Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam
Go to Exam

Exam CIPT topic 1 question 87 discussion

Actual exam question from IAPP's CIPT
Question #: 87
Topic #: 1
[All CIPT Questions]

SCENARIO -
Tom looked forward to starting his new position with a U.S `"based automobile leasing company (New Company), now operating in 32 states. New Company was recently formed through the merger of two prominent players, one from the eastern region (East Company) and one from the western region (West Company).
Tom, a Certified Information Privacy Technologist (CIPT), is New Company's first Information Privacy and Security Officer. He met today with Dick from East
Company, and Harry, from West Company. Dick and Harry are veteran senior information privacy and security professionals at their respective companies, and continue to lead the east and west divisions of New Company. The purpose of the meeting was to conduct a SWOT (strengths/weaknesses/opportunities/threats) analysis for New Company. Their SWOT analysis conclusions are summarized below.
Dick was enthusiastic about an opportunity for the New Company to reduce costs and increase computing power and flexibility through cloud services. East
Company had been contemplating moving to the cloud, but West Company already had a vendor that was providing it with software-as-a-service (SaaS). Dick was looking forward to extending this service to the eastern region. Harry noted that this was a threat as well, because West Company had to rely on the third party to protect its data.
Tom mentioned that neither of the legacy companies had sufficient data storage space to meet the projected growth of New Company, which he saw as a weakness. Tom stated that one of the team's first projects would be to construct a consolidated New Company data warehouse. Tom would personally lead this project and would be held accountable if information was modified during transmission to or during storage in the new data warehouse.
Tom, Dick and Harry agreed that employee network access could be considered both a strength and a weakness. East Company and West Company had strong performance records in this regard; both had robust network access controls that were working as designed. However, during a projected year-long transition period, New Company employees would need to be able to connect to a New Company network while retaining access to the East Company and West Company networks.
When employees are working remotely, they usually connect to a Wi-Fi network. What should Harry advise for maintaining company security in this situation?

  • A. Hiding wireless service set identifiers (SSID).
  • B. Retaining the password assigned by the network.
  • C. Employing Wired Equivalent Privacy (WEP) encryption.
  • D. Using tokens sent through HTTP sites to verify user identity.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ME79 at April 19, 2023, 9:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Ssourav
3 months, 2 weeks ago
Selected Answer: B
B. Retaining the password assigned by the network. Ensuring the password is secure and regularly updated helps protect the network from unauthorized access, maintaining company security. A. Hiding wireless service set identifiers (SSID) is not a strong security measure on its own because it only hides the network name but does not prevent unauthorized access. Determined attackers can still discover hidden SSIDs. D. Using tokens sent through HTTP sites is insecure because HTTP does not encrypt data, making it vulnerable to interception. Secure methods, like HTTPS, are recommended for transmitting sensitive information.
upvoted 1 times
...
Sharon2000
6 months ago
Not D, as it is HTTP and not HTTPS ?
upvoted 1 times
...
ME79
1 year, 7 months ago
Selected Answer: D
If the employee is working remotely, they are typically not the administrator of the wireless network (unless it is their home network). Therefore hiding the SSID can not be an option. The most correct option would be to use a VPN, however that is not listed as an option. Therefore, choice D, using tokens implies MFA, which is something that a company can set up to validate the identity of an employee that is trying to connect.
upvoted 2 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel