CIPT別格な問題集をダウンロードして無料で最新の(CIPTテスト問題集をゲット) [Q99-Q122]

Share

CIPT別格な問題集をダウンロードして無料で最新の(CIPTテスト問題集をゲット2024年12月26日)

CIPT問題集は合格保証します合格できるCIPT試験問題2024年更新


CIPT試験を受験するには、候補者はまずIAPPの要件を満たす必要があります。これには、関連する職務経験が少なくとも2年間、または職務経験と教育の組み合わせが含まれます。さらに、候補者はIAPPの倫理規定に従うことに同意し、必要なトレーニングコースを修了する必要があります。


IAPP CIPT 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • The Privacy Engineering role in the organization
  • rivacy Risk Models and Frameworks
トピック 2
  • Intrusion, Decisional Interference and Self Representation
  • Privacy by Design Foundational Principles
トピック 3
  • The privacy responsibilities of the IT professional
  • Privacy Design Patterns
トピック 4
  • Fundamentals of privacy-related IT
  • Privacy Engineering Objectives


現代のデジタル時代において、プライバシーは個人や組織にとって重要な問題となっています。IAPP CIPT 試験は、プライバシー技術に関する包括的な知識とスキルを身につけ、認定された専門家となるための優れた機会です。

 

質問 # 99
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
A resource facing web interface that enables resources to apply and manage their assigned jobs.
An online payment facility for customers to pay for services.
Which question would you most likely ask to gain more insight about LeadOps and provide practical privacy recommendations?

  • A. What is LeadOps' annual turnover?
  • B. Where are LeadOps' operations and hosting services located?
  • C. Does LeadOps practice agile development and maintenance of their system?
  • D. How big is LeadOps' employee base?

正解:B

解説:
The location of LeadOps' operations and hosting services is important information for Clean-Q to consider when assessing LeadOps' appropriateness as a service provider. This is because different countries have different data protection laws and regulations that may impact how personal information can be processed and stored. Knowing where LeadOps' operations and hosting services are located will help Clean-Q make informed decisions about how to protect the personal information it entrusts to LeadOps.


質問 # 100
Which activity would best support the principle of data quality?

  • A. Providing notice to the data subject regarding any change in the purpose for collecting such data.
  • B. Delivering information in a format that the data subject understands.
  • C. Ensuring that the number of teams processing personal information is limited.
  • D. Ensuring that information remains accurate.

正解:D

解説:
Reference:
The principle of data quality states that personal data should be relevant to the purposes for which they are to be used and, to the extent necessary for those purposes, should be accurate, complete, and up to date1. Therefore, ensuring that information remains accurate is an activity that would best support this principle1. The other options are not directly related to the principle of data quality, but rather to other principles such as purpose specification, security safeguards, or openness.


質問 # 101
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
* A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
* A resource facing web interface that enables resources to apply and manage their assigned jobs.
* An online payment facility for customers to pay for services.
If Clean-Q were to utilize LeadOps' services, what is a contract clause that may be included in the agreement entered into with LeadOps?

  • A. A provision that holds LeadOps liable for a data breach involving Clean-Q's information.
  • B. A provision prescribing technical and organizational controls that LeadOps must implement.
  • C. A provision that requires LeadOps to notify Clean-Q of any suspected breaches of information that involves customer or resource information managed on behalf of Clean-Q.
  • D. A provision that allows Clean-Q to conduct audits of LeadOps' information processing and information security environment, at LeadOps' cost and at any time that Clean-Q requires.

正解:C

解説:
When engaging with a cloud service provider like LeadOps, it's critical to include specific clauses in the contract to ensure the protection and management of personal information. Here's why a notification clause is essential:
* Data Breach Notification: A provision requiring LeadOps to notify Clean-Q of any suspected breaches ensures that Clean-Q can take immediate action to mitigate any potential damage, inform affected individuals, and comply with regulatory obligations.
* Regulatory Compliance: Many data protection regulations, such as GDPR and CCPA, mandate timely notification of data breaches to both the regulatory authorities and the affected individuals. Including this clause ensures compliance with such laws.
* Risk Management: Prompt notification allows Clean-Q to manage and address any risks associated with the breach, including public relations issues and potential legal liabilities.
* Transparency and Accountability: This clause promotes transparency and accountability, ensuring that LeadOps maintains a high standard of data security and is responsible for informing Clean-Q about any security incidents.


質問 # 102
Which of the following can be used to bypass even the best physical and logical security mechanisms to gain access to a system?

  • A. Social engineering.
  • B. Denial of service.
  • C. Brute-force attacks.
  • D. Phishing emails.

正解:A

解説:
social engineering can be used to bypass even the best physical and logical security mechanisms to gain access to a system. Social engineering involves manipulating individuals into revealing sensitive information or performing actions that compromise security.


質問 # 103
After downloading and loading a mobile app, the user is presented with an account registration page requesting the user to provide certain personal details. Two statements are also displayed on the same page along with a box for the user to check to indicate their confirmation:
Statement 1 reads: "Please check this box to confirm you have read and accept the terms and conditions of the end user license agreement" and includes a hyperlink to the terms and conditions.
Statement 2 reads: "Please check this box to confirm you have read and understood the privacy notice" and includes a hyperlink to the privacy notice.
Under the General Data Protection Regulation (GDPR), what lawful basis would you primarily except the privacy notice to refer to?

  • A. Consent.
  • B. Legitimate interests.
  • C. Vital interests.
  • D. Legal obligation.

正解:A

解説:
Consent (A): Under GDPR, consent is required when processing personal data based on the user's agreement, particularly when accepting terms and conditions and privacy notices. Reference: GDPR Article 6(1)(a).
Vital interests (B): This lawful basis is used in emergency situations where processing is necessary to protect someone's life. Reference: GDPR Article 6(1)(d).
Legal obligation (C): This basis is used when processing is necessary to comply with the law. Reference:
GDPR Article 6(1)(c).
Legitimate interests (D): While legitimate interests can be a lawful basis, the primary basis for the scenario described involving explicit user confirmation is consent. Reference: GDPR Recital 47, Article 6(1)(f).


質問 # 104
A user who owns a resource wants to give other individuals access to the resource. What control would apply?

  • A. Mandatory access control.
  • B. Context of authority controls.
  • C. Discretionary access control.
  • D. Role-based access controls.

正解:C

解説:
Discretionary access control (DAC) allows resource owners to determine who can access their resources and what permissions they have. This model provides flexibility for users to share resources at their discretion. In the DAC model, users can grant access rights to other individuals based on their preferences or needs. The IAPP materials highlight that DAC is commonly used in systems where resource owners need the ability to manage access rights directly (IAPP, "Access Control Models").


質問 # 105
SCENARIO
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the Berry Country Regional Medical Center in Thorn Bay, Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You also recall a recent visit to the Records Storage Section, often termed "The Dungeon" in the basement of the old hospital next to the modern facility, where you noticed a multitude of paper records. Some of these were in crates marked by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. The back shelves of the section housed data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the dungeon, you noticed just ahead of you a small man in a lab coat who you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
Which regulation most likely applies to the data stored by Berry Country Regional Medical Center?

  • A. The European Union Directive 95/46/EC
  • B. Personal Information Protection and Electronic Documents Act
  • C. Health Insurance Portability and Accountability Act
  • D. The Health Records Act 2001

正解:B


質問 # 106
SCENARIO
Kyle is a new security compliance manager who will be responsible for coordinating and executing controls to ensure compliance with the company's information security policy and industry standards. Kyle is also new to the company, where collaboration is a core value. On his first day of new-hire orientation, Kyle's schedule included participating in meetings and observing work in the IT and compliance departments.
Kyle spent the morning in the IT department, where the CIO welcomed him and explained that her department was responsible for IT governance. The CIO and Kyle engaged in a conversation about the importance of identifying meaningful IT governance metrics. Following their conversation, the CIO introduced Kyle to Ted and Barney. Ted is implementing a plan to encrypt data at the transportation level of the organization's wireless network. Kyle would need to get up to speed on the project and suggest ways to monitor effectiveness once the implementation was complete. Barney explained that his short-term goals are to establish rules governing where data can be placed and to minimize the use of offline data storage.
Kyle spent the afternoon with Jill, a compliance specialist, and learned that she was exploring an initiative for a compliance program to follow self-regulatory privacy principles. Thanks to a recent internship, Kyle had some experience in this area and knew where Jill could find some support. Jill also shared results of the company's privacy risk assessment, noting that the secondary use of personal information was considered a high risk.
By the end of the day, Kyle was very excited about his new job and his new company. In fact, he learned about an open position for someone with strong qualifications and experience with access privileges, project standards board approval processes, and application-level obligations, and couldn't wait to recommend his friend Ben who would be perfect for the job.
Ted's implementation is most likely a response to what incident?

  • A. Signatureless advanced malware was detected at multiple points on the organization's networks.
  • B. Encryption keys were previously unavailable to the organization's cloud storage host.
  • C. Cyber criminals accessed proprietary data by running automated authentication attacks on the organization's network.
  • D. Confidential information discussed during a strategic teleconference was intercepted by the organization's top competitor.

正解:B


質問 # 107
SCENARIO
You have just been hired by Ancillary.com, a seller of accessories for everything under the sun, including waterproof stickers for pool floats and decorative bands and cases for sunglasses. The company sells cell phone cases, e-cigarette cases, wine spouts, hanging air fresheners for homes and automobiles, book ends, kitchen implements, visors and shields for computer screens, passport holders, gardening tools and lawn ornaments, and catalogs full of health and beauty products. The list seems endless. As the CEO likes to say, Ancillary offers, without doubt, the widest assortment of low-price consumer products from a single company anywhere.
Ancillary's operations are similarly diverse. The company originated with a team of sales consultants selling home and beauty products at small parties in the homes of customers, and this base business is still thriving. However, the company now sells online through retail sites designated for industries and demographics, sites such as "My Cool Ride" for automobile-related products or "Zoomer" for gear aimed toward young adults. The company organization includes a plethora of divisions, units and outrigger operations, as Ancillary has been built along a decentered model rewarding individual initiative and flexibility, while also acquiring key assets. The retail sites seem to all function differently, and you wonder about their compliance with regulations and industry standards. Providing tech support to these sites is also a challenge, partly due to a variety of logins and authentication protocols.
You have been asked to lead three important new projects at Ancillary:
The first is the personal data management and security component of a multi-faceted initiative to unify the company's culture. For this project, you are considering using a series of third- party servers to provide company data and approved applications to employees.
The second project involves providing point of sales technology for the home sales force, allowing them to move beyond paper checks and manual credit card imprinting.
Finally, you are charged with developing privacy protections for a single web store housing all the company's product lines as well as products from affiliates. This new omnibus site will be known, aptly, as "Under the Sun." The Director of Marketing wants the site not only to sell Ancillary's products, but to link to additional products from other retailers through paid advertisements. You need to brief the executive team of security concerns posed by this approach.
If you are asked to advise on privacy concerns regarding paid advertisements, which is the most important aspect to cover?

  • A. Latent keys that trigger malware when an advertisement is selected.
  • B. Sensitive information from Structured Query Language (SQL) commands that may be exposed.
  • C. Unseen web beacons that combine information on multiple users.
  • D. Personal information collected by cookies linked to the advertising network.

正解:D

解説:
The most important aspect to cover when advising on privacy concerns regarding paid advertisements would be C.
Personal information collected by cookies linked to the advertising network. Cookies are small text files that are stored on a user's device by websites and advertising networks. They can be used to track a user's browsing behavior and collect personal information. This can raise privacy concerns as users may not be aware of the extent of data collection and how their personal information is being used.


質問 # 108
SCENARIO
Please use the following to answer the next question:
Light Blue Health (LBH) is a healthcare technology company developing a new web and mobile application that collects personal health information from electronic patient health records. The application will use machine learning to recommend potential medical treatments and medications based on information collected from anonymized electronic health records. Patient users may also share health data collected from other mobile apps with the LBH app.
The application requires consent from the patient before importing electronic health records into the application and sharing it with their authorized physicians or healthcare provider. The patient can then review and share the recommended treatments with their physicians securely through the app. The patient user may also share location data and upload photos in the app. The patient user may also share location data and upload photos in the app for a healthcare provider to review along with the health record. The patient may also delegate access to the app.
LBH's privacy team meets with the Application development and Security teams, as well as key business stakeholders on a periodic basis. LBH also implements Privacy by Design (PbD) into the application development process.
The Privacy Team is conducting a Privacy Impact Assessment (PIA) to evaluate privacy risks during development of the application. The team must assess whether the application is collecting descriptive, demographic or any other user related data from the electronic health records that are not needed for the purposes of the application. The team is also reviewing whether the application may collect additional personal data for purposes for which the user did not provide consent.
What is the best way to minimize the risk of an exposure violation through the use of the app?

  • A. Dissociate the patient health data from the personal data.
  • B. Prevent the downloading of photos stored in the app.
  • C. Exclude the collection of personal information from the health record.
  • D. Create a policy to prevent combining data with external data sources.

正解:D


質問 # 109
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
* A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
* A resource facing web interface that enables resources to apply and manage their assigned jobs.
* An online payment facility for customers to pay for services.
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?

  • A. Obtain a legal opinion from an external law firm on contracts management.
  • B. Nothing at this stage as the Managing Director has made a decision.
  • C. Involve the Information Security team to understand in more detail the types of services and solutions LeadOps is proposing.
  • D. Determine if any Clean-Q competitors currently use LeadOps as a solution.

正解:C


質問 # 110
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
* A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
* A resource facing web interface that enables resources to apply and manage their assigned jobs.
* An online payment facility for customers to pay for services.
Which question would you most likely ask to gain more insight about LeadOps and provide practical privacy recommendations?

  • A. What is LeadOps' annual turnover?
  • B. Where are LeadOps' operations and hosting services located?
  • C. How big is LeadOps' employee base?
  • D. Does LeadOps practice agile development and maintenance of their system?

正解:D


質問 # 111
Which activity would best support the principle of data quality?

  • A. Providing notice to the data subject regarding any change in the purpose for collecting such data.
  • B. Delivering information in a format that the data subject understands.
  • C. Ensuring that the number of teams processing personal information is limited.
  • D. Ensuring that information remains accurate.

正解:D

解説:
Explanation/Reference: https://iapp.org/resources/article/fair-information-practices/


質問 # 112
SCENARIO
Wesley Energy has finally made its move, acquiring the venerable oil and gas exploration firm Lancelot from its long-time owner David Wilson. As a member of the transition team, you have come to realize that Wilson's quirky nature affected even Lancelot's data practices, which are maddeningly inconsistent. "The old man hired and fired IT people like he was changing his necktie," one of Wilson's seasoned lieutenants tells you, as you identify the traces of initiatives left half complete.
For instance, while some proprietary data and personal information on clients and employees is encrypted, other sensitive information, including health information from surveillance testing of employees for toxic exposures, remains unencrypted, particularly when included within longer records with less-sensitive data. You also find that data is scattered across applications, servers and facilities in a manner that at first glance seems almost random.
Among your preliminary findings of the condition of data at Lancelot are the following:
* Cloud technology is supplied by vendors around the world, including firms that you have not heard of. You are told by a former Lancelot employee that these vendors operate with divergent security requirements and protocols.
* The company's proprietary recovery process for shale oil is stored on servers among a variety of less- sensitive information that can be accessed not only by scientists, but by personnel of all types at most company locations.
* DES is the strongest encryption algorithm currently used for any file.
* Several company facilities lack physical security controls, beyond visitor check-in, which familiar vendors often bypass.
* Fixing all of this will take work, but first you need to grasp the scope of the mess and formulate a plan of action to address it.
Which is true regarding the type of encryption Lancelot uses?

  • A. It employs the data scrambling technique known as obfuscation.
  • B. It is a data masking methodology.
  • C. It uses a single key for encryption and decryption.
  • D. Its decryption key is derived from its encryption key.

正解:C


質問 # 113
There are two groups of users. In a company, where one group Is allowed to see credit card numbers, while the other group Is not. Both are accessing the data through the same application. The most effective and efficient way to achieve this would be?

  • A. Have two copies of the data, one copy where the credit card numbers are obfuscated, while the other copy has them in the clear. Serve up from the appropriate copy depending on the user accessing it.
  • B. Obfuscate the credit card numbers whenever a user who does not have the right to see them accesses the data.
  • C. Drop credit card numbers altogether whenever a user who does not have the right to see them accesses the data.
  • D. Have the data encrypted at rest, and selectively decrypt It for the users who have the rights to see it.

正解:B

解説:
The most effective and efficient way to handle different access levels to credit card numbers within the same application is to obfuscate the credit card numbers whenever a user who does not have the right to see them accesses the data. Option C ensures that sensitive information is masked for unauthorized users without the need for maintaining multiple data copies or complex encryption schemes. This approach aligns with data minimization and access control principles discussed in the IAPP's CIPT materials, which advocate for minimizing exposure of sensitive data.


質問 # 114
Which of the following is one of the fundamental principles of information security?

  • A. Confidentiality.
  • B. Connectivity.
  • C. Accessibility.
  • D. Accountability.

正解:A

解説:
confidentiality is one of the fundamental principles of information security. Confidentiality refers to protecting information from unauthorized access and disclosure.


質問 # 115
Which of the following techniques describes the use of encryption where encryption keys are divided into parts that can then be used to recover a full encryption key?

  • A. Homomorphic encryption.
  • B. Cryptographic hashing.
  • C. Asymmetric cryptography.
  • D. Secret sharing.

正解:D

解説:
the technique that describes the use of encryption where encryption keys are divided into parts that can then be used to recover a full encryption key is called secret sharing.


質問 # 116
A privacy technologist has been asked to aid in a forensic investigation on the darknet following the compromise of a company's personal dat a.
This will primarily involve an understanding of which of the following privacy-preserving techniques?

  • A. Masking
  • B. Encryption
  • C. Do Not Track
  • D. Tokenization

正解:B

解説:
a privacy technologist aiding in a forensic investigation on the darknet following the compromise of a company's personal data would primarily need an understanding of encryption. Encryption is a privacy-preserving technique that can help protect sensitive data from unauthorized access.


質問 # 117
What is the main function of the Amnesic Incognito Live System or TAILS device?

  • A. It accesses systems with a credential that leaves no discernable tracks.
  • B. It causes a system to suspend its security protocols.
  • C. It allows the user to run a self-contained computer from a USB device.
  • D. It encrypts data stored on any computer on a network.

正解:C

解説:
Explanation/Reference: https://www.wired.co.uk/article/tails-operating-software


質問 # 118
A developer is designing a new system that allows an organization's helpdesk to remotely connect into the device of the individual to provide support Which of the following will be a privacy technologist's primary concern"?

  • A. Geolocation
  • B. Geofencing
  • C. Geo-tracking
  • D. Geo-tagging

正解:A

解説:
A privacy technologist's primary concern with a system that allows an organization's helpdesk to remotely connect into the device of the individual would be geolocation. This concern arises because remote access can expose the geographical location of the individual, potentially leading to privacy risks if the location data is improperly handled or accessed. The IAPP's CIPT materials cover privacy risks associated with geolocation data, stressing the need for careful management of location-based information to protect user privacy.


質問 # 119
SCENARIO
Clean-Q is a company that offers house-hold and office cleaning services. The company receives requests from consumers via their website and telephone, to book cleaning services. Based on the type and size of service, Clean-Q then contracts individuals that are registered on its resource database - currently managed in-house by Clean-Q IT Support. Because of Clean-Q's business model, resources are contracted as needed instead of permanently employed.
The table below indicates some of the personal information Clean-Q requires as part of its business operations:

Clean-Q has an internal employee base of about 30 people. A recent privacy compliance exercise has been conducted to align employee data management and human resource functions with applicable data protection regulation. Therefore, the Clean-Q permanent employee base is not included as part of this scenario.
With an increase in construction work and housing developments, Clean-Q has had an influx of requests for cleaning services. The demand has overwhelmed Clean-Q's traditional supply and demand system that has caused some overlapping bookings.
Ina business strategy session held by senior management recently, Clear-Q invited vendors to present potential solutions to their current operational issues. These vendors included Application developers and Cloud-Q's solution providers, presenting their proposed solutions and platforms.
The Managing Director opted to initiate the process to integrate Clean-Q's operations with a cloud solution (LeadOps) that will provide the following solution one single online platform: A web interface that Clean-Q accesses for the purposes of resource and customer management. This would entail uploading resource and customer information.
A customer facing web interface that enables customers to register, manage and submit cleaning service requests online.
A resource facing web interface that enables resources to apply and manage their assigned jobs.
An online payment facility for customers to pay for services.
Considering that LeadOps will host/process personal information on behalf of Clean-Q remotely, what is an appropriate next step for Clean-Q senior management to assess LeadOps' appropriateness?

  • A. Obtain a legal opinion from an external law firm on contracts management.
  • B. Nothing at this stage as the Managing Director has made a decision.
  • C. Involve the Information Security team to understand in more detail the types of services and solutions LeadOps is proposing.
  • D. Determine if any Clean-Q competitors currently use LeadOps as a solution.

正解:C

解説:
Since LeadOps will host/process personal information on behalf of Clean-Q remotely, it is important for Clean-Q's Information Security team to assess the security measures and controls that LeadOps has in place to protect this information. This will help Clean-Q senior management make an informed decision about whether or not to engage LeadOps' services.


質問 # 120
What is the main function of the Amnesiac Incognito Live System or TAILS device?

  • A. It accesses systems with a credential that leaves no discernable tracks.
  • B. It causes a system to suspend its security protocols.
  • C. It encrypts data stored on any computer on a network.
  • D. It allows the user to run a self-contained computer from a USB device.

正解:C


質問 # 121
Which of the following are the mandatory pieces of information to be included in the documentation of records of processing activities for an organization that processes personal data on behalf of another organization?

  • A. Copies of the consent forms from each data subject.
  • B. Descriptions of the processing activities and relevant data subjects.
  • C. Time limits for erasure of different categories of data.
  • D. Contact details of the processor and Data Protection Offer (DPO).

正解:D

解説:
Copies of the consent forms from each data subject (A): This is not a mandatory piece of information for the documentation of processing activities. Reference: GDPR Article 30.
Time limits for erasure of different categories of data (B): This is mandatory as per GDPR requirements to ensure that data is not kept longer than necessary. Reference: GDPR Article 30.
Contact details of the processor and Data Protection Officer (DPO) (C): The GDPR mandates that the records of processing activities must include the contact details of the processor and the DPO. Reference:
GDPR Article 30(2)(a).
Descriptions of the processing activities and relevant data subjects (D): This is mandatory to provide a clear understanding of what data is being processed and for whom. Reference: GDPR Article 30(1)(b).


質問 # 122
......

検証済みのCIPT問題集で問題と解答で合格保証試験問題集テストエンジン:https://jp.fast2test.com/CIPT-premium-file.html

検証済みのCIPT問題集222格別な問題:https://drive.google.com/open?id=1qv4ybsRG1exJi9VCIN42om98US-wM2Nj


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어