Page 162 - CITP Review
P. 162

10.
                a.  Correct. An individual’s full name is considered PII.

                b.  Incorrect. An individual’s first name is not sufficiently unique enough to distinguish or
                    trace the person’s identity.
                c.  Incorrect. An individual’s last name is not sufficiently unique enough to distinguish or
                    trace the person’s identity.
                d.  Incorrect. The last four digits of an individual’s Social Security number (SSN) is not
                    sufficiently unique enough to distinguish or trace the person’s identity.

            11.
                a.  Incorrect. An SQL injection attack is usually marked by data exfiltration or corruption, and
                    destruction.
                b.  Correct. Denial of service attacks are designed to overwhelm system resources and
                    could cause disruption to normal services.
                c.  Incorrect. Clickjacking is focused on manipulating a website user’s activity such as
                    concealing hyperlinks under what appears to be a normal clickable link.

                d.  Incorrect. Spear phishing involves sending bogus emails, usually appearing to come
                    from trusted sources, to specific targeted individuals in the hope they will reveal
                    confidential information.




            Chapter 2


            Knowledge check solutions

            1.
                a.  Incorrect. Although a thorough understanding of the primary customers of the company
                    is certainly important, within the scope of a CITP’s analysis of data, it does not represent
                    the best answer.
                b.  Incorrect. Although the integrity of the management team is certainly important, within
                    the scope of a CITP’s analysis of data, it does not represent the best answer.
                c.  Correct. A thorough understanding of the information life cycle (identify, capture,
                    manage, utilize, archive, and destroy) allows the CITP to form a solid foundation of
                    understanding from which to proceed with the subsequent data analysis based on
                    relevant data attributes.
                d.  Incorrect. Although the structure of databases can be very important to data security
                    and integrity, within the scope of a CITP’s analysis of data, it does not represent the best
                    answer as a thorough understanding of the information life cycle in necessary prior to
                    adequately assessing any concerns that may arise related to database structure.







            © 2019 Association of International Certified Professional Accountants. All rights reserved.    Solutions 4
   157   158   159   160   161   162   163   164   165   166   167