Scribd Logo
Upload

Welcome to Scribd!

  • NIST Privacy Framework Course Assessment

    Uploaded by

    Syed
    28 views7 pages
    The document is a course syllabus for the NIST Privacy Framework. It covers topics such as privacy risks, the NIST Privacy Framework profiles, data processing ecosystems, privacy program monitoring, and the NIST Privacy Framework functions. There are 20 multiple choice questions testing knowledge about these topics, including questions about privacy risk categories, the data life cycle, implementation tiers, and mapping of privacy frameworks.

    Original Description:

    NIST Privacy Framework

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document is a course syllabus for the NIST Privacy Framework. It covers topics such as privacy risks, the NIST Privacy Framework profiles, data processing ecosystems, privacy program monitoring, and the NIST Privacy Framework functions. There are 20 multiple choice questions testing knowledge about these topics, including questions about privacy risk categories, the data life cycle, implementation tiers, and mapping of privacy frameworks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    28 views7 pages

    NIST Privacy Framework Course Assessment

    Uploaded by

    Syed
    The document is a course syllabus for the NIST Privacy Framework. It covers topics such as privacy risks, the NIST Privacy Framework profiles, data processing ecosystems, privacy program monitoring, and the NIST Privacy Framework functions. There are 20 multiple choice questions testing knowledge about these topics, including questions about privacy risk categories, the data life cycle, implementation tiers, and mapping of privacy frameworks.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 7

     

     
     
       

    Course Syllabus 
     
    NIST Privacy Framework 
     
    1. Privacy Risks are associated with privacy events arising from: 
    a. Loss of Confidentiality 
    b. Loss of Integrity 
    c. Data Processing 

    2. True or False: The NIST Privacy Framework Profiles provide an increasingly granular set 
    of activities and outcomes that enable an organizational dialogue about managing 
    privacy risk. 
    a. True 
    b. False 

    3. True or False: A Company’s role within the Data Processing Ecosystem is 
    predetermined and the same for every company. 
    a. True 
    b. False 

    4. Data Processing Ecosystem Risk Management is focused on risk assessing the 


    following? 
    a. Risks to Individuals 
    b. Risks to the Enterprise 
    c. Managing Privacy Risks & Third-party Risks  
     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    1​  
     
     

     
     
       

    5. Risk Tolerance measures the level of risk or the degree of uncertainty that is 
    _________. 
    a. Risky 
    b. Acceptable 
    c. Moderate 

    6. What is a good way to continue to monitor and review your privacy program? 
    a. Newsletters & Blogs 
    b. Privacy Hotline 
    c. Risk Register 
    d. All of the Above 

    7. True or False: A Data Life Cycle is the sequence of stages that a particular unit of data 
    goes through from its initial generation or capture to its eventual archival and/or 
    deletion at the end of its useful life? 
    a. True 
    b. False 
    8. Which method is not a way to disassociate data from an individual? 
    a. Pseudonymity 
    b. Linkability 
    c. De-Identification  

    9. True or False: Privacy Centers Contain Terms of Use along with the Privacy Policy and 
    other components? 
     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    2​  
     
     

     
     
       

    a. True 
    b. False 

    10. Which control is not an implementable control for the principle of least privilege? 
    a. Review and auditing of user privileges 
    b. Separate processing domains 
    c. Divide mission functions among different roles 

    11. Enforcing encryption requirements is used to ___________. 


    a. Constrain removeable media 
    b. Focus on communication and control networks 
    c. Disable wireless access 

    12. True or False: A company must develop a Current Profile before developing a Target 
    Profile? 
    a. True 
    b. False 

    13. Which is NOT an implementation tier for the NIST Privacy Framework? 
    a. Adaptive 
    b. Repetitive 
    c. Risk Informed 

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    3​  
     
     

     
     
       

    14. For the “Ready” phase, the following functions are used? 
    a. Identify and Control 
    b. Control and Protect 
    c. Govern and Protect 
    d. Identify and Govern 

    15. True or False: In the Ready, Set, Go approach to adopting the NIST Privacy Framework, 
    you can go through the phases non-sequentially. 
    a. True 
    b. False 

    16. What is the biggest difference between the NIST Privacy Framework and ISO 27701 and 
    ISO 29100? 
    a. Controls 
    b. Governing Body 
    c. Cost 
    d. Maturity Model 

    17. The Fair Information Practice Principles (FIPP) were codified in what year? 
    a. 1976 
    b. 1973 
    c. 1978 
    d. 1974 

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    4​  
     
     

     
     
       

    18. How many Generally Accepted Privacy Principles are there? 


    a. 8 
    b. 11 
    c. 10 
    d. 12 

    19. The Secure Controls Framework Privacy Management Principles does NOT map to 
    which framework? 
    a. ISO 27001 
    b. HIPAA Privacy Rule 
    c. California Consumer Privacy Act (CCPA) 
    d. Asia-Pacific Economic Cooperation (APEC) 

    20. Which NIST Privacy Framework Function focuses on developing and implementing 
    appropriate data processing safeguards? 
    a. Protect 
    b. Control 
    c. Govern 
    d. Identify 

     
     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    5​  
     
     

     
     
       

    Answers: 

    1. c 
    2. b 
    3. b 
    4. c 
    5. b 
    6. d 
    7. a 
    8. b 
    9. a 
    10. c 
    11. a 
    12. b 
    13. b 
    14. d 
    15. a 
     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    6​  
     
     

     
     
       

    16. c 
    17. b 
    18. c 
    19. a 
    20. a 

     
    Brought to you by:  Develop your team with the ​fastest growing catalog​ in the 
    cybersecurity industry. Enterprise-grade workforce development 
    management, advanced training features and detailed skill gap and 
      competency analytics. 
    7​  
     

    You might also like