CIPT Exam QuestionsBrowse all questions from this exam
Go to Exam

CIPT Exam - Question 72

SCENARIO -

Please use the following to answer next question:

EnsureClaim is developing a mobile app platform for managing data used for assessing car accident insurance claims. Individuals use the app to take pictures at the crash site, eliminating the need for a built-in vehicle camera. EnsureClaim uses a third-party hosting provider to store data collected by the app. EnsureClaim customer service employees also receive and review app data before sharing with insurance claim adjusters.

The app collects the following information:

✑ First and last name

✑ Date of birth (DOB)

✑ Mailing address

✑ Email address

✑ Car VIN number

✑ Car model

✑ License plate

✑ Insurance card number

✑ Photo

✑ Vehicle diagnostics

✑ Geolocation

All of the following technical measures can be implemented by EnsureClaim to protect personal information that is accessible by third-parties EXCEPT?

Show Answer
Correct Answer: D

Multi-factor authentication is a method used to verify user identity rather than to directly protect stored data. While it enhances system security by ensuring that the person accessing the system is authorized, it does not provide protection for the data itself that is accessible by third parties. Encryption, access controls, and de-identification are technical measures more directly involved in safeguarding data from unauthorized access or misuse.

Discussion

2 comments
Sign in to comment
187sanOption: D
Dec 22, 2021

D you can't enforce MFA on 3rd parties

Scynor
Oct 8, 2022

Incorrect. The statement says data that 3rd parties have access to. It does not state data that they control. This means if you control the data, you control the authentication method including MFA. The reason that Access Control is the correct answer is because the question states "that they have access to". This means they already have access, ergo Access Control is not a factor at all.

Stants
Jan 27, 2024

All of the options listed - Encryption, Access Controls, De-identification, and Multi-factor authentication - are technical measures that can be implemented by EnsureClaim to protect personal information that is accessible by third-parties. However, Option D: Multi-factor authentication is typically used to verify the identity of a user accessing the system, rather than to protect the data that is being transmitted or stored. While it adds a layer of security, it doesn’t directly protect the data itself from being accessed or misused once it’s been collected by the app. Therefore, in the context of the question, the answer is Option D.

Sara_swOption: C
Nov 23, 2022

C is correct, since the insurance needs to know the identity of the issuer. Acces control should at all cost be implemented