Online Access Free CIPT Exam Questions

A user observes that a software-as-a-service (SaaS) provider's application is requesting access to various device sensors, including the microphone, camera, location, as well as permissions for photos and media.
However, the application fails to specify the purpose or functionality that necessitates such access. This could be an indicator of a potential privacy violation related to:

• A.Weak encryption algorithms used for data transmission.
• B.Lack of multi-factor authentication for user accounts.
• C.Excessive data collection beyond the scope of the service.
• D.Outdated software libraries with known security vulnerabilities.

Which of the following is considered a client-side IT risk?

• A.IDs used to avoid the use of personal data map to personal data in another database.
• B.Security policies focus solely on internal corporate obligations.
• C.An organization increases the number of applications on its server.
• D.An employee stores his personal information on his company laptop.

What is an example of a just-in-time notice?

• A.A full organizational privacy notice publicly available on a website
• B.Privacy information given to a user when he attempts to comment on an online article.
• C.A credit card company calling a user to verify a purchase before itis authorized
• D.A warning that a website may be unsafe.

Aadhaar is a unique-identity number of 12 digits issued to all Indian residents based on their biometric and demographic data. The data is collected by the Unique Identification Authority of India. The Aadhaar database contains the Aadhaar number, name, date of birth, gender and address of over 1 billion individuals.
Which of the following datasets derived from that data would be considered the most de-identified?

• A.A count of the day of birth and hash of the person's first initial of their first name.
• B.A count of the years of birth and hash of the person' s gender.
• C.Account of the century of birth and hash of the last 3 digits of the person's Aadhaar number.
• D.A count of the month of birth and hash of the person's first name.

Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifiable information from a student's educational record requires written permission from the parent or eligible student in order for information to be?

• A.Released in response to a judicial order or lawfully ordered subpoena.
• B.Released to specific individuals for audit or evaluation purposes.
• C.Released to a prospective employer.
• D.Released to schools to which a student is transferring.