Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPT All Questions

View all questions & answers for the CIPT exam
Go to Exam

Exam CIPT topic 1 question 108 discussion

Actual exam question from IAPP's CIPT
Question #: 108
Topic #: 1
[All CIPT Questions]

SCENARIO -
Please use the following to answer next question:
EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.
The app collects the following information:
✑ First and last name
✑ Date of birth (DOB)
✑ Mailing address
✑ Email address
✑ Car VIN number
✑ Car model
✑ License plate
✑ Insurance card number
✑ Photo
✑ Vehicle diagnostics
✑ Geolocation
All of the following technical measures can be implemented by EnsureClaim to protect personal information that is accessible by third-parties EXCEPT?

  • A. Encryption.
  • B. Access Controls.
  • C. De-identification.
  • D. Multi-factor authentication.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by 187san at Dec. 22, 2021, 12:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
Ssourav
3 months, 2 weeks ago
Selected Answer: C
C. De-identification. De-identification may not protect personal information if the data is still accessible by third parties and can be linked back to individuals through other means. Encryption, access controls, and multi-factor authentication directly safeguard data from unauthorized access.
upvoted 1 times
...
Sara_sw
2 years ago
Selected Answer: C
C is correct, since the insurance needs to know the identity of the issuer. Acces control should at all cost be implemented
upvoted 2 times
...
187san
2 years, 11 months ago
D you can't enforce MFA on 3rd parties
upvoted 2 times
Scynor
2 years, 1 month ago
Incorrect. The statement says data that 3rd parties have access to. It does not state data that they control. This means if you control the data, you control the authentication method including MFA. The reason that Access Control is the correct answer is because the question states "that they have access to". This means they already have access, ergo Access Control is not a factor at all.
upvoted 1 times
...
Stants
10 months ago
All of the options listed - Encryption, Access Controls, De-identification, and Multi-factor authentication - are technical measures that can be implemented by EnsureClaim to protect personal information that is accessible by third-parties. However, Option D: Multi-factor authentication is typically used to verify the identity of a user accessing the system, rather than to protect the data that is being transmitted or stored. While it adds a layer of security, it doesn’t directly protect the data itself from being accessed or misused once it’s been collected by the app. Therefore, in the context of the question, the answer is Option D.
upvoted 1 times
...
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel