Page 1 out of 10. Viewing questions 1-15 out of 146
Question 1
Which of the following is an example of drone “swarming”?
A.
A drone filming a cyclist from above as he rides.
B.
A drone flying over a building site to gather data.
C.
Drones delivering retailers’ packages to private homes.
D.
Drones communicating with each other to perform a search and rescue.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 2
What is an Access Control List?
A.
A list of steps necessary for an individual to access a resource.
B.
A list that indicates the type of permission granted to each individual.
C.
A list showing the resources that an individual has permission to access.
D.
A list of individuals who have had their access privileges to a resource revoked.
Answer:
C
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 3
Which is likely to reduce the types of access controls needed within an organization?
A.
Decentralization of data.
B.
Regular data inventories.
C.
Standardization of technology.
D.
Increased number of remote employees.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 4
Organizations understand there are aggregation risks associated with the way the process their customers dat a. They typically include the details of this aggregation risk in a privacy notice and ask that all customers acknowledge they understand these risks and consent to the processing. What type of risk response does this notice and consent represent?
A.
Risk transfer.
B.
Risk mitigation.
C.
Risk avoidance.
D.
Risk acceptance.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 5
What risk is mitigated when routing video traffic through a companys application servers, rather than sending the video traffic directly from one user to another?
A.
The user is protected against phishing attacks.
B.
The user’s identity is protected from the other user.
C.
The user’s approximate physical location is hidden from the other user.
D.
The user is assured that stronger authentication methods have been used.
Answer:
B
User Votes:
A
50%
B 1 votes
50%
C
50%
D
50%
Discussions
0/ 1000
Question 6
In day to day interactions with technology, consumers are presented with privacy choices. Which of the following best represents the Privacy by Design (PbD) methodology of letting the user choose a non-zero-sum choice?
A.
Using images, words, and contexts to elicit positive feelings that result in proactive behavior, thus eliminating negativity and biases.
B.
Providing plain-language design choices that elicit privacy-related responses, helping users avoid errors and minimize the negative consequences of errors when they do occur.
C.
Displaying the percentage of users that chose a particular option, thus enabling the user to choose the most preferred option.
D.
Using contexts, antecedent events, and other priming concepts to assist the user in making a better privacy choice.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 7
Which of the following would be the most appropriate solution for preventing privacy violations related to information exposure through an error message?
A.
Configuring the environment to use shorter error messages.
B.
Handing exceptions internally and not displaying errors to the user.
C.
Creating default error pages or error messages which do not include variable data.
D.
Logging the session name and necessary parameters once the error occurs to enable trouble shooting.
Answer:
C
User Votes:
A
50%
B
50%
C 1 votes
50%
D
50%
Discussions
0/ 1000
Question 8
What logs should an application server retain in order to prevent phishing attacks while minimizing data retention?
A.
Limited-retention, de-identified logs including only metadata.
B.
Limited-retention, de-identified logs including the links clicked in messages as well as metadata.
C.
Limited-retention logs including the identity of parties sending and receiving messages as well as metadata.
D.
Limited-retention logs including the links clicked in messages, the identity of parties sending and receiving them, as well as metadata.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 9
Which of the following modes of interaction often target both people who personally know and are strangers to the attacker?
A.
Spam.
B.
Phishing.
C.
Unsolicited sexual imagery.
D.
Consensually-shared sexual imagery.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 10
A company seeking to hire engineers in Silicon Valley ran an ad campaign targeting women in a specific age range who live in the San Francisco Bay Area. Which Calo objective privacy harm is likely to result from this campaign?
A.
Lost opportunity.
B.
Economic loss.
C.
Loss of liberty.
D.
Social detriment.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 11
What privacy risk is NOT mitigated by the use of encrypted computation to target and serve online ads?
A.
The ad being served to the user may not be relevant.
B.
The user’s sensitive personal information is used to display targeted ads.
C.
The personal information used to target ads can be discerned by the server.
D.
The user’s information can be leaked to an advertiser through weak de-identification techniques.
Answer:
D
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 12
When analyzing user data, how is differential privacy applied?
A.
By injecting noise into aggregated datasets.
B.
By assessing differences between datasets.
C.
By applying asymmetric encryption to datasets.
D.
By removing personal identifiers from datasets.
Answer:
A
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 13
Between November 30th and December 2nd, 2013, cybercriminals successfully infected the credit card payment systems and bypassed security controls of a United States-based retailer with malware that exfiltrated 40 million credit card numbers. Six months prior, the retailer had malware detection software installed to prevent against such an attack. Which of the following would best explain why the retailers consumer data was still exfiltrated?
A.
The detection software alerted the retailers security operations center per protocol, but the information security personnel failed to act upon the alerts.
B.
The U.S Department of Justice informed the retailer of the security breach on Dec. 12th, but the retailer took three days to confirm the breach and eradicate the malware.
C.
The IT systems and security measures utilized by the retailers third-party vendors were in compliance with industry standards, but their credentials were stolen by black hat hackers who then entered the retailers system.
D.
The retailers network that transferred personal data and customer payments was separate from the rest of the corporate network, but the malware code was disguised with the name of software that is supposed to protect this information.
Answer:
B
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 14
Which of the following is the least effective privacy preserving practice in the Systems Development Life Cycle (SDLC)?
A.
Conducting privacy threat modeling for the use-case.
B.
Following secure and privacy coding standards in the development.
C.
Developing data flow modeling to identify sources and destinations of sensitive data.
D.
Reviewing the code against Open Web Application Security Project (OWASP) Top 10 Security Risks.
Answer:
C
User Votes:
A
50%
B
50%
C
50%
D
50%
Discussions
0/ 1000
Question 15
Which of the following functionalities can meet some of the General Data Protection Regulation’s (GDPR’s) Data Portability requirements for a social networking app designed for users in the EU?
A.
Allow users to modify the data they provided the app.
B.
Allow users to delete the content they provided the app.
C.
Allow users to download the content they have provided the app.
D.
Allow users to get a time-stamped list of what they have provided the app.