CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Which of the following would NOT increase the risk of privacy violation relating to runtime behavior
monitoring?
a. Feeding system logs into an external monitoring system.
b. Enabling programmers to define log parameters
c. Verifying runtime systems conform to requirement during integration testing with test data
d. Developing an automated defect reporting system to extract and send bug reports automatically
from end users.
c. Verifying runtime systems conform to requirements during integration testing with test data.
Requiring a user to provide a cell phone number to register when there is no need to contact the
individual via phone is an example of which dark pattern?
a. Bad default
b. Hidden stipulation
c. Shadow profiles
d. Information milking
d. Information Milking
What are He-man’s Three Techniques to inform individuals about how their data is being processed?
1. Supply (How data is being used and their rights)
2. Notify (if a breach has happened)
3. Explain (why processing is necessary and the consequences of not processing)
What task is the privacy technologist least likely to be responsible for in the event of a major data
breach?
a. Preparing a lessons-learned session to prevent similar breaches
b. Drafting a notice to regulators
c. Assessing impact of breach on individuals
d. Acting as privacy expert to support security investigations team.
b. Drafting a notice to regulators (This would likely be the role of legal counsel)
Which of the following is least likely to be used as a means of authentication?
a. your mother's maiden name
b. your thumb print
c. your ID badge
d. your type of web browser
d. your type of web browser
Which of the following is likely to be the most effective at reducing the risk of successful social
engineering to access corporate accounts?
, a. Imposing requirement to use different passwords on different accounts.
b. Instructing employees to never answer the phone
c. Mandating use of multi-factor authentication for corporate system access
d. Annual and ad hoc phishing training.
c. Mandating use of multi-factor authentication for corporate system access.
Using an image of an identifiable person scraped from Social media to advertise a product is definitely
an example of what privacy violation?
a. Interpolation
b. Distortion
c. exposure
d. appropiation
d. Appropiation
Appropiation
Using an individuals' identity to seve the aims and interest of others.
Distortion
Release of fabricated and incorrect personal information and can be used to harm ones reputation.
Blackmail
Threat of releasing peronal information against someone's will unless paid a ransom or to perform some
action
Disclosure
Revealing credible and private information about an individual that can affect how others view that
person or may impact their security.
Which of these is NOT a common way to abstract data?
a. grouping
b. summarizing
c. pseudonymising
d. perturbing
c. pseudonymisng
Abstracting Data
Limits the detail in the data or reduce the percision of data while retaining its accuracy and suitability.
This can be done by grouping (aggregate data into correlated sets), summarizing (separates out data
elements about individual from correlated groups) and perturbing (add noise to data)
What is the key privacy challenge that privacy technologists should be aware of when considering
cloud-based systems?
a. using a large multinational cloud provider
LATEST UPDATE (ALREADY GRADED A+.)
Which of the following would NOT increase the risk of privacy violation relating to runtime behavior
monitoring?
a. Feeding system logs into an external monitoring system.
b. Enabling programmers to define log parameters
c. Verifying runtime systems conform to requirement during integration testing with test data
d. Developing an automated defect reporting system to extract and send bug reports automatically
from end users.
c. Verifying runtime systems conform to requirements during integration testing with test data.
Requiring a user to provide a cell phone number to register when there is no need to contact the
individual via phone is an example of which dark pattern?
a. Bad default
b. Hidden stipulation
c. Shadow profiles
d. Information milking
d. Information Milking
What are He-man’s Three Techniques to inform individuals about how their data is being processed?
1. Supply (How data is being used and their rights)
2. Notify (if a breach has happened)
3. Explain (why processing is necessary and the consequences of not processing)
What task is the privacy technologist least likely to be responsible for in the event of a major data
breach?
a. Preparing a lessons-learned session to prevent similar breaches
b. Drafting a notice to regulators
c. Assessing impact of breach on individuals
d. Acting as privacy expert to support security investigations team.
b. Drafting a notice to regulators (This would likely be the role of legal counsel)
Which of the following is least likely to be used as a means of authentication?
a. your mother's maiden name
b. your thumb print
c. your ID badge
d. your type of web browser
d. your type of web browser
Which of the following is likely to be the most effective at reducing the risk of successful social
engineering to access corporate accounts?
, a. Imposing requirement to use different passwords on different accounts.
b. Instructing employees to never answer the phone
c. Mandating use of multi-factor authentication for corporate system access
d. Annual and ad hoc phishing training.
c. Mandating use of multi-factor authentication for corporate system access.
Using an image of an identifiable person scraped from Social media to advertise a product is definitely
an example of what privacy violation?
a. Interpolation
b. Distortion
c. exposure
d. appropiation
d. Appropiation
Appropiation
Using an individuals' identity to seve the aims and interest of others.
Distortion
Release of fabricated and incorrect personal information and can be used to harm ones reputation.
Blackmail
Threat of releasing peronal information against someone's will unless paid a ransom or to perform some
action
Disclosure
Revealing credible and private information about an individual that can affect how others view that
person or may impact their security.
Which of these is NOT a common way to abstract data?
a. grouping
b. summarizing
c. pseudonymising
d. perturbing
c. pseudonymisng
Abstracting Data
Limits the detail in the data or reduce the percision of data while retaining its accuracy and suitability.
This can be done by grouping (aggregate data into correlated sets), summarizing (separates out data
elements about individual from correlated groups) and perturbing (add noise to data)
What is the key privacy challenge that privacy technologists should be aware of when considering
cloud-based systems?
a. using a large multinational cloud provider
