Top Mark Questions and Correct Verified Answers
CIPT Questions and Correct Verified
Answers
Access Control Entry
✓ An element in an access control list. Each ACE controls, monitors, or records
access to an object by a specified user.
Access Control List
✓ A list of access control entries (ACE) that apply to an object. Each ACE controls
or monitors access to an object by a specified user. In a discretionary access
control list (DACL), the ACL controls access; in a system access control list
(SACL) the ACL monitors access in a security event log which can comprise part
of an audit trail.
Accountability
✓ A fair information practices principle, it is the idea that when personal
information is to be transferred to another person or organization, the personal
information controller should obtain the consent of the individual or exercise
due diligence and take reasonable steps to ensure that the recipient person or
organization will protect the information consistently with other fair use
principles.
Active Data Collection
✓ When an end user deliberately provides information, typically through the use
of web forms, text boxes, check boxes or radio buttons.
AdChoices
Top Mark !!!
, Top Mark Questions and Correct Verified Answers
✓ A program run by the Digital Advertising Alliance to promote awareness and
choice in advertising for internet users. Websites with ads from participating
DAA members will have an AdChoices icon near advertisements or at the
bottom of their pages. By clicking on the Adchoices icon, users may set
preferences for behavioral advertising on that website or with DAA members
generally across the web.
Adequate Level of Protection
✓ A label that the EU may apply to third-party countries who have committed to
protect data through domestic law making or international commitments.
Conferring of the label requires a proposal by the European Commission, an
Article 29 Working Group Opinion, an opinion of the article 31 Management
Committee, a right of scrutiny by the European Parliament and adoption by the
European Commission.
Advanced Encryption Standard
✓ An encryption algorithm for security sensitive non-classified material by the U.S.
Government. This algorithm was selected in 2001 to replace the previous
algorithm, the Date Encryption Standard (DES), by the National Institute of
Standards and Technology (NIST), a unit of the U.S. Commerce Department,
through an open competition. The winning algorithm (RijnDael, pronounced
rain-dahl), was developed by two Belgian cryptographers, Joan Daemen and
Vincent Rijmen.
Adverse Action
✓ Under the Fair Credit Reporting Act, the term "adverse action" is defined very
broadly to include all business, credit and employment actions affecting
consumers that can be considered to have a negative impact, such as denying or
canceling credit or insurance, or denying employment or promotion. No adverse
action occurs in a credit transaction where the creditor makes a counteroffer
that is accepted by the consumer. Such an action requires that the decision
maker furnish the recipient of the adverse action with a copy of the credit report
leading to the adverse action.
Agile Development Model
Top Mark !!!
, Top Mark Questions and Correct Verified Answers
✓ A process of software system and product design that incorporates new system
requirements during the actual creation of the system, as opposed to the Plan-
Driven Development Model. Agile development takes a given project and
focuses on specific portions to develop one at a time. An example of Agile
development is the Scrum Model.
Anonymization
✓ The process in which individually identifiable data is altered in such a way that it
no longer can be related back to a given individual. Among many techniques,
there are three primary ways that data is anonymized. Suppression is the most
basic version of anonymization and it simply removes some identifying values
from data to reduce its identifiability. Generalization takes specific identifying
values and makes them broader, such as changing a specific age (18) to an age
range (18-24). Noise addition takes identifying values from a given data set and
switches them with identifying values from another individual in that data set.
Note that all of these processes will not guarantee that data is no longer
identifiable and have to be performed in such a way that does not harm the
usability of the data.
Anonymous Data
✓ Data sets that in no way indicate to whom the data belongs. Replacing user
names with unique ID numbers DOES NOT make the data set anonymous even
if identification seems impractical.
Antidiscrimination Laws
✓ Refers to the right of people to be treated equally.
Application-Layer Attacks
✓ Attacks that exploit flaws in the network applications installed on network
servers. Such weaknesses exist in web browsers, e-mail server software,
network routing software and other standard enterprise applications. Regularly
applying patches and updates to applications may help prevent such attacks.
Top Mark !!!
, Top Mark Questions and Correct Verified Answers
Asymmetric Encryption
✓ A form of data encryption that uses two separate but related keys to encrypt
data. The system uses a public key, made available to other parties, and a
private key, which is kept by the first party. Decryption of data encrypted by the
public key requires the use of the private key; decryption of the data encrypted
by the private key requires the public key.
Attribute-Based Access Control
✓ An authorization model that provides dynamic access control by assigning
attributes to the users, the data, and the context in which the user requests
access (also referred to as environmental factors) and analyzes these attributes
together to determine access.
Audit Trail
✓ A chain of electronic activity or sequence of paperwork used to monitor, track,
record, or validate an activity. The term originates in accounting as a reference
to the chain of paperwork used to validate or invalidate accounting entries. It
has since been adapted for more general use in e-commerce, to track customer's
activity, or cyber-security, to investigate cybercrimes.
Authentication
✓ The process by which an entity (such as a person or computer system)
determines whether another entity is who it claims to be. Authentication
identified as an individual based on some credential; i.e. a password, biometrics,
etc. Authentication is different from authorization. Proper authentication
ensures that a person is who he or she claims to be, but it says nothing about the
access rights of the individual.
Authorization
Top Mark !!!
