Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam

Exam CIPT topic 1 question 95 discussion

Actual exam question from IAPP's CIPT
Question #: 95
Topic #: 1
[All CIPT Questions]

SCENARIO -
Please use the following to answer the next question:
Looking back at your first two years as the Director of Personal Information Protection and Compliance for the St. Anne's Regional Medical Center in Thorn Bay,
Ontario, Canada, you see a parade of accomplishments, from developing state-of-the-art simulation based training for employees on privacy protection to establishing an interactive medical records system that is accessible by patients as well as by the medical personnel. Now, however, a question you have put off looms large: how do we manage all the data-not only records produced recently, but those still on-hand from years ago? A data flow diagram generated last year shows multiple servers, databases, and work stations, many of which hold files that have not yet been incorporated into the new records system. While most of this data is encrypted, its persistence may pose security and compliance concerns. The situation is further complicated by several long-term studies being conducted by the medical staff using patient information. Having recently reviewed the major Canadian privacy regulations, you want to make certain that the medical center is observing them.
You recall a recent visit to the Records Storage Section in the basement of the old hospital next to the modern facility, where you noticed paper records sitting in crates labeled by years, medical condition or alphabetically by patient name, while others were in undifferentiated bundles on shelves and on the floor. On the back shelves of the section sat data tapes and old hard drives that were often unlabeled but appeared to be years old. On your way out of the records storage section, you noticed a man leaving whom you did not recognize. He carried a batch of folders under his arm, apparently records he had removed from storage.
You quickly realize that you need a plan of action on the maintenance, secure storage and disposal of data.
Which cryptographic standard would be most appropriate for protecting patient credit card information in the records system at St. Anne's Regional Medical
Center?

  • A. Symmetric Encryption
  • B. Tokenization
  • C. Obfuscation
  • D. Certificates
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Ssourav
3 months, 2 weeks ago
Selected Answer: A
A. Symmetric Encryption Symmetric encryption is suitable for protecting sensitive data like patient credit card information because it uses a single key for both encryption and decryption, offering strong security when the key is properly managed. B. Tokenization is useful for protecting sensitive data by replacing it with unique tokens, but it’s typically used in combination with encryption. It’s not a primary cryptographic standard for encrypting data. C. Obfuscation makes data less readable but does not provide strong security for sensitive information like credit card details. It’s more about hiding data rather than securely encrypting it.
upvoted 1 times
...
PaigeH7
8 months ago
Selected Answer: C
tokenization ensures that credit card information remains protected while allowing authorized users to perform necessary tasks within the medical records system
upvoted 1 times
...
pipzz
2 years, 4 months ago
Selected Answer: A
They are referring to data at rest here and in this case symmetric encryption can be used as per PCI DSS Guide. If the data was in motion it must be symmetric encryption. https://www.pcidssguide.com/encryption-key-management-essentials/
upvoted 1 times
...
chariot
2 years, 6 months ago
Both are cryptographic data security methods and they essentially have the same function, however they do so with differing processes and have different effects on the data they are protecting.
upvoted 1 times
...
nchzhang
2 years, 7 months ago
Selected Answer: B
B is the answer. Tokenization is a form of encryption.
upvoted 3 times
Stants
8 months, 4 weeks ago
The most appropriate cryptographic standard for protecting patient credit card information in the records system at St. Anne’s Regional Medical Center would be B. Tokenization. Tokenization is a process that replaces sensitive data with unique identification symbols (or “tokens”) that retain all the essential information about the data without compromising its security. In the context of credit card information, tokenization can provide a high level of security because even if a token were to be intercepted or stolen, it would be useless to the thief without the original data it represents. This makes tokenization particularly suitable for protecting sensitive data like credit card numbers. It is widely used in the payment industry to reduce the scope of compliance with the Payment Card Industry Data Security Standard (PCI DSS).
upvoted 1 times
...
...
k4d4v4r
2 years, 11 months ago
Found this article... https://www.tokenex.com/blog/tokenization-vs-encryption-which-one-is-best-for-your-business Maybe the question is poorly written
upvoted 2 times
...
k4d4v4r
2 years, 11 months ago
Selected Answer: A
Tokenization is a technique, not a standard. Standards are DES, 3DES, RSA... The only "standard" being mentioned is symmetric encryption
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...