CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Directive on Privacy and Electronic Communications Act 2002/58EC
A continuation of policy directives for the European Union Member States as set forth in the Data
Protection Directive. It has been amended by the Cookie Directive 2009/136EC, which added a
requirement that all websites using tracking cookies obtain user consent unless the cookie is "strictly
necessary for the delivery of a service requested by the use." This policy recognizes the importance of
cookies for the functioning of modern websites while still making users aware of any tracking the user
may not want to participate in.
Discretionary Access Control
A type of access control that allows an owner of an object, within a given computer-based information
system, to grant or deny access.
DMZ (Demilitarized Zone) Network
A firewall configuration for securing local area networks (LANs). In a DMZ configuration, there are a set
of computers that act as a broker for traffic between the LAN and an outside network allowing the
majority of computers to run safely behind a firewall. Thus these computers act as a broker similar to a
joint security area in a political demilitarized zone.
Do Not Track
A proposed regulatory policy, similar to the existing Do Not Call Registry in the United States, which
would allow consumers to opt out of web-usage tracking.
E-Commerce Websites
Websites with online ordering capabilities have special privacy advantages and risks. Unlike other web
advertisers, E-Commerce websites have direct access to information regarding user purchases and
payment information. While creating a great opportunity for targeted advertising, it also puts extra onus
on these websites to protect user information.
Electronic Communications Data
Consists of three main categories of personal data: the content of a communication, traffic data, and
location data.
Electronic Communications Network
Transmission systems, and, where applicable, switching or routing equipment and other resources that
permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including
satellite networks; fixed and mobile terrestrial networks; electricity cable systems, to the extent that
they are used for the purpose of transmitting signals; networks used for radio and television
broadcasting, and cable television networks, irrespective of the type of information conveyed.
, Electronic Communications Service
Any service which provides to users thereof the ability to send or receive wire or electronic
communications.
Electronic Surveillance
Monitoring through electronic means; i.e., video surveillance, intercepting communications, stored
communications or location based services.
Encryption
The process of obscuring information, often through the use of a cryptographic scheme in order to make
the information unreadable without special knowledge; i.e., the use of code keys.
Encryption Key
A cryptographic algorithm applied to unencrypted text to disguise its value or to decrypt encrypted text.
End-User License Agreement
A contract between the owner of the software application and the user. The user agrees to pay for the
use of the software and promises to comply with certain restrictions on that use.
Enterprise Architecture
A conceptual outline, blueprint, or diagram that defines the structure and the operation of an
organization, normally in the context of developing a strategy for the realization of current and future
goals or objectives.
EU Data Protection Directive
Several directives deal with personal data usage in the EU, but the most overarching is the general policy
approved by the European Commission in 1995 (95/46EC) which protects individuals' privacy and
personal data use. The Directive was adopted in 1995, became effective in 1998 and protects individuals'
privacy and personal data use. The Directive recognizes the European view that privacy is a fundamental
human right and establishes a general comprehensive legal framework that is aimed at protecting
individuals and promoting individual choice regarding the processing of personal data. The Directive
imposes an onerous set of requirements on any person that collects or processes data pertaining to
individuals in their personal or professional capacity. It is based on a set of data protection principles,
which include the legitimate basis, purpose limitation, data quality, proportionality and transparency
principles, data security and confidentiality, data subjects' rights of access, rectification, deletion and
objection, restrictions on onwards transfers, additional protection where special categories of data and
direct marketing are involved and a prohibition on automated individual decisions. The Directive applies
to all sectors of industry, from financial institutions to consumer goods companies, and from list brokers
to any employer. The Directive's key provisions impose severe restrictions on personal data processing,
grant individual rights to "data subjects" and set forth specific procedural obligations including
notification to national authorities. This was followed in 1997 by a more specific directive for the
telecom sector (97/66/EC), which was replaced in mid-2002 by the European institutions to adapt it to
new technologies and business practices (2002/58/EC). The Directive has been supplemented by
LATEST UPDATE (ALREADY GRADED A+.)
Directive on Privacy and Electronic Communications Act 2002/58EC
A continuation of policy directives for the European Union Member States as set forth in the Data
Protection Directive. It has been amended by the Cookie Directive 2009/136EC, which added a
requirement that all websites using tracking cookies obtain user consent unless the cookie is "strictly
necessary for the delivery of a service requested by the use." This policy recognizes the importance of
cookies for the functioning of modern websites while still making users aware of any tracking the user
may not want to participate in.
Discretionary Access Control
A type of access control that allows an owner of an object, within a given computer-based information
system, to grant or deny access.
DMZ (Demilitarized Zone) Network
A firewall configuration for securing local area networks (LANs). In a DMZ configuration, there are a set
of computers that act as a broker for traffic between the LAN and an outside network allowing the
majority of computers to run safely behind a firewall. Thus these computers act as a broker similar to a
joint security area in a political demilitarized zone.
Do Not Track
A proposed regulatory policy, similar to the existing Do Not Call Registry in the United States, which
would allow consumers to opt out of web-usage tracking.
E-Commerce Websites
Websites with online ordering capabilities have special privacy advantages and risks. Unlike other web
advertisers, E-Commerce websites have direct access to information regarding user purchases and
payment information. While creating a great opportunity for targeted advertising, it also puts extra onus
on these websites to protect user information.
Electronic Communications Data
Consists of three main categories of personal data: the content of a communication, traffic data, and
location data.
Electronic Communications Network
Transmission systems, and, where applicable, switching or routing equipment and other resources that
permit the conveyance of signals by wire, radio, optical or other electromagnetic means, including
satellite networks; fixed and mobile terrestrial networks; electricity cable systems, to the extent that
they are used for the purpose of transmitting signals; networks used for radio and television
broadcasting, and cable television networks, irrespective of the type of information conveyed.
, Electronic Communications Service
Any service which provides to users thereof the ability to send or receive wire or electronic
communications.
Electronic Surveillance
Monitoring through electronic means; i.e., video surveillance, intercepting communications, stored
communications or location based services.
Encryption
The process of obscuring information, often through the use of a cryptographic scheme in order to make
the information unreadable without special knowledge; i.e., the use of code keys.
Encryption Key
A cryptographic algorithm applied to unencrypted text to disguise its value or to decrypt encrypted text.
End-User License Agreement
A contract between the owner of the software application and the user. The user agrees to pay for the
use of the software and promises to comply with certain restrictions on that use.
Enterprise Architecture
A conceptual outline, blueprint, or diagram that defines the structure and the operation of an
organization, normally in the context of developing a strategy for the realization of current and future
goals or objectives.
EU Data Protection Directive
Several directives deal with personal data usage in the EU, but the most overarching is the general policy
approved by the European Commission in 1995 (95/46EC) which protects individuals' privacy and
personal data use. The Directive was adopted in 1995, became effective in 1998 and protects individuals'
privacy and personal data use. The Directive recognizes the European view that privacy is a fundamental
human right and establishes a general comprehensive legal framework that is aimed at protecting
individuals and promoting individual choice regarding the processing of personal data. The Directive
imposes an onerous set of requirements on any person that collects or processes data pertaining to
individuals in their personal or professional capacity. It is based on a set of data protection principles,
which include the legitimate basis, purpose limitation, data quality, proportionality and transparency
principles, data security and confidentiality, data subjects' rights of access, rectification, deletion and
objection, restrictions on onwards transfers, additional protection where special categories of data and
direct marketing are involved and a prohibition on automated individual decisions. The Directive applies
to all sectors of industry, from financial institutions to consumer goods companies, and from list brokers
to any employer. The Directive's key provisions impose severe restrictions on personal data processing,
grant individual rights to "data subjects" and set forth specific procedural obligations including
notification to national authorities. This was followed in 1997 by a more specific directive for the
telecom sector (97/66/EC), which was replaced in mid-2002 by the European institutions to adapt it to
new technologies and business practices (2002/58/EC). The Directive has been supplemented by
