CITP EXAM QUESTIONS AND ANSWERS:
LATEST UPDATE (ALREADY GRADED A+.)
Mix networks
A way of hiding one's traffic by combining the traffic of multiple computers into a single channel.
Private information retrieval
Range of protocols through which data can be retrieved from a database without revealing to the
database or another observer the information that is retrieved.
Access Management
Where an individual user has restrictions on what can be accessed and not be accessed.
Principle of least-privilege
Giving a user the minimal ccess to do their job
User-based access
Based on providing access based on the individual user
role-based
access to data based on the person's job at an organization
Something you know
User name or password
Something you are
Fingerprint or face/voice regocnition
Something you have
Token, keys, Id badges, smart card
Where you are
Physical location
Authentication
Ensure that the right individual are accesing the right resources. Accomplished by Something you know,
Somethig you are, something you have and where you are
Process-oriented strategies
Focus on enforcing policies and processes, demonstrating complicance, informing the individual nd
providing user control.
, Data Governance
Understands personal and non-personal data, how each is used and privacy risks,safeguards aligned
with priacy objectives, create a common taxonomy for data, identify business objectives for data , know
the laws and policies and implement technology.
Technological controls
Technology-centric privacy governance, link or translate internal controls into technology, privacy
engineeringis a result of this, translated technological controls whic include access orlimiting users,
minmizing data and deleting older data.
Engineering life cycle
Implementation of privacy-protective solutions into engneering life cycle, embedding privacy into the
engineering life cycl, which includes translatin privacy into the engineering culture and natural
enforcement of privacy safeguards with technology solutions.
When assessing a new platform that will allow college students to access their exam results online, a
privacy technologist reviews dataflows, notices and functionality. Adding a review of student
expectations and information flow norms between colleges and students is an application of which
concept:
a. Calo's Objective Harms
b. Solove's Decisonal Privacy
c. Nissenbaum's contextual Integrity
d. NIST privacy objective of manageability
c. Nissenbaum's contextual Integrity
When a programmer assigns data to different classes and restricts access to highly sensitive data to
select approved classes - this is known as:
a. loose coupling
b. Information hiding
c. cosed-source
d. standard API
b. Information Hiding
Information hiding
Is a programming principle that aims to prevent the direct modification of the data of a class. It provides
a strict guideline to access and modify the data of a class.
Encapsulation
Allows data and methods to be grouped together in a class.
What is likely to be the most appropriate data classification for a list of company executive and non-
executive directors:
a. confidential
b. internal use
LATEST UPDATE (ALREADY GRADED A+.)
Mix networks
A way of hiding one's traffic by combining the traffic of multiple computers into a single channel.
Private information retrieval
Range of protocols through which data can be retrieved from a database without revealing to the
database or another observer the information that is retrieved.
Access Management
Where an individual user has restrictions on what can be accessed and not be accessed.
Principle of least-privilege
Giving a user the minimal ccess to do their job
User-based access
Based on providing access based on the individual user
role-based
access to data based on the person's job at an organization
Something you know
User name or password
Something you are
Fingerprint or face/voice regocnition
Something you have
Token, keys, Id badges, smart card
Where you are
Physical location
Authentication
Ensure that the right individual are accesing the right resources. Accomplished by Something you know,
Somethig you are, something you have and where you are
Process-oriented strategies
Focus on enforcing policies and processes, demonstrating complicance, informing the individual nd
providing user control.
, Data Governance
Understands personal and non-personal data, how each is used and privacy risks,safeguards aligned
with priacy objectives, create a common taxonomy for data, identify business objectives for data , know
the laws and policies and implement technology.
Technological controls
Technology-centric privacy governance, link or translate internal controls into technology, privacy
engineeringis a result of this, translated technological controls whic include access orlimiting users,
minmizing data and deleting older data.
Engineering life cycle
Implementation of privacy-protective solutions into engneering life cycle, embedding privacy into the
engineering life cycl, which includes translatin privacy into the engineering culture and natural
enforcement of privacy safeguards with technology solutions.
When assessing a new platform that will allow college students to access their exam results online, a
privacy technologist reviews dataflows, notices and functionality. Adding a review of student
expectations and information flow norms between colleges and students is an application of which
concept:
a. Calo's Objective Harms
b. Solove's Decisonal Privacy
c. Nissenbaum's contextual Integrity
d. NIST privacy objective of manageability
c. Nissenbaum's contextual Integrity
When a programmer assigns data to different classes and restricts access to highly sensitive data to
select approved classes - this is known as:
a. loose coupling
b. Information hiding
c. cosed-source
d. standard API
b. Information Hiding
Information hiding
Is a programming principle that aims to prevent the direct modification of the data of a class. It provides
a strict guideline to access and modify the data of a class.
Encapsulation
Allows data and methods to be grouped together in a class.
What is likely to be the most appropriate data classification for a list of company executive and non-
executive directors:
a. confidential
b. internal use
