Question 1

If an organization asks you to disclose your date of birth and your address,but refuses to let you review or correct the information you provided,the organization has likely violated which of the Generally Accepted Privacy Principles?

Accepted Answer

A)  Collection
B)  Access
C)  Security
D)  Choice and consent

Question 2

After the information that needs to be protected has been identified,what step should be completed next?

Accepted Answer

A)  The information needs to be placed in a secure,central area.
B)  The information needs to be encrypted.
C)  The information needs to be classified in terms of its value to the organization.
D)  The information needs to be depreciated.

Question 3

A process that takes plaintext of any length and transforms it into a short code.

Accepted Answer

A)  asymmetric encryption
B)  encryption
C)  hashing
D)  symmetric encryption

Question 4

Identify the item below which is not a piece of legislation passed to protect individuals against identity theft or to secure individuals' privacy.

Accepted Answer

A)  the Health Insurance Portability and Accountability Act
B)  the Health Information Technology for Economic and Clinical Heath Act
C)  the Financial Services Modernization Act
D)  the Affordable Care Act

Question 5

The system and processes used to issue and manage asymmetric keys and digital certificates are known as

Accepted Answer

A)  asymmetric encryption.
B)  certificate authority.
C)  digital signature.
D)  public key infrastructure.

Question 6

The first steps in protecting the privacy of personal information is to identify

Accepted Answer

A)  what sensitive information is possessed by the organization.
B)  where sensitive information is stored.
C)  who has access to sensitive information.
D)  All of the above are first steps in protecting privacy.

Question 7

Describe some steps you can take to minimize your risk of identity theft.

Accepted Answer

Shred documents containing personal info...

Question 8

If an organization asks you to disclose your date of birth and your address,but fails to establish any procedures for responding to customer complaints,the organization has likely violated which of the Generally Accepted Privacy Principles?

Accepted Answer

A)  Collection
B)  Access
C)  Security
D)  Monitoring and enforcement

Question 9

In a private key system the sender and the receiver have ________,and in the public key system they have ________.

Accepted Answer

A)  different keys; the same key
B)  a decrypting algorithm; an encrypting algorithm
C)  the same key; two separate keys
D)  an encrypting algorithm; a decrypting algorithm

Question 10

Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information?

Accepted Answer

A)  identification of information to be protected
B)  backing up the information
C)  controlling access to the information
D)  training

Question 11

Under CAN-SPAM legislation,an organization that receives an opt-out request from an individual has ________ days to implement steps to ensure they do not send out any additional unsolicited e-mail to the individual again.

Accepted Answer

A)  2
B)  5
C)  7
D)  10

Question 12

Cindy Vindoolo logged on to her e-mail account to find that she had received 50 e-mails from a company called LifeCo that promised her extreme weight loss if she bought their diet pills.Cindy angrily deleted all 50 e-mails,realizing she was a victim of

Accepted Answer

A)  telemarketing.
B)  spam.
C)  direct mail.
D)  MLM.

Question 13

Which type of software blocks outgoing messages containing key words or phrases associated with an organization's sensitive data?

Accepted Answer

A)  anti-virus software
B)  data loss prevention software
C)  a digital watermark
D)  information rights software

Question 14

True or False: Encryption is one of the many ways to protect information in transit over the internet.

Accepted Answer

A) True 
 B)False

Question 15

Classification of confidential information is the responsibility of whom,according to COBIT5?

Accepted Answer

A)  external auditor
B)  information owner
C)  IT security professionals
D)  management

Question 16

Information encrypted with the creator's private key that is used to authenticate the sender is

Accepted Answer

A)  asymmetric encryption.
B)  digital certificate.
C)  digital signature.
D)  public key.

Question 17

In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

Accepted Answer

A)  security.
B)  confidentiality.
C)  privacy.
D)  availability.

Question 18

If an organization asks you to disclose your social security number,yet fails to properly dispose of your private information once it has fulfilled its purpose,the organization has likely violated which of the Generally Accepted Privacy Principles?

Accepted Answer

A)  Management
B)  Notice
C)  Choice and consent
D)  Use and retention

Question 19

Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?

Accepted Answer

A)  Provide free credit report monitoring for customers.
B)  Inform customers of the option to opt-out of data collection and use of their personal information.
C)  Allow customers' browsers to decline to accept cookies.
D)  Utilize controls to prevent unauthorized access to,and disclosure of,customers' information.

Question 20

It is impossible to encrypt information

Accepted Answer

A)  transmitted over the Internet.
B)  stored on a hard drive.
C)  printed on a report.
D)  None of the above

Exam 9: Confidentiality and Privacy Controls

Classification of confidential information is the responsibility of whom,according to COBIT5?

Correct AnswerverifiedShow Answer

Under CAN-SPAM legislation,an organization that receives an opt-out request from an individual has ________ days to implement steps to ensure they do not send out any additional unsolicited e-mail to the individual again.

Correct AnswerverifiedShow Answer

If an organization asks you to disclose your social security number,yet fails to properly dispose of your private information once it has fulfilled its purpose,the organization has likely violated which of the Generally Accepted Privacy Principles?

Correct AnswerverifiedShow Answer

It is impossible to encrypt information

Correct AnswerverifiedShow Answer

Which of the following is not one of the basic actions that an organization must take to preserve the confidentiality of sensitive information?

Correct AnswerverifiedShow Answer

Information encrypted with the creator's private key that is used to authenticate the sender is

Correct AnswerverifiedShow Answer

Identify the item below which is not a piece of legislation passed to protect individuals against identity theft or to secure individuals' privacy.

Correct AnswerverifiedShow Answer

Cindy Vindoolo logged on to her e-mail account to find that she had received 50 e-mails from a company called LifeCo that promised her extreme weight loss if she bought their diet pills.Cindy angrily deleted all 50 e-mails,realizing she was a victim of

Correct AnswerverifiedShow Answer

If an organization asks you to disclose your date of birth and your address,but fails to establish any procedures for responding to customer complaints,the organization has likely violated which of the Generally Accepted Privacy Principles?

Correct AnswerverifiedShow Answer

The first steps in protecting the privacy of personal information is to identify

Correct AnswerverifiedShow Answer

In a private key system the sender and the receiver have ________,and in the public key system they have ________.

Correct AnswerverifiedShow Answer

In developing policies related to personal information about customers,Folding Squid Technologies adhered to the Trust Services framework.The standard applicable to these policies is

Correct AnswerverifiedShow Answer

After the information that needs to be protected has been identified,what step should be completed next?

Correct AnswerverifiedShow Answer

Which of the following is not one of the 10 internationally recognized best practices for protecting the privacy of customers' personal information?

Correct AnswerverifiedShow Answer

The system and processes used to issue and manage asymmetric keys and digital certificates are known as

Correct AnswerverifiedShow Answer

Describe some steps you can take to minimize your risk of identity theft.

Correct AnswerverifiedShred documents containing personal info...View AnswerShow Answer

If an organization asks you to disclose your date of birth and your address,but refuses to let you review or correct the information you provided,the organization has likely violated which of the Generally Accepted Privacy Principles?

Correct AnswerverifiedShow Answer

Which type of software blocks outgoing messages containing key words or phrases associated with an organization's sensitive data?

Correct AnswerverifiedShow Answer

True or False: Encryption is one of the many ways to protect information in transit over the internet.

Correct AnswerverifiedShow Answer

A process that takes plaintext of any length and transforms it into a short code.

Correct AnswerverifiedShow Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

In a private key system the sender and the receiver have ,and in the public key system they have .

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified
Shred documents containing personal info...
View Answer

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified

Correct Answer
verified