Free CIPT Exam Braindumps

What would be an example of an organization transferring the risks associated with a data breach?

  1. Using a third-party service to process credit card transactions.
  2. Encrypting sensitive personal data during collection and storage
  3. Purchasing insurance to cover the organization in case of a breach.
  4. Applying industry standard data handling practices to the organization’ practices.

Answer(s): C


Reference:

http://www.hpso.com/Documents/pdfs/newsletters/firm09-rehabv1.pdf



A privacy engineer has been asked to review an online account login page. He finds there is no limitation on the number of invalid login attempts a user can make when logging into their online account.
What would be the best recommendation to minimize the potential privacy risk from this weakness?

  1. Implement a CAPTCHA system.
  2. Develop server-side input validation checks.
  3. Enforce strong password and account credentials.
  4. Implement strong Transport Layer Security (TLS) to ensure an encrypted link.

Answer(s): B


Reference:

https://www.packetlabs.net/input-validation/



Which of these actions is NOT generally part of the responsibility of an IT or software engineer?

  1. Providing feedback on privacy policies.
  2. Implementing multi-factor authentication.
  3. Certifying compliance with security and privacy law.
  4. Building privacy controls into the organization’s IT systems or software.

Answer(s): A



Which of the following are the mandatory pieces of information to be included in the documentation of records of processing activities for an organization that processes personal data on behalf of another organization?

  1. Copies of the consent forms from each data subject.
  2. Time limits for erasure of different categories of data.
  3. Contact details of the processor and Data Protection Offer (DPO).
  4. Descriptions of the processing activities and relevant data subjects.

Answer(s): B


Reference:

https://www.iubenda.com/en/help/5428-gdpr-guidema



After downloading and loading a mobile app, the user is presented with an account registration page requesting the user to provide certain personal details. Two statements are also displayed on the same page along with a box for the user to check to indicate their confirmation:
Statement 1 reads: Please check this box to confirm you have read and accept the terms and conditions of the end user license agreement’ and includes a hyperlink to the terms and conditions.
Statement 2 reads: Please check this box to confirm you have read and understood the privacy notice and includes a hyperlink to the privacy notice.

Under the General Data Protection Regulation (GDPR), what lawful basis would you primarily except the privacy notice to refer to?

  1. Consent.
  2. Vital interests.
  3. Legal obligation.
  4. Legitimate interests.

Answer(s): A