Complete CIPT IAPP Materials

Page: 7 / 7

Question 28

What is the distinguishing feature of asymmetric encryption?

Options:

It has a stronger key for encryption than for decryption.

It employs layered encryption using dissimilar methods.

It uses distinct keys for encryption and decryption.

It is designed to cross operating systems.

Question 29

Implementation of privacy controls for compliance with the requirements of the Children’s Online Privacy Protection Act (COPPA) is necessary for all the following situations EXCEPT?

Options:

A virtual jigsaw puzzle game marketed for ages 5-9 displays pieces of the puzzle on a handheld screen. Once the child completes a certain level, it flashes a message about new themes released that day.

An interactive toy copies a child’s behavior through gestures and kid-friendly sounds. It runs on battery power and automatically connects to a base station at home to charge itself.

A math tutoring service commissioned an advertisement on a bulletin board inside a charter school. The service makes it simple to reach out to tutors through a QR-code shaped like a cartoon character.

A note-taking application converts hard copies of kids’ class notes into audio books in seconds. It does so by using the processing power of idle server farms.

Question 30

What has been found to undermine the public key infrastructure system?

Options:

Man-in-the-middle attacks.

Inability to track abandoned keys.

Disreputable certificate authorities.

Browsers missing a copy of the certificate authority's public key.

Question 31

SCENARIO

Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's schedule included participating in meetings and observing work in the IT and compliance departments.

Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of offline data storage.

Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could find some support. Jill also shared results of the company’s privacy risk assessment, noting that the secondary use of personal information was considered a high risk.

By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifications and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn’t wait to recommend his friend Ben who would be perfect for the job.

Ted's implementation is most likely a response to what incident?