Weekend Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: bigdisc65

Download Full Version CIPT IAPP Exam

Previous
Page: 3 / 7
Next
Question 12

SCENARIO

Please use the following to answer the next question:

Jordan just joined a fitness-tracker start-up based in California, USA, as its first Information Privacy and Security Officer. The company is quickly growing its business but does not sell any of the fitness trackers itself. Instead, it relies on a distribution network of third-party retailers in all major countries. Despite not having any stores, the company has a 78% market share in the EU. It has a website presenting the company and products, and a member section where customers can access their information. Only the email address and physical address need to be provided as part of the registration process in order to customize the site to the user’s region and country. There is also a newsletter sent every month to all members featuring fitness tips, nutrition advice, product spotlights from partner companies based on user behavior and preferences.

Jordan says the General Data Protection Regulation (GDPR) does not apply to the company. He says the company is not established in the EU, nor does it have a processor in the region. Furthermore, it does not do any “offering goods or services” in the EU since it does not do any marketing there, nor sell to consumers directly. Jordan argues that it is the customers who chose to buy the products on their own initiative and there is no “offering” from the company.

The fitness trackers incorporate advanced features such as sleep tracking, GPS tracking, heart rate monitoring. wireless syncing, calorie-counting and step-tracking. The watch must be paired with either a smartphone or a computer in order to collect data on sleep levels, heart rates, etc. All information from the device must be sent to the company’s servers in order to be processed, and then the results are sent to the smartphone or computer. Jordan argues that there is no personal information involved since the company does not collect banking or social security information.

Based on the current features of the fitness watch, what would you recommend be implemented into each device in order to most effectively ensure privacy?

Options:

A.

Hashing.

B.

A2DP Bluetooth profile.

C.

Persistent unique identifier.

D.

Randomized MAC address.

Question 13

What is an Access Control List?

Options:

A.

A list of steps necessary for an individual to access a resource.

B.

A list that indicates the type of permission granted to each individual.

C.

A list showing the resources that an individual has permission to access.

D.

A list of individuals who have had their access privileges to a resource revoked.

Question 14

Which of the following would best improve an organization’ s system of limiting data use?

Options:

A.

Implementing digital rights management technology.

B.

Confirming implied consent for any secondary use of data.

C.

Applying audit trails to resources to monitor company personnel.

D.

Instituting a system of user authentication for company personnel.

Question 15

Which of the following CANNOT be effectively determined during a code audit?

Options:

A.

Whether access control logic is recommended in all cases.

B.

Whether data is being incorrectly shared with a third-party.

C.

Whether consent is durably recorded in the case of a server crash.

D.

Whether the differential privacy implementation correctly anonymizes data.

Previous
Page: 3 / 7
Next
CIPT Questions Bank, Download Full Version CIPT IAPP Exam, Changed CIPT Exam Questions, Information Privacy Technologist CIPT Book, Information Privacy Technologist CIPT Passing Score, Complete CIPT IAPP Materials,
Exam Code: CIPT
Exam Name: Certified Information Privacy Technologist (CIPT)
Last Update: May 18, 2024
Questions: 214
CIPT pdf

CIPT PDF

$28  $80
 Add to Cart
CIPT Engine

CIPT Testing Engine

$33.25  $95
 Add to Cart
CIPT PDF + Engine

CIPT PDF + Testing Engine

$45.5  $130
 Add to Cart