Beruflich Dokumente
Kultur Dokumente
CBK Tests
Revision 2.0.36
CIPP Guide's CIPP/IT Prep Materials
CIPP_IT_CBK_Tests Page 1
Table
of
Contents
i v. 2.0.36
Introduction
This booklet consolidates all of the tests from the CIPPguide website as of its date of
publication. Each chapter corresponds to a roughly 25 question test on site. At the end of
each chapter includes the answers. Explanations may be found on the website in the
interactive test engine. Best of luck on the exam!
1 v2.0.36
CIPP_IT_CBK_Tests 2
CIPP/IT
CBK Tests
1
A. birth date
B. national identification number
C. gender
D. driver's license number
A. personal data
B. private data
C. sensitive information
D. identifying information
3 v2.0.36
5. Highly sensitive PII must be ---- when stored on computers.
A. encrypted
B. deleted
C. destroyed
D. password protected
6. When it is time to destroy moderately sensitive PII stored on disk drives, the
disk drives must be overwritten a minimum of ---- times.
A. 1
B. 2
C. 3
D. more than 4
A. business
B. government
C. medical industry
D. educational institutions
8. When it is time to destroy highly sensitive PII stored on disk drives, the disk
drives must be overwritten a minimum of ---- times.
A. 1
B. 2
C. 3
D. more than 4
A. the OECD
B. the Federal Trade Commission
C. the Council of Economic Advisers
D. the National Security Council
10. Which of the following is NOT a core principle of the Fair Information
Principles?
A. Regulation
B. Participation
C. Consent
D. Awareness
CIPP_IT_CBK_Tests 4
11. The ability to access, create, modify, package, sell or remove data is also
known as:
A. consumer
B. compiler
C. decoder
D. all of the above
A. sensitive PII
B. sensitive data
C. anonymous data
D. general information
5 v2.0.36
A. notice/awareness
B. choice/consent
C. access/participation
D. integrity/security
18. The ---- time data is retained, the ---- the likelihood of accidental
disclosure.
A. longer; lower
B. less; higher
C. longer; higher
D. none of the above
21. ---- notice contains a high-level summary of the privacy issues in the program
or application. It directs the user to additional information.
A. discoverable
B. prominent
C. conspicuous
D. obvious
22. ---- notices are recommended for websites or products that may have complex
privacy statements.
A. Prominent
B. Conspicuous
C. Layered
D. Staggered
23. Which of the following requires the customer to take action before data is
collected or transferred?
A. opt-in consent
B. explicit
CIPP_IT_CBK_Tests 6
C. implicit
D. opt-out
A. consent
B. notice
C. choice
D. security
25. Customers are able to access and update PII that is stored. This is an example
of which of the following fair information principles?
A. notice/awareness
B. enforcement/redress
C. access/participation
D. integrity/security
7 v2.0.36
Answers
1. C
2. A
3. B
4. D
5. A
6. C
7. B
8. D
9. B
10. A
11. B
12. D
13. D
14. C
15. B
16. B
17. D
18. C
19. D
20. C
21. B
22. C
23. B
24. A
25. C
CIPP_IT_CBK_Tests 8
CIPP/IT CBK Tests
2
A. administrator controls
B. programmer controls
C. user controls
D. license controls
2. ---- act on a company's behalf. The can only use the data as instructed by the
company.
A. SSL
B. P3P
C. P2P
D. EPAL
9 v2.0.36
5. ---- represents user preferences regarding P3P policies.
A. APPEL
B. EPAL
C. HTML
D. XML
A. APPEL
B. EPAL
C. HTML
D. XML
8. There are ---- options for websites to notify user agents about the location of
their policy reference files.
A. 1
B. 2
C. 3
D. 4
9. Which of the following enables a web browser to decide whether or not to accept
a cookie?
A. user agent
B. compact policy
C. XML file
D. proxy server
10. In which of the following user agents blocked cookies, without full
consideration of P3P policies?
A. IE5
B. IE6
C. Netscape Navigator 7
D. Privacy Bird
11. Which of the following is used to describe data handling practices according to
positive/negative authorization rights?
CIPP_IT_CBK_Tests 10
A. APPEL
B. EPAL
C. HTML
D. XML
12. A ---- notice occurs just before the collection or sharing of data.
A. first run
B. last chance
C. just-in-time
D. installation time
13. Which of the following statements is NOT true of a first run notice?
A. administrator control
B. user control
C. customized choices
D. user participation
15. An "out of the box" experience is also referred to as a(n) ---- experience.
A. administrator
B. installation
C. standardized
D. setup
16. For a system administrator, an out of the box notice is the equivalent of a
---- notice.
A. installation time
B. first run
C. just in time
D. standardized
11 v2.0.36
18. Which of the following is a benefit of data classification from an IT
perspective?
A. Strategy
B. Window
C. Portal
D. Collaboration
A. temporary
B. centralized
C. decentralized
D. unlimited
22. Which of the following architectures eliminate the risk of storing local data?
A. Portal
B. Fat client
C. Thin client
D. Multi client
23. A security patch applied to one system corrects a security flaw that may impact
hundreds of users. This example refers to which type of architecture?
A. Portal
B. Fat client
C. Thin client
D. Multi client
CIPP_IT_CBK_Tests 12
24. A user can access sensitive information through a system inside the office, but
is denied access to the same information when using a PDA connected over the web.
This example refers to which type of architecture?
A. Portal
B. Fat client
C. Thin client
D. Multi client
25. Calling "https" within the browser requests that the data be transferred
through:
A. TLS
B. TCP
C. SSL
D. SLL
13 v2.0.36
Answers
1. A
2. C
3. A
4. B
5. A
6. D
7. A
8. C
9. B
10. B
11. B
12. C
13. C
14. A
15. D
16. B
17. D
18. B
19. B
20. C
21. B
22. C
23. C
24. A
25. C
CIPP_IT_CBK_Tests 14
CIPP/IT CBK Tests
3
Questions
1. SSL negotiates:
A. Netscape
B. Internet Explorer
C. Safari
D. Opera
A. SSL interaction
B. SSL session
C. SSL connection
D. SSL record
5. HTTP, IMAP, POP3 and SMTP use ---- to establish secure connections.
15 v2.0.36
A. SSL
B. TLS
C. TCP
D. TSL
A. privacy modes
B. object controls
C. cookie controls
D. malware detection
7. ---- describe browser mechanisms which allow users to decide which other
mechanisms should be blocked or allowed.
A. privacy modes
B. browser record
C. object controls
D. cookie controls
A. privacy modes
B. object controls
C. cookie controls
D. browser record
9. Which of the following browser's privacy mode blocks the referring URL from
being sent?
A. Chrome's Incognito
B. IE8 InPrivate Browsing
C. Firefox 3.5's Private Browsing
D. Safari's Private Browsing
10. In which of the following browsers are new cookies NOT deleted at the end of
the session?
A. IE 8
B. Firefox 3.5
C. Safari
D. Opera 10
11. Which of the following web browsers block third-party cookie default settings?
A. Chrome
B. IE 8
C. Safari
CIPP_IT_CBK_Tests 16
D. Opera 10
12. Which of the following web browsers automatically prevents deleted cookies from
being reset?
A. Chrome
B. Firefox
C. Safari
D. IE 8
A. locatability
B. pseudo-anonymity
C. pattern knowledge
D. gender categorization
15. Ethnicity, religion, age, region, sexual orientation and linguistic patterns
are classified under which type of identity knowledge?
A. pseudo-anonymity
B. real anonymity
C. socal categorization
D. symbols of eligibility/non-eligibility
A. Identifier
B. Attribute
C. Charateristic
D. Authenticator
A. identifiers; attributes
B. characteristics; authenticators
C. individuals; organizations
17 v2.0.36
D. attributes; traits
18. ---- refers to the use of authentication systems for reasons other than their
intended purposes.
A. change of plans
B. function creep
C. privacy breach
D. widening scope
21. ----_ ensures that a purchaser will not have his/her purchase history tracked.
A. Anonymizing
B. Pseudonymizing
C. Authenticating
D. Encrypting
A. anonymizing
B. pseudonymizing
C. routing
D. cryptography
A. phishing
B. spyware and adware
C. traffic analysis
D. web bugs
CIPP_IT_CBK_Tests 18
A. storage
B. collection
C. analysis
D. transport
A. data randomization
B. data re-identification
C. data de-identification
D. data anonymization
19 v2.0.36
Answers
1. C
2. A
3. B
4. C
5. B
6. D
7. C
8. A
9. B
10. D
11. C
12. B
13. B
14. D
15. C
16. B
17. A
18. B
19. C
20. D
21. A
22. D
23. C
24. D
25. C
CIPP_IT_CBK_Tests 20
CIPP/IT CBK Tests
Questions
1. Which of the following is NOT one of the identifiers that must be removed in
order to de-identify data?
A. ethnicity
B. street address
C. birth dates
D. social security number
2. Individuals are treated differently based on their online profiles. This may
result in paying higher than usual prices. This is known as:
A. online differentiation
B. price discrimination
C. e-commerce pricing
D. online shopping
3. Which of the following is NOT a privacy risk that results from e-commerce
personalization?
A. subpoena
B. government surveillance
C. difficulty accessing user accounts
D. unsolicited marketing
A. the more a company knows about them, the less they will be offered discounts or
specials.
B. the more a company knows about them, the more the company will market to them.
21 v2.0.36
C. the more a company contacts them, the more they will be tempted to spend
unwisely.
D. unsolicited marketing is a highly impersonal and ineffective method of
marketing.
5. TiVo digital video recorder users are often surprised at the programming
selections that their TiVo makes for them, based on their TV viewing history. This
is an example of:
A. government surveillance
B. unsolicited marketing
C. surprisingly accurate inferences
D. unauthorized access to accounts
6. An e-commerce privacy risk is that some online profile information may be ----
in a criminal case, or in civil litigation.
A. subpoenaed
B. summoned
C. contested
D. penalized
A. data quality
B. use limitation
C. purpose specification
D. collection limitation
9. P3P-enabled web browsers can help to support which of the following fair
information practice principles?
A. use limitation
B. purpose specification
C. security safeguards
D. collection limitation
10. In the US, privacy laws are sector-specific. Which of the following does NOT
have specific regulations on e-commerce personalization?
CIPP_IT_CBK_Tests 22
A. health care
B. children's sites
C. retail sites
D. financial sites
11. According to US privacy laws, children's web sites cannot collect PII from
children under age ----, unless their parent consents to it.
A. 12
B. 13
C. 16
D. 18
A. NAI Principles
B. FTC Principles
C. OCED fair information practices
D. GAPP
13. Which of the following is NOT a practice regulated under the NAI Self-
Regulatory Code of Conduct?
A. use limitation
B. reliability
C. accountability
D. security
14. ---- refers to a process in which data collected across multiple web domains is
used to categorize consumer interest segments.
A. MSA
B. OBA
C. OPM
D. TPO
15. ---- notice gives consumers clear, conspicuous notice about the scope of PII
and non-PII collection and use.
A. Opt-in
B. Opt-out
C. Robust
D. Third-party
16. When PII is collected for marketing purposes, this does NOT include:
23 v2.0.36
A. the aggregation of PII
B. the selling of PII
C. the disposal of PII
D. the updating of PII
17. Personalization systems that tend to be more privacy invasive show all of the
following characteristics EXCEPT:
18. Personalization systems that tend to be less privacy invasive show all of the
following characteristics EXCEPT:
A. predication based
B. user initiated
C. transient
D. explicit data collection
19. An user places a pair of running shoes into her online shopping cart. The web
site suggests that she purchase athletic socks and running shorts. This is an
example of:
A. unsolicited marketing
B. session-focused personalization
C. persistent personalization
D. implicit data collection
A. Tor network
B. rootkits
C. DES cipher
D. wiretapping systems
CIPP_IT_CBK_Tests 24
A. Asymmetric
B. Secret-key
C. Public-key
D. Symmetric
23. ---- cryptography uses the same key for encryption an decryption.
A. Asymmetric
B. Secret-key
C. Public-key
D. Symmetric
A. MIX
B. NET
C. node
D. key
A. secret-key cryptography
B. public-key cryptography
C. symmetric cryptography
D. key cryptography
25 v2.0.36
Answers
1. A
2. B
3. C
4. B
5. C
6. A
7. C
8. D
9. B
10. C
11. B
12. A
13. C
14. B
15. C
16. C
17. B
18. A
19. B
20. D
21. B
22. C
23. D
24. A
25. B
CIPP_IT_CBK_Tests 26
CIPP/IT CBK Tests
5
Questions
1. Which of the following Internet anonymity tools ensures peer to peer anonymous
publication?
A. remailers
B. freehaven
C. digicash
D. ZKS freedom
A. remailers
B. onion routing
C. freehaven
D. ZKS freedom
A. cypherpunk remailers
B. nym servers
C. mixmaster remailers
D. anonymous remailers
A. pseudonymous remailers
B. cypherpunk remailers
C. mixmaster remailers and cypherpunk remailers
D. mixmaster remailers and mixminion remailers
27 v2.0.36
A. the programmer and purchaser of software
B. the licensor and puchaser of software
C. the designer and developer of software
D. the retailer and purchaser of software
8. Privacy Impact Assessments examine aspects of privacy from all of the following
angles except:
10. Which of the following systems are NOT required to complete a PIA?
A. new systems
B. systems under development
C. systems undergoing major modifications
D. currently operational systems
CIPP_IT_CBK_Tests 28
D. curb the rights of distributors of digital content.
13. According to data protection design, what are the two sets of costs involved in
respecting customer privacy?
14. The usefulness of online privacy technologies may be related to Metcalfe's law,
stating that the usefulness of a network is:
15. ---- is a framework for IT management that provides guidelines for appropriate
IT use and IT governance in an organization.
A. COBIT
B. PIA
C. ITIL
D. ISACA
A. user-friendly
B. business-focused
C. driven by public opinion
D. collaborative
17. COBIT's business requirements for information include all of the following
criteria EXCEPT:
A. effectiveness
B. integrity
C. accountability
29 v2.0.36
D. compliance
A. applications
B. hardware
C. information
D. people
19. A systems engineer asks if changes can be made without upsetting current
business operations. Within the COBIT framework, this action would fit under the
---- domain.
20. A systems engineer asks if IT performance can be linked back to business goals.
Within the COBIT framework, this action would fit under the ---- domain.
21. COBIT is based on ---- IT processes that are generally used to plan, build, run
and monitor IT responsibilities.
A. 4
B. 12
C. 34
D. 56
23. Which of the following is NOT a purpose of the ISO/IEC 38500 2008 standard?
CIPP_IT_CBK_Tests 30
D. assure stakeholders in their confidence in the organization
24. ---- is a set of concepts and practices for IT development and IT operations.
A. COBIT
B. ISO/IEC 38500: 2008
C. ITIL
D. ITSM
A. US
B. UK
C. Canadian
D. German
31 v2.0.36
Answers
1. B
2. A
3. C
4. C
5. B
6. C
7. B
8. B
9. B
10. D
11. A
12. B
13. C
14. C
15. A
16. B
17. C
18. B
19. B
20. D
21. C
22. A
23. B
24. C
25. B
CIPP_IT_CBK_Tests 32
CIPP/IT CBK Tests
6
Questions
1. The two main disciplines of the ITIL include:
A. COBIT
B. ITIL
C. ITUP
D. ISO/IEC 38500: 2008
A. tools
B. scenarios
C. management
D. process descriptions
33 v2.0.36
A. protect cardholder data
B. implement cryptographic measures
C. maintain an information security policy
D. monitor and test networks
7. Regular updates of anti-virus software would fall under which of the following
PCI DSS core elements?
8. The HITRUST alliance is known for developing which of the following frameworks?
A. financial information
B. healthcare information
C. personally identifiable information
D. legal information
A. succession planning
B. access control
C. asset management
D. physical and environmental security
11. Which of the following is NOT considered an implementation category, under the
HITRUST CSF?
A. scoping
B. designing
CIPP_IT_CBK_Tests 34
C. assessment
D. remediation
12. ---- assumes fiduciary responsibility over handling and protecting consumer
data.
A. transparency
B. openness
C. accountability
D. stewardship
13. A privacy audit deals with three levels of compliance, including all of the
following EXCEPT:
A. existence
B. development
C. coverage
D. effectiveness
14. A(n) ---- audit is conducted through desk research and correspondence.
A. intensive
B. research
C. scoping
D. real-time
A. intensive audit
B. review audit
C. research audit
D. real-time audit
A. intensive audit
B. scoping audit
C. real-time audit
D. compliance audit
17. The GAPP was developed by ---- and ---- accounting professionals.
A. American; Canadian
B. American; French
C. British; French
D. German; British
35 v2.0.36
18. Which of the following is NOT identified as a principle in the GAPP?
A. management
B. notice
C. consent
D. acceptance
A. systems development
B. systems and applications
C. innovative comparison
D. client/server
21. An audit which verifies that applications are processed appropriately would be
classified as which of the following audits?
A. judgment
B. resources
C. management orverride
D. breakdowns
24. Which of the following would represent a risk assessment undertaken during an
CIPP_IT_CBK_Tests 36
audit?
A. ICHAMPBO
B. PIPS
C. SIPS
D. CHAMP
37 v2.0.36
Answers
1. C
2. C
3. C
4. D
5. B
6. B
7. D
8. A
9. B
10. A
11. B
12. D
13. B
14. C
15. A
16. B
17. A
18. D
19. B
20. C
21. B
22. B
23. B
24. A
25. B
CIPP_IT_CBK_Tests 38
CIPP/IT CBK Tests
Questions
1. ---- controls define and help to enforce acceptable behaviors.
A. Internal
B. Active
C. Protective
D. Detective
A. virtual reality
B. technological advancement
C. WLAN
D. Bluetooth
A. biometric identification
B. virtual reality
C. ASP
D. SOA
39 v2.0.36
5. Which of the following is NOT a characteristic of the SaaS model?
A. voice analysis
B. retina scan
C. signature
D. all of the above
A. the physical characteristic should develop over the course of the individual's
lifetime
B. the data must be easily verified in a convenient manner
C. the physical characteristic must be easily scanned, with affordable equipment
that produces an immediate result
D. the physical characteristic must identify the individual uniquely
A. SaaS
B. ASP
C. RBAC
D. CRM
9. With RBAC, the process of defining user roles should be based on:
CIPP_IT_CBK_Tests 40
A. permissions must be changed
B. permissions must be defined
C. the system involves complex tasks
D. the system involves simple tasks
A. W3C
B. Liberty Alliance
C. PIAC
D. Public Voice
13. The varied business, legal and privacy considerations involved in identity
management are referred to as:
A. circle of trust
B. collaborative development
C. angle of approach
D. special interest concerns
14. Which of the following Liberty services work towards correcting consumer
privacy issues?
A. Deployment workshops
B. Liberty Interoperable
C. "work with other standards" bodies
D. PPEG
15. Which of the following services enables improved security and faster sign up
processes for websites?
A. Liberty Interoperable
B. circle of trust
C. OpenID
D. ubicomp
A. Google
B. Apple
C. Microsoft
D. none of the above
A. It asks that users create and store a profile that includes personal
41 v2.0.36
information, such as their birth date, name and location.
B. It allows users to use one account to access multiple websites and services
online.
C. It puts users at a greater risk for security breaches, since personal
information is centralized.
D. It is available to government, website operators as well as individuals.
18. Which of the following is model of digital identity architecture that allows
users to create and use a number of digital identities?
A. OpenID
B. identity metasystem
C. multiple identity management
D. Liberty Digital
19. Which of the following was NOT a criteria of the identity metasystem model?
A. NFC
B. Bluetooth
C. RFID
D. GIS
A. NFC
B. Bluetooth
C. RFID
D. GIS
CIPP_IT_CBK_Tests 42
A. packet-based
B. circuit-based
C. protocol-based
D. wave-based
A. 3
B. 5
C. 7
D. 10
A. UPC barcodes
B. GPS devices
C. PANs
D. Bluetooth devices
43 v2.0.36
Answers
1. C
2. D
3. A
4. C
5. D
6. D
7. A
8. C
9. C
10. B
11. A
12. B
13. A
14. D
15. C
16. D
17. C
18. B
19. B
20. A
21. D
22. B
23. A
24. C
25. A
CIPP_IT_CBK_Tests 44
CIPP/IT CBK Tests
8
Questions
1. RFID technology developed from:
2. ---- is an umbrella term that refers to the delivery of hosted services over the
Internet.
A. software as a service
B. platform as a service
C. infrastructure as a service
D. cloud computing
45 v2.0.36
A. Privacy and confidentiality rights may change when a user chooses to disclose
information to a cloud service provider.
B. Data stored with cloud service providers are subject to the privacy laws of the
location where the data is kept.
C. Cloud service providers are prohibited to change their terms of service and
policies at will.
D. Cloud computing can undermine trade secrets and other professional secrecy
obligations.
A. financial institutions
B. IT technicians
C. retail stores
D. government agencies
A. education principle
B. material changes principle
C. responsibility principle
D. accountability principle
10. ---- is able to inspect each byte of every packet sent over a network
connection.
CIPP_IT_CBK_Tests 46
D. shallow packet inspection
11. Deep packet inspection is capable of looking at which of the following layers
in the OSI model?
A. all layers
B. layers 1-4
C. layers 4-7
D. layers 2-7
13. The process of using one website in order to drive traffic to another is known
as:
A. DPI
B. affiliate marketing
C. search engine optimization
D. traffic management
14. Which of the following contributes the most to privacy risks on social
networking sites?
15. An e-commerce site would most likely use ---- for payment transactions.
A. TCP/IP
B. HTTP
C. S-HTTP
D. HTTPS
47 v2.0.36
17. Which of the following statements is true of HTTPS?
A. web beacon
B. online bug
C. web tracker
D. visitor counter
19. Which of the following actions can help prevent web beacons from collecting
user information?
A. ISPs
B. cryptographic protcols
C. security functions
D. Web beacons
CIPP_IT_CBK_Tests 48
C. redundant disks
D. hot swappable components
A. a thin client
B. a Web beacon
C. an encryption device
D. an ID card
49 v2.0.36
Answers
1. B
2. D
3. C
4. A
5. C
6. D
7. A
8. C
9. B
10. A
11. D
12. B
13. B
14. C
15. D
16. A
17. C
18. A
19. C
20. D
21. A
22. B
23. B
24. D
25. A
CIPP_IT_CBK_Tests 50