01. In order to prevent others from identifying an individual within a data set, privacy engineers use a cryptographically-secure hashing algorithm. Use of hashes in this way illustrates the privacy tactic known as what?
a) Isolation.
b) Obfuscation.
c) Perturbation.
d) Stripping.
02. What is the best way to protect privacy on a Geographic Information System (GIS)?
a) Limiting the data provided to the system.
b) Using a Wireless Encryption Protocol (WEP).
c) Scrambling location information.
d) Using a firewall.
03. Granting data subjects the right to have data corrected, amended, or deleted describes?
a) Use limitation.
b) Accountability.
c) A security safeguard
d) Individual participation
04. A credit card with the last few numbers visible is an example of what?
a) Masking data
b) Synthetic data
c) Sighting controls.
d) Partial encryption
05. What has been found to undermine the public key infrastructure system?
a) Man-in-the-middle attacks.
b) Inability to track abandoned keys.
c) Disreputable certificate authorities.
d) Browsers missing a copy of the certificate authority’s public key.
06. A vendor has been collecting data under an old contract, not aligned with the practices of the organization. Which is the preferred response?
a) Destroy the data
b) Terminate the contract and begin a vendor selection process.
c) Continue the terms of the existing contract until it expires.
d) Update the contract to bring the vendor into alignment.
07. Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifiable information from a student’s educational record requires written permission from the parent or eligible student in order for information to be?
a) Released to a prospective employer.
b) Released to schools to which a student is transferring.
c) Released to specific individuals for audit or evaluation purposes.
d) Released in response to a judicial order or lawfully ordered subpoena.
08. An EU marketing company is planning to make use of personal data captured to make automated decisions based on profiling. In some cases, processing and automated decisions may have a legal effect on individuals, such as credit worthiness.
When evaluating the implementation of systems making automated decisions, in which situation would the company have to accommodate an individual’s right NOT to be subject to such processing to ensure compliance under the General Data Protection Regulation (GDPR)?
a) When an individual’s legal status or rights are not affected by the decision.
b) When there is no human intervention or influence in the decision-making process.
c) When the individual has given explicit consent to such processing and suitable safeguards exist.
d) When the decision is necessary for entering into a contract and the individual can contest the decision.
09. Revocation and reissuing of compromised credentials is impossible for which of the following authentication techniques?
a) Personal identification number.
b) Picture passwords.
c) Biometric data.
d) Radio frequency identification.
10. During a transport layer security (TLS) session, what happens immediately after the web browser creates a random PreMasterSecret?
a) The web browser encrypts the PremasterSecret with the server’s public key.
b) The web browser opens a TLS connection to the PremasterSecret.
c) The server decrypts the PremasterSecret.
d) The server and client use the same algorithm to convert the PremasterSecret into an encryption key.
The purpose of this Sample Question Set is to provide you with information about the IAPP Certified Information Privacy Technologist (CIPT) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CIPT certification test. To get familiar with real exam environment, we suggest you try our Sample IAPP Information Privacy Technologist Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual IAPP Certified Information Privacy Technologist (CIPT) certification exam.