Ch 5 - Online Privacy

Question 1

Which of the following was a network developed in the 1960s and the precursor of the internet:

a. ARPAnet
b. VirtualNet
c. National Science Network
d. None of the above

Answer 1

a. ARPAnet

Question 2

Which of the following best describes how information sent through the internet is transferred?

a. Disassembled into packets, which cohesively travel in larger packets during transit, and reassembled upon receipt by the recipient’s service provider
b. Assembled into encrypted packets, which travel together during transmission, and are unencrypted by the recipient’s computer
c. Disassembled into packets, scattered through the network during transit, and reassembled upon receipt by the destination computer
d. None of the above

Answer 2

c. Disassembled into packets, scattered through the network during transit, and reassembled upon receipt by the destination computer

Question 3

Which of the following describes the internet?

a. Global system of interconnected networks
b. Links billions of computers and devices around the world
c. Accessed by computers and other electronic devices
d. All of the above

Answer 3

d. All of the above

Question 4

Which of the following best describes the World Wide Web?

a. The basic architecture for transferring and accessing data
b. An information-sharing model that uses hypertext to access various forms of information available on the world’s different networks
c. Global system of interconnected networks
d. None of the above

Answer 4

b. An information-sharing model that uses hypertext to access various forms of information available on the world’s different networks

Question 5

Which of the following best describes the function of hypertext transfer protocol (HTTP)?

a. Manages data communications over the Internet
b. Determines message formatting and transmission over a TCP/IP network
c. Defines how web servers and browsers will respond to various commands
d. All of the above

Answer 5

d. All of the above

Question 6

Which of the following best describes hypertext markup language (HTML)?

a. Manages data communications over the Internet
b. Determines message formatting and transmission over a TCP/IP network
c. Content-authoring language used to create web pages
d. All of the above

Answer 6

c. Content-authoring language used to create web pages

Question 7

Which of the following best describes a function of hypertext transfer protocol (HTTP)?

a. Determines the format, layout, how the web page will dynamically connect to other content
b. The basic architecture for transferring and accessing data
c. An information-sharing model that uses hypertext to access various forms of information available on the world’s different networks
d. All of the above

Answer 7

a. Determines the format, layout, how the web page will dynamically connect to other content

Question 8

The World Wide Web was developed by Sir Tim Berners-Lee to:

a. Help the military transmit and share information
b. Help research scientists dynamically tie documents and files together
c. Aid consumers in the understanding of computer technology
d. All of the above

Answer 8

b. Help research scientists dynamically tie documents and files together

Question 9

Which browser was developed by the National Center for Supercomputer Applications, and was the first to allow consumers to view websites from a personal computer?

a. Mozilla
b. Internet Explorer
c. Google Chrome
d. None of the above

Answer 9

a. Mozilla

Question 10

An advantage of HTML5 over other versions is it:

a. Performs a security scan from each website visited
b. Includes a key that allows the webpage visitor to make changes
c. Allows video, audio and animation to be run directly from websites without a plug-in
d. All of the above

Answer 10

c. Allows video, audio and animation to be run directly from websites without a plug-in

Question 11

A feature of HTML5 is that it can:

a. Perform a security scan from each website visited
b. Store information offline in web applications not connected to the Internet
c. Allow a webpage visitor to make changes to the site
d. All of the above

Answer 11

b. Store information offline in web applications not connected to the Internet

Question 12

Extensible markup language (XML):

a. Facilitates the transport, creation, retrieval and storage of documents
b. Uses tags to describe the contents of a web page or file
c. Describes the content of a web page in terms of data being produced
d. All of the above

Answer 12

d. All of the above

Question 13

Which of the following features of extensible markup language (XML) results in potential privacy issues?

a. Facilitates the transport, creation, retrieval and storage of documents
b. Uses tags to describe the contents of a web page or file
c. Enables automatic processing of data in large volumes
d. All of the above

Answer 13

c. Enables automatic processing of data in large volumes

Question 14

An application used by a computer to perform activities on the World Wide Web is generally known as a:

a. Web client
b. Web browser
c. Web firewall
d. None of the above

Answer 14

a. Web client

Question 15

Which of the following describes the top-level domain in the URL www.iapp.org/news?

a. Iapp
b. Org
c. News
d. Only a and b

Answer 15

b. Org

Question 16

Which of the following is an example of a software technology included in web infrastructure?

a. Web server
b. Proxy server
c. Virtual private network
d. Only b and c

Answer 16

d. Only b and c

Question 17

Which of the following describes a “deep link” in the URL www.iapp.org/news?

a. News
b. Iapp
c. Org
d. Only b and c

Answer 17

a. News

Question 18

An important attribute of a proxy server is:

a. Masks activities of organization’s firewall
b. Allows outside websites to only see IP address and characteristics of proxy server
c. Does not allow outside websites to obtain detailed information about the organization’s communications
d. All of the above

Answer 18

d. All of the above

Question 19

Which of the following is not an attribute of a virtual private network (VPN)?

a. Encrypts information from user to organization’s proxy server
b. Masks the content and web destinations of the user
c. Allows outside websites to obtain detailed information about the organization’s communications
d. All of the above are attributes of a VPN

Answer 19

c. Allows outside websites to obtain detailed information about the organization’s communications

Question 20

Saving a local copy of downloaded content by a web browser or proxy server is known as:

a. Collecting
b. Caching
c. Cascading content
d. None of the above

Answer 20

b. Caching

Question 21

A web server log generally includes:

a. Visitor’s IP address
b. Date and time of web page visit
c. URL of web page visit
d. All of the above

Answer 21

d. All of the above

Question 22

Internet protocol (IP) is:

a. List of recently visited web pages
b. Encryption used to view web pages
c. A set of rules that determine the format of data packets traveling over the Internet
d. All of the above

Answer 22

c. A set of rules that determine the format of data packets traveling over the Internet

Question 23

Which of the following best describes an IP address?

a. Unique number assigned to a connected device that determines where data should be sent
b. The addresses of recently visited web pages
c. The address of the encryption key used to view web pages
d. All of the above

Answer 23

a. Unique number assigned to a connected device that determines where data should be sent

Question 24

A dynamic IP address:

a. Remains the same for an individual device
b. Changes based on the device
c. Changes with each session
d. None of the above

Answer 24

c. Changes with each session

Question 25

Why are there privacy concerns over the IPv6 protocol?

a. It can embed a device’s unique MAC address in the IP address
b. It could allow individual devices to be easily identified
c. It contains weaknesses that may result in enabling the camera on a device
d. Only a and b

Answer 25

d. Only a and b

Question 26

Which of the following best describes the function of transmission control protocol (TCP)?

a. Facilitates a stream-oriented reliable data connection between two devices
b. Creates rules for web page content
c. Ensures that details about the server are hidden
d. All of the above

Answer 26

a. Facilitates a stream-oriented reliable data connection between two devices

Question 27

Which of the following best describes the function of transport layer security (TLS)?

a. Ensures that details about the server are available to the end-user
b. Ensures that third parties cannot eavesdrop on conversation
c. Ensures that data can be downloaded by the organization in the event of a data breach
d. None of the above

Answer 27

b. Ensures that third parties cannot eavesdrop on conversation

Question 28

Which of the following is a risk associated with JavaScript?

a. The malicious practice of cross-site scripting (XSS)
b. An infinite loop that can result in a denial of service attack
c. Vulnerabilities and problems interacting with some programs and systems
d. All of the above

Answer 28

d. All of the above

Question 29

A benefit of cascading style sheets is:

a. It only works on a secure website
b. It takes the place of encryption
c. It allows for adaptation of a web page to different devices
d. All of the above

Answer 29

c. It allows for adaptation of a web page to different devices

Question 30

Using flash may result in:

a. Compatibility and security issues
b. Bandwidth issues
c. Static web pages
d. All of the above

Answer 30

a. Compatibility and security issues

Question 31

Social engineering generally involves:

a. Persuading a user to provide information
b. Techniques such as assumed identity or eavesdropping on private conversations
c. Targeting an individual or group with access to information they are trying to obtain
d. All of the above

Answer 31

d. All of the above

Question 32

Which of the following is not a feature of a technically based attack?

a. Structured query language (SQL) injection
b. Impersonating an employee in an email
c. Use of malware
d. ‘Poisoned’ cookies

Answer 32

b. Impersonating an employee in an email

Question 33

Using the password field in HTML for web forms is recommended as it:

a. Displays the password to help the user remember more easily
b. Creates a unique code for passwords that can only be read by the user
c. Masks the actual characters entered with asterisks or bullets
d. None of the above

Answer 33

c. Masks the actual characters entered with asterisks or bullets

Question 34

Transport layer security (TLS):

a. Is a standard method for encrypting data in transit
b. Includes verification of end user information
c. Has replaced secure socket layer (SSL) due to its higher level of security
d. All of the above

Answer 34

d. All of the above

Question 35

When using a file sharing protocol, such as BitTorrent, it is recommended to:

a. Enable user identification options
b. Restrict files and directories to be accessed by websites and services
c. Restrict user from accessing the files once they’ve been shared
d. All of the above

Answer 35

b. Restrict files and directories to be accessed by websites and services

Question 36

Which of the following could create a security issue for a user of a public computer?

a. How the computer has been configured
b. Who has used the computer
c. What type of software is hosted on the computer
d. All of the above

Answer 36

d. All of the above

Question 37

A security problem with public charging stations is:

a. They may have been programmed with a denial of service attack
b. They may have electrical issues that use up the mobile device’s charge
c. They are frequently loaded with malware designed to steal personal information
d. All of the above

Answer 37

c. They are frequently loaded with malware designed to steal personal information

Question 38

Third-party accreditation or assurance services, or trust seal providers generally provide assurance to consumers of compliance with privacy activities, such as:

a. Confirm the absence of viruses or spyware from a software download
b. Enforce legal claims made by private citizens
c. Perform random audits throughout the Internet for non-compliant websites
d. All of the above

Answer 38

a. Confirm the absence of viruses or spyware from a software download

Question 39

Common features of email security products include:

a. Antivirus and antispam
b. HTML tag removal and script removal
c. Blocking of certain file type attachments and scanning for inappropriate content
d. All of the above

Answer 39

d. All of the above

Question 40

A real-time blackhole list (RBL) is a:

a. List of names of users who are receiving and responding to SPAM
b. List of users and personal information accessed by users of the dark web
c. List of IP addresses whose owners refuse to stop sending SPAM
d. None of the above

Answer 40

c. List of IP addresses whose owners refuse to stop sending SPAM

Question 41

Phishing is considered a good option by criminals because:

a. It requires a large number of people to be effective
b. There are very few criminals using this form of deception
c. If only a small number of people respond, it can still produce high yields
d. Only a and b

Answer 41

c. If only a small number of people respond, it can still produce high yields

Question 42

Which act establishes a Code of Fair Information Practices in the U.S.?

a. Gramm-Leach Bliley Act (GLBA)
b. Right to Financial Privacy Act (RFPA)
c. Privacy Act of 1974
d. None of the above

Answer 42

c. Privacy Act of 1974

Question 43

The Privacy Act of 1974 establishes a Code of Fair Information Practices that applies to the:

a. Collection, maintenance, use and disclosure of non-public personal information maintained in state and federal records
b. Collection, maintenance, use and disclosure of personally identifiable information maintained in federal records
c. Collection, maintenance, use and disclosure of personally identifiable information in all judicial records in the U.S.
d. None of the above

Answer 43

b. Collection, maintenance, use and disclosure of personally identifiable information maintained in federal records

Question 44

A good web privacy notice includes:

a. Information collected actively through forms and consumer input
b. Information collected by other websites
c. Information collected passively through cookies and other automated methods
d. Only a and c

Answer 44

d. Only a and c

Question 45

A good web privacy notice includes:

a. How to purchase a product or service
b. How to access, correct, or modify personal information or preferences
c. How to contact customer service about setting up an account
d. All of the above

Answer 45

b. How to access, correct, or modify personal information or preferences

Question 46

A layered privacy notice:

a. Gives consumers a short, concise notice as the top layer
b. Includes links to more detailed sections of the notice
c. Is a user-friendly alternative to a lengthy notice written in ‘legalese’
d. All of the above

Answer 46

d. All of the above

Question 47

In a layered privacy notice, the full notice:

a. Articulates the organization’s entire privacy notice
b. Should never be used as guidance for an organization’s employees on permitted data practices
c. Will not be used as a measure of accountability by enforcement agencies or the public
d. All of the above

Answer 47

a. Articulates the organization’s entire privacy notice

Question 48

Challenges for privacy on mobile devices include all but which of the following?

a. Small screens which make it difficult to convey full disclosure of privacy practices
b. Potentially large amount of information generated by numerous apps
c. Limited number of categories of personal information available on one device
d. All of the above pose challenges for privacy

Answer 48

c. Limited number of categories of personal information available on one device

Question 49

In a layered privacy notice, the short notice should include:

a. Summary of the notice scope
b. Points about the organization’s practices for collection, choice, use and disclosure related to personal information
c. How to contact the organization for information privacy matters
d. All of the above

Answer 49

d. All of the above

Question 50

Which federal agency has published recommended best practices for platforms, advertising networks, app developers, and app developer networks?

a. Federal Communications Commission
b. Federal Trade Commission
c. Better Business Bureau
d. None of the above

Answer 50

b. Federal Trade Commission

Question 51

Which of the following does not include a data subject’s legal right to access or correct personal information?

a. Gramm-Leach Bliley Act
b. Fair Credit Reporting Act
c. Health Insurance Portability and Accountability Act
d. All of the above allow a data subject to access or correct personal information

Answer 51

a. Gramm-Leach Bliley Act

Question 52

The EU Data Protection Directive considers which of the following a data subject’s fundamental right?

a. Delete all personal information about them
b. Erase their criminal records
c. Access and correct their personal information
d. All of the above

Answer 52

c. Access and correct their personal information

Question 53

Which of the following trans-border transfer mechanisms include specific provisions about a data subject’s right to access and correct their personal information?

a. PrivacyShield
b. Gramm-Leach Bliley Act
c. Asia-Pacific Economic Cooperation (APEC) Privacy Framework
d. Only a and c

Answer 53

d. Only a and c

Question 54

Which of the following best describes the elements of a typical web form?

a. One-line text boxes, rolling text boxes, checkboxes and radio buttons
b. One-line text boxes, scrolling text boxes, checkboxes and radio buttons
c. One-line text boxes, unlimited text boxes, checkboxes and radio buttons
d. None of the above

Answer 54

b. One-line text boxes, scrolling text boxes, checkboxes and radio buttons

Question 55

Which of the following is a best practice for web form creation to prevent security vulnerabilities?

a. Limiting number of characters in text boxes
b. Limiting number of checkboxes that can be selected
c. Allowing more than one radio button to be selected
d. All of the above are best practices

Answer 55

a. Limiting number of characters in text boxes

Question 56

Data that is gathered by a website often without the user’s knowledge is known as:

a. Active data collection
b. Passive data collection
c. Web cookies
d. All of the above

Answer 56

b. Passive data collection

Question 57

Best practices to maximize privacy and minimize exposure of a data subject’s personal information from a web form include:

a. Only require information that is needed for the transaction
b. Include a link to the privacy notice with the web form
c. Disable or mask the autocomplete or prepopulate function
d. All of the above

Answer 57

d. All of the above

Question 58

Which of the following is not a feature of web widgets?

a. Frequently used to make the website more dynamic
b. Can be executed by the owner of the page to deliver new website features
c. Typically appear on a third-party’s web page
d. All of the above

Answer 58

c. Typically appear on a third-party’s web page

Question 59

Standard practice for notifying consumers of an ‘onward transfer’ of personal information to third parties includes:

a. Explicit notification that their personal information will be in the possession of a third party engaged by the host website
b. Explicit notification that they have the right to opt out or prevent the transfer
c. Details about how they can opt out or prevent the transfer
d. All of the above

Answer 59

d. All of the above

Question 60

Which of the following is not a significant privacy concern related to digital advertising?

a. Unclear notice to consumers about how to choose not to receive advertisements
b. Users benefit by viewing content relevant to their lifestyle and needs
c. Cross-device tracking performed by advertisers which allows advertisers to map users to different devices
d. All of the above are significant privacy concerns

Answer 60

b. Users benefit by viewing content relevant to their lifestyle and needs

Question 61

Which organization has developed an icon program that provides information on how consumers can make choices related to online behavioral advertising?

a. Federal Trade Commission
b. TrustArc
c. Digital Advertising Alliance
d. None of the above

Answer 61

c. Digital Advertising Alliance

Question 62

Typical features of Adware include:

a. Bundled with free software
b. Monitors end user’s online behavior
c. Targets end user for additional advertising based on their interests/behaviors
d. All of the above

Answer 62

d. All of the above

Question 63

Which of the following is not a best practice for web cookies?

a. Use a persistent variation in most cases
b. Not store unencrypted personal information
c. Provide adequate notice of cookies’ usage
d. Not set long expiration dates

Answer 63

a. Use a persistent variation in most cases

Question 64

For the best practice of disclosing the involvement of a third-party cookie provider, which type of mechanism should be provided?

a. Opt-out (US); opt-out (EU)
b. Opt-in (US); opt-out (EU)
c. Opt-out (US); opt-in (EU)
d. Opt-in (US); opt-in (EU)

Answer 64

c. Opt-out (US); opt-in (EU)

Question 65

Which of the following is a feature of a web beacon?

a. Clear, one-pixel-by-one-pixel graphic image delivered through a browser or HTML email client application
b. Tags and records the end user’s visit to a web page
c. Produces profiles of user behavior and can report which emails are read by recipients
d. All of the above

Answer 65

d. All of the above

Question 66

Which of the following is a feature of digital fingerprinting?

a. Identifies a device based on information revealed on a website by the user
b. Generally includes the IP address of the visitor, date and time stamp of page request, and URL of requested page, as well as pages visited just prior and after the visit
c. Detailed information about the device used, such as fonts and other characteristics
d. All of the above

Answer 66

d. All of the above

Question 67

Which of the following is part of the mobile advertising ecosystem but typically not the desktop/laptop advertising ecosystem?

a. Matches supply (publishers) and demand (advertisers)
b. App-based usage and mobile browser settings
c. Cookies track activities of devices as they visit particular web pages
d. All of the above

Answer 67

b. App-based usage and mobile browser settings

Question 68

Components in the mobile advertising ecosystem include:

a. Each app runs in a separate, secure sandbox
b. A cookie set in one app cannot interact with other apps on the device
c. Default mobile browser settings that block third-party cookies make cookie tracking more difficult
d. All of the above

Answer 68

d. All of the above

Question 69

Components in the mobile advertising ecosystem that present security concerns include:

a. App-based usage and mobile browser settings
b. Each app runs in a separate, secure sandbox
c. Mobile devices can be a rich source of geolocation data
d. All of the above

Answer 69

c. Mobile devices can be a rich source of geolocation data

Question 70

Components in the mobile advertising ecosystem that present security concerns include:

a. GPS receivers in mobile devices are turned on by default
b. Once a device is identified, so is the user
c. Geolocation information is sent through the mobile device’s Wi-Fi receiver
d. All of the above

Answer 70

d. All of the above

Question 71

A cross-device tracking company:

a. Builds a device map based on a user’s activity across multiple devices
b. Never sells the information to other companies
c. May only use logged-in devices to create a map
d. All of the above

Answer 71

a. Builds a device map based on a user’s activity across multiple devices