The most effective way to protect privacy is to eliminate or reduce collection of personal information. Privacy is the right or the ability of an individual or an entity to control or limit the access, use, or disclosure of their personal information, such as name, address, email, phone number, or biometric data. Privacy is an important and fundamental aspect of human dignity, autonomy, and security, and it is protected by various laws, regulations, or standards, such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), or the ISO/IEC 27001. Protecting privacy is the responsibility and the duty of the individuals or the entities that collect, process, store, or share personal information, such as organizations, businesses, or governments. The most effective way to protect privacy is to eliminate or reduce collection of personal information, meaning that the individuals or the entities should only collect the minimum amount or the necessary type of personal information that is required or relevant for the purpose or the function of the service or the product, and that they should not collect any personal information that is excessive, redundant, or irrelevant. By eliminating or reducing collection of personal information, the individuals or the entities can minimize the risk or the impact of privacy breaches, violations, or incidents, such as unauthorized access, disclosure, or misuse of personal information, and they can also comply with the legal or regulatory obligations, the ethical or moral principles, and the best practices or standards for privacy protection. Encrypting all collected personal information, classifying all personal information at the highest information classification level, or applying tokenization to all personal information records are not the most effective ways to protect privacy, as they are either not sufficient or not necessary for privacy protection, or they have other purposes or functions than privacy protection. References:
* [Privacy]
* [Personal Information]
* [Eliminate or Reduce Collection of Personal Information]

S/MIME (for Secure MIME, or Secure Multipurpose Mail Extension) is a security
process used for e-mail exchanges that makes it possible to guarantee the confidentiality and non-
repudiation of electronic messages.
S/MIME is based on the MIME standard, the goal of which is to let users attach files other than
ASCII text files to electronic messages. The MIME standard therefore makes it possible to attach
all types of files to e-mails.
S/MIME was originally developed by the company RSA Data Security. Ratified in July 1999 by the
IETF, S/MIME has become a standard, whose specifications are contained in RFCs 2630 to 2633.
How S/MIME works
The S/MIME standard is based on the principle of public-key encryption. S/MIME therefore makes
it possible to encrypt the content of messages but does not encrypt the communication.
The various sections of an electronic message, encoded according to the MIME standard, are
each encrypted using a session key.
The session key is inserted in each section's header, and is encrypted using the recipient's public
key. Only the recipient can open the message's body, using his private key, which guarantees the
confidentiality and integrity of the received message.
In addition, the message's signature is encrypted with the sender's private key. Anyone
intercepting the communication can read the content of the message's signature, but this ensures
the recipient of the sender's identity, since only the sender is capable of encrypting a message
(with his private key) that can be decrypted with his public key.
Reference(s) used for this question:
http://en.kioskea.net/contents/139-cryptography-s-mime
RFC 2630: Cryptographic Message Syntax;
OPPLIGER, Rolf, Secure Messaging with PGP and S/MIME, 2000, Artech House;
HARRIS, Shon, All-In-One CISSP Certification Exam Guide, 2001, McGraw-Hill/Osborne, page
570;
SMITH, Richard E., Internet Cryptography, 1997, Addison-Wesley Pub Co.

The 802.11 standard outlines how wireless clients and APs communicate, lays out
the specifications of their interfaces, dictates how signal transmission should take place, and
describes how authentication, association, and security should be implemeted.
The following answers are incorrect:
Public Key Infrastructure (PKI) Public Key Infrastructure is a supporting infrastructure to manage
public keys. It is not part of the IEEE 802 Working Group standard.
Packet-switching technology A packet-switching technology is not included in the IEEE 802
Working Group standard. It is a technology where-in messages are broken up into packets, which
then travel along different routes to the destination.
The OSI/ISO model The Open System Interconnect model is a sevel-layer model defined as an
international standard describing network communications.
The following reference(s) were/was used to create this question:
Source: Shon Harris - "All-in-One CISSP Exam Guide" Fourth Edition; Chapter 7 -
Telecommunications and Network Security: pg. 624.
802.11 refers to a family of specifications developed by the IEEE for Wireless LAN technology.
802.11 specifies an over-the-air interface between a wireless client and a base station or between two wireless clients. The IEEE accepted the specification in 1997. There are several specifications in the 802.11 family:
802.11 # applies to wireless LANs and provides 1 or 2 Mbps transmission in the 2.4 GHz band using either frequency hopping spread spectrum (FHSS) or direct sequence spread spectrum (DSSS). 802.11a # an extension to 802.11 that applies to wireless LANs and provides up to 54 Mbps in the 5GHz band. 802.11a uses an orthogonal frequency division multiplexing encoding scheme rather than FHSS or DSSS. 802.11b (also referred to as 802.11 High Rate or Wi-Fi) # an extension to 802.11 that applies to wireless LANS and provides 11 Mbps transmission (with a fallback to 5.5, 2 and 1 Mbps) in the 2.4 GHz band. 802.11b uses only DSSS. 802.11b was a 1999 ratification to the original 802.11 standard, allowing wireless functionality comparable to Ethernet. 802.11g # applies to wireless LANs and provides 20+ Mbps in the 2.4 GHz band.
Source: 802.11 Planet's web site.

Something you know and a password fits within only one of the three ways authentication could be done. A password is an example of something you know, thereby something you know and a password does not constitute a two-factor authentication as both are in the same category of factors.
A two-factor (strong) authentication relies on two different kinds of authentication factors out of a list of three possible choice:
something you know (e.g. a PIN or password),
something you have (e.g. a smart card, token, magnetic card),
something you are is mostly Biometrics (e.g. a fingerprint) or something you do (e.g.
signature dynamics).
TIP FROM CLEMENT:
On the real exam you can expect to see synonyms and sometimes sub-categories under the main categories. People are familiar with Pin, Passphrase, Password as subset of
Something you know.
However, when people see choices such as Something you do or Something you are they immediately get confused and they do not think of them as subset of Biometrics where you have Biometric implementation based on behavior and physilogical attributes. So something you do falls under the Something you are category as a subset.
Something your do would be signing your name or typing text on your keyboard for example.
Strong authentication is simply when you make use of two factors that are within two different categories.
Reference(s) used for this question:
Shon Harris, CISSP All In One, Fifth Edition, pages 158-159

The transmission of data to locations where equivalent personal data protection cannot be assured is NOT permissible. The other answers are EU principles.