Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CIPM 3.0 - IAPP > Domain VI - Breach Quiz > Flashcards

Domain VI - Breach Quiz Flashcards

1
Q

A personal data breach has occurred, and the controller is writing a draft notification for the supervisory authority. The following information is already in the notification:
– The nature of the personal data breach and its possible consequences.
– Information regarding the parties that can provide additional information about the data breach.
What other information must the controller provide?

A . Information of local and national authorities that were informed about the data breach.
B . Name and contact details of the data subjects whose data may have been breached
C . Suggested measures to mitigate the adverse consequences of the data breach.
D . The information needed to access the personal data that have been breached.

A

C . Suggested measures to mitigate the adverse consequences of the data breach.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What must be done to destroy data stored on “write once read many” (WORM) media?

A. The erase function must be used to remove all data.
B. The media must be reformatted.
C. The media must be physically destroyed.
D. The data must be made inaccessible by encryption.

A

C. The media must be physically destroyed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ben works in the IT department of IgNight, Inc., a company that designs lighting solutions for its clients.
Although IgNight’s customer base consists primarily of offices in the US, some individuals have been so impressed by the unique aesthetic and energy-saving design of the light fixtures that they have requested IgNight’s installations in their homes across the globe.
One Sunday morning, while using his work laptop to purchase tickets for an upcoming music festival, Ben happens to notice some unusual user activity on company files. From a cursory review, all the data still appears to be where it is meant to be but he can’t shake off the feeling that something is not right. He knows that it is a possibility that this could be a colleague performing unscheduled maintenance, but he recalls an email from his company’s security team reminding employees to be on alert for attacks from a known group of malicious actors specifically targeting the industry.
Ben is a diligent employee and wants to make sure that he protects the company but he does not want to bother his hard-working colleagues on the weekend. He is going to discuss the matter with this manager first thing in the morning but wants to be prepared so he can demonstrate his knowledge in this area and plead his case for a promotion.

If this were a data breach, how is it likely to be categorized?

A. Integrity Breach.
B. Authenticity Breach.
C. Availability Breach.
D. Confidentiality Breach.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What must Pacific Suite’s primary focus be as it manages this security breach?

A. Minimizing the amount of harm to the affected individuals
B. Investigating the cause and assigning responsibility
C. Determining whether the affected individuals should be notified
D. Maintaining operations and preventing publicity

A

A. Minimizing the amount of harm to the affected individuals

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How was Pacific Suites responsible for protecting the sensitive information of its offshoot, PHT?

A. As the parent company, it should have transferred personnel to oversee the secure handling of PHT’s data.
B. As the parent company, it should have performed an assessment of PHT’s infrastructure and confirmed complete separation of the two networks.
C. As the parent company, it should have ensured its existing data access and storage procedures were integrated into PHT’s system.
D. As the parent company, it should have replaced PHT’s electronic files with hard-copy documents stored securely on site.

As the parent company, it should have transferred personnel to oversee the secure handling of PHT’s data.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

How would a strong data life cycle management policy have helped prevent the breach?

A. Information would have been ranked according to importance and stored in separate locations

B. The most sensitive information would have been immediately erased and destroyed

C. The most important information would have been regularly assessed and tested for security

D. Information would have been categorized and assigned a deadline for destruction Information would have been categorized and assigned a deadline for destruction

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What key mistake set the company up to be vulnerable to a security breach?

A. Collecting too much information and keeping it for too long

B. Overlooking the need to organize and categorize data

C. Failing to outsource training and data management to professionals

D. Neglecting to make a backup copy of archived electronic files Collecting too much information and keeping it for too long

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CIPM 3.0 - IAPP (39 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions