Enroll Here: Data Privacy Fundamentals Cognitive Class Exam Quiz Answers
Data Privacy Fundamentals Cognitive Class Certification Answers
Module 1 – Students Loans Data Breach (Canada) Quiz Answers – Cognitive Class
Question 1: What does PIPEDA stand for?
- Personal Incidents of Privacy for Electronic Documents Act
- Personal Information Protection and Electronic Documents Act
- Privacy Information of Protections of Electronic Documents Act
- Privacy Institute of Protections of Electronic Documents Act
- Privacy Initiative for Protection of Electronic Data Act
Question 2: Which data privacy federal law does the case study incident fall under in Canada?
- The Private Citizens Act
- The Privacy Act
- The Personal Information Protection and Electronic Data Act (PIPEDA)
- The Personal Information Protection and Electronic Documents Act (PIPEDA)
- The Personal Internet Protection and Electronic Documents Act (PIPEDA)
Question 3: In the case study, why did the ESDC’s Canada Student Loans Program (CSLP) employee make a backup copy of the program information stored in the central computer?
- He/she knew someone in the data set and wanted to see the value of their loans
- To sell the data on the dark web
- To view the data at home
- To keep the data for personal use after he/she resigned from the organization
- To protect against an accidental loss or deletion of the files during a data migration
Module 2 – Target Corp (USA) Quiz Answers – Cognitive Class
Question 1: Under The Personal Information Protection and Electronic Documents Act, PIPEDA, is credit card information considered ‘personal information’?
- False
- True
Question 2: Are bricks and mortar physical stores covered under the Personal Information Protection and Electronic Documents Act, PIPEDA?
- False
- True
Question 3: Is an online commercial business that sells jewelry online and has a maximum of 99 employees covered under the Personal Information Protection and Electronic Documents Act, PIPEDA?
- False
- True
Module 3 – Think W3 (UK) Quiz Answers – Cognitive Class
Question 1: According to General Business Law § 899-aa in the Doritex Corp. case, when should a company notify affected individuals and various government agencies of a data breach?
- In the most expedient time possible
- Within 7 days of the breach
- Within 5 business days of the breach
- Within 30 days of the breach
- At the end of the financial year
Question 2: Which of the 8 data protection principles did Think W3 UK infringe in the Case Study?
- First Principle – Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless at least one of the conditions in Schedule 2 is met and in the case of sensitive personal data, at least one of the conditions set out in Schedule 3 or either of the two Statutory Instruments below is met.
- Third principle – Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Fourth principle – Personal data shall be accurate and, where necessary, kept up to date.
- Seventh principle – Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Eighth principle – Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data
- subjects in relation to the processing of personal data.
Question 3: Which of the following statements is one of the 7 guiding principles of Privacy by Design?
- The 80/20 Rule, 20% of the team see 80% of the data
- Data access by pay grade
- Soft copy before hard copy
- Reduce waste
- Proactive not reactive
Module 4 – Home Depot (USA) Quiz Answers – Cognitive Class
Question 1: Hackers deployed custom-built malware on which Home Depot system?
- Alarm system
- Surveillance system
- Self-checkout system
- Loyalty card system
- Company Intranet
Question 2: What can companies do to prevent hacks?
- Limit the number of password attempts in a short period
- Increase the number of users on the platform
- Pay lawyers to litigate any attempts at hacking
- Host the apps and websites on international servers
- Encourage employees to save their passwords in a ‘Passwords’ folder on the company network
Question 3: From what you learnt in the ‘Tips for strong passwords’ section, which of these is considered a strong password?
- 123123
- Passw0rd1
- N3wG.UUnniiV3r5iiTeeG.yyorK
- QWERTY
- Mohammed123
Question 4: How did hackers access the Home Depot network?
- A vendor’s username and password
- A vendor’s USB stick
- An open wifi network
- A card cloning machine
- A vendor’s mobile phone
Module 5 – Privacy Tips Quiz Answers – Cognitive Class
Question 1: Which of these is on the list of ‘worst password ideas?
- Medical procedures
- Another family member’s name
- Made up words
- Phrase combinations
- Phrases in another language
Question 2: In the ’10 Privacy Tips of Companies’ list, on completion of projects, all materials relating to a project should be deleted, __________________
- including backups.
- excluding backups.
Data Privacy Fundamentals Final Exam Answers – Cognitive Class
Question 1: Why did OneStopParking put off the website update?
- Because the update broke portions of the website
- Because the website was programmed to do automatic updates
- Because no one received the notification about an update
- Because the web administrator was on maternity leave
- Because no one knew how to do the update
Question 2: OneStopParking was able to determine exactly which customers were affected by the breach:
- True
- False
Question 3: How many days after OneStopParking learned about the breach did they remedy the situation?
- 6 days
- 21 days
- 15 days
- 17 days
- 3 days
The ‘Justin’ Case Study – Multiple Choice Answers
Question 4: Based on what you have learnt in this course, which of the following options is a good Privacy by Design feature in a database system?
- the database system auto saves passwords in the browser
- the database system allows multiple attempts after an incorrect password entry
- the database system include historical personal customer data that no one uses
- the database system prompts administrators to change the password regularly
- the database system lets administrators recycle passwords
The ‘Justin’ Case Study – Multiple Choice Answers
Question 5: The company privacy policy clearly states that password problems of this nature should be reported to the IT Director immediately. Should you help Justin with his password problem?
- Yes – The request seems reasonable as long as you guess the correct password in under 5 attempts.
- No – The request seems unethical and you should advise Justin to report his password problem.
- No – The request seems unethical and you should not get involved.
- No – The request seems unethical and you should report Justin for his irresponsible password practices.
- Yes – You have the skills to help Justin with his password problem, you should offer your assistance without question.
Introduction to Data Privacy Fundamentals
Data privacy fundamentals encompass the principles and practices designed to safeguard individuals’ personal information and ensure its proper handling. Here’s an introduction to some key concepts:
- Personal Data: This refers to any information that relates to an identified or identifiable individual. It includes but is not limited to names, addresses, email addresses, phone numbers, financial details, IP addresses, and biometric data.
- Privacy by Design: This is an approach to system design that prioritizes privacy and data protection throughout the entire engineering process. It involves embedding privacy considerations into the design and operation of IT systems, networks, and business practices.
- Consent: Obtaining consent from individuals before collecting, processing, or sharing their personal data is a fundamental aspect of data privacy. Consent should be informed, specific, freely given, and revocable.
- Data Minimization: Collecting only the minimum amount of personal data necessary for a specific purpose is essential for data privacy. Data minimization reduces the risk of unauthorized access or misuse of personal information.
- Purpose Limitation: Personal data should only be collected for specified, explicit, and legitimate purposes and should not be further processed in a manner incompatible with those purposes.
- Security Measures: Implementing appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction is crucial. This includes encryption, access controls, and regular security audits.
- Data Subject Rights: Individuals have rights regarding their personal data, including the right to access, rectify, erase, restrict processing, and data portability. Organizations must enable individuals to exercise these rights easily.
- Transparency: Providing clear and concise information about how personal data is processed is essential for transparency. This includes privacy policies, data processing notices, and consent forms that are easy to understand and accessible to individuals.
- Data Breach Response: Organizations should have procedures in place to detect, investigate, and report data breaches promptly. This involves notifying affected individuals, regulatory authorities, and other relevant stakeholders as required by law.
- Accountability: Organizations are responsible for complying with data protection laws and regulations. This includes establishing policies and procedures, conducting privacy impact assessments, and maintaining records of data processing activities.
Understanding and adhering to these data privacy fundamentals are crucial for organizations to build trust with their customers, protect sensitive information, and comply with legal requirements.