decision-making but does not specifically address the principle of non-zero-sum choices. Reference: IAPP CIPT Study Guide Privacy by Design Framework

Question 14

Users of a web-based email service have their accounts breached through compromised login
credentials. Which possible consequences of the breach illustrate the two categories of Calo’s Harm
Dimensions?

Accepted Answer

C

Explanation: Calo’s Harm Dimensions categorize privacy harms into two main types: objective and subjective harms. Identity Theft (Objective Harm): This is a measurable harm that occurs when an individual's personal information is stolen and used fraudulently, leading to financial loss, legal consequences, or other tangible damages. Embarrassment (Subjective Harm): This is a harm that affects an individual's feelings, emotions, or social standing. It occurs when personal information is exposed in a way that causes humiliation or distress. These two examples illustrate the categories effectively: Identity theft represents the objective harm. Embarrassment represents the subjective harm. Reference: IAPP Certification Textbooks, Section on Privacy Harms and Risk Assessment, Calo’s Harm Dimensions.

Question 15

During a transport layer security (TLS) session, what happens immediately after the web browser creates a random PreMasterSecret?

Accepted Answer

C

Explanation: TLS Handshake Process: During a TLS handshake, various steps occur to establish a secure session between a client (e.g., web browser) and a server. ClientHello: The process begins with the client sending a "ClientHello" message, which includes supported cipher suites and the client's random value. ServerHello: The server responds with a "ServerHello" message, which includes the selected cipher suite and the server's random value. Server Certificate: The server sends its digital certificate to the client to authenticate its identity. Client Key Exchange: After verifying the server's certificate, the client generates a random "PreMasterSecret." Encryption with Public Key: The client encrypts the "PreMasterSecret" with the server's public key obtained from the server's certificate. This step ensures that only the server can decrypt the "PreMasterSecret" since it possesses the corresponding private key. Decryption by Server: The server decrypts the received "PreMasterSecret" using its private key. Generation of Session Keys: Both the client and the server independently generate session keys using the decrypted "PreMasterSecret," along with the client and server random values. Reference: "Transport Layer Security (TLS) - Working of TLS", GeeksforGeeks, https://www.geeksforgeeks.org/transport-layer-security-tls-working-of-tls/ "How does SSL/TLS work?", Cloudflare, https://www.cloudflare.com/learning/ssl/how-does-sslwork/

Free IAPP CIPT Actual Exam Questions