Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP US Practice Exam Questions With 100% Correct Answers 2024, Exams of Advanced Education

CIPP US Practice Exam Questions With 100% Correct Answers 2024 What kind of liability may only be asserted in court by governmental authorities and not by a private citizen? A. Civil B. Negligence C. Criminal D. Invasion of privacy - Correct Answer-C Which of the following preemployment screening activities would turn a regular consumer report into an investigative report? A. The report includes information about prior bankruptcies. B. The CRA furnishing the report includes information about a job seeker's mortgage payments. C. The preemployment screening includes a criminal background check. D. A third‐party agent interviews a job seeker's neighbors about their character. - Correct Answer-D Dana is frustrated because she continues to receive telemarketing calls from her current internet service provider (ISP), even though she added her number to the national do‐not‐call list. Is Dana's ISP breaking the law?

Typology: Exams

2023/2024

Available from 07/17/2024

professoraxel
professoraxel 🇺🇸

3.7

(28)

9.9K documents

1 / 86

Toggle sidebar

Related documents


Partial preview of the text

Download CIPP US Practice Exam Questions With 100% Correct Answers 2024 and more Exams Advanced Education in PDF only on Docsity!

CIPP US Practice Exam Questions With

100% Correct Answers 2024

What kind of liability may only be asserted in court by governmental authorities and not by a private citizen? A. Civil B. Negligence C. Criminal D. Invasion of privacy - Correct Answer-C Which of the following preemployment screening activities would turn a regular consumer report into an investigative report? A. The report includes information about prior bankruptcies. B. The CRA furnishing the report includes information about a job seeker's mortgage payments. C. The preemployment screening includes a criminal background check. D. A third party agent interviews a job seeker's neighbors about their character. - Correct Answer-D

Dana is frustrated because she continues to receive telemarketing calls from her current internet service provider (ISP), even though she added her number to the national do not call list. Is Dana's ISP breaking the law? A. Yes, because it is the responsibility of the ISP to maintain an updated copy of the national do not call registry. ‐ ‐ B. No, because she is a customer of the ISP and the TSR provides an exemption for firms that have an existing business relationship with a consumer. C. No, because Dana's ISP may not know she has added her number to the do not call registry. ‐ ‐ D. Yes, because the DNC does not provide an exemption for existing customers. - Correct Answer-B Nick and Jenny often meet with other employees in the company cafeteria to advocate for collective bargaining. One day, Jenny notices that a security camera has suddenly been installed in the cafeteria, near where they usually sit. Why might this be a problem? A. Employees have not consented to video surveillance during their lunch hours when not conducting company business. B. Video surveillance may inadvertently reveal an employee's physical disability and lead to compliance risks under the Americans with Disabilities Act (ADA).

C. The company did not post adequate signage to notify the employees of the new video surveillance system. D. The NLRB may view the security camera as an attempt to intimidate employees engaging in unionizing activities. - Correct Answer-D Gary's firm was recently sued by an athlete who claimed that the firm used his picture in marketing materials without permission. What type of claim was brought against Gary's firm? A. False light B. Appropriation C. Invasion of solitude D. Public disclosure of private facts - Correct Answer-B Which one of the following statements about workforce privacy training is incorrect? A. Computer based training is an acceptable training option. B. Training should include content on specific regulatory requirements. C. Training should include details on an individual's role in minimizing privacy risks.

D. Every user should receive the same level of training. - Correct Answer-D Which one of the following categories would include any information that uniquely identifies an individual person? A. PII B. PHI C. PFI D. PCI - Correct Answer-A Carla is building an inventory of the information maintained by her organization that should be considered within the scope of its privacy program. Which one of the following types of information would not normally be included? A. Customer transaction records B. Manufacturing work order records C. Employee payroll records D. Job candidate application records - Correct Answer-B 1Which of the following laws was primarily intended to help combat money laundering? A. RFPA

B. SCA

C. BSA

D. EPCA - Correct Answer-C What term is used to describe a voluntary agreement between a firm and the federal government where the firm agrees to engage or not engage in certain business practices? A. Conviction B. Retainer agreement C. Theory of liability D. Consent decree - Correct Answer-D What article in the U.S. Constitution defines the powers of the judicial branch? A. Article I B. Article II C. Article III D. Article IV - Correct Answer-C

What federal privacy law contains specific requirements for how organizations must dispose of sensitive personal information when it is no longer needed? A. FERPA B. FACTA C. GLBA D. SOX - Correct Answer-B What individual within an organization is likely to bear overall responsibility for a privacy program? A. CIO B. CFO C. CPO D. CEO - Correct Answer-C Tom recently filled out a survey about his political and religious views. The survey data is maintained by a nonprofit research organization. What term best describes Tom's role with respect to this data? A. Data controller B. Data processor C. Data steward

D. Data subject - Correct Answer-D It is probably permissible to use a polygraph test in preemployment screening for all of the following jobs, except: A. U.S. Treasury employee B. Daycare worker C. Armored car driver D. Pharmacist - Correct Answer-B Which one of the following firms was sanctioned by the Federal Trade Commission (FTC) after an investigation showed that they were not diligently carrying out privacy program recertifications of their clients? A. Snapchat B. Nomi C. TRUSTe D. GeoCities - Correct Answer-C The Washington State Biometric Privacy Law protects all of the following forms of biometric data except: A. Fingerprint

B. Eye retinas C. Voiceprint D. Photographs - Correct Answer-D H. Which one of the following is an example of a check and ‐ ‐ balance held by the executive branch of government? A. Power of the purse B. Veto C. Confirmation D. Judicial review - Correct Answer-B Why are antidiscrimination laws relevant to workplace privacy? A. Pro privacy lawmakers have used large antidiscrimination legislation as an opportunity to include unrelated privacy regulations. B. Antidiscrimination laws require employers to collect personal data on employees to prove they have diverse workforces.

C. Antidiscrimination laws require large employers to conduct surveillance of employees to prevent discrimination. D. Personal data about workers may be used in discriminatory decision making. - Correct Answer-D Which of the following is not likely to appear as a state breach notification requirement? A. Notifications to the three major CRAs to monitor for identity theft B. Notification to state regulators about individuals affected in their state C. A notification to the families of victims to warn them of potential identity fraud D. Notice to local media outlets, in case all affected individuals cannot be contacted. - Correct Answer-C

  1. What check and balance does the legislative branch hold ‐ ‐ over the executive branch? A. Power of the purse B. Veto power C. Prosecutorial discretion D. Judicial review - Correct Answer-A
  2. What portion of the U.S. Constitution defines the powers of the legislative branch of government? A. Article I B. Article II C. Article III D. Article IV - Correct Answer-A
  3. Which amendment to the U.S. Constitution explicitly grants individuals the right to privacy? A. First Amendment B. Fourth Amendment C. Fifth Amendment D. None of the above - Correct Answer-D
  1. What source contains much of the administrative law created by the U.S. government? A. U.S. Code B. Bill of Rights C. Code of Federal Regulations D. U.S. Constitution - Correct Answer-C
  2. Which one of the following is the best description of the legal principle of stare decisis? A. Courts should be guided by precedent. B. Federal law overrules state law. C. Laws must be consistent with the constitution. D. Common law guides areas where legislation is unclear. - Correct Answer-A
  3. In a contract between two organizations, the parties mutually agree that disputes will be settled in the courts of the state of New York. What type of jurisdiction does this language establish? A. Personal jurisdiction B. Geographic jurisdiction C. Subject matter jurisdiction

D. Consensual jurisdiction - Correct Answer-A

  1. Which one of the following entities would not normally be considered a person under the laws of the United States? A. A U.S. citizen B. A U.S. corporation C. A legal resident of the United States D. None of the above - Correct Answer-D
  2. Which one of the following laws contains a private right of action? A. CCPA B. FERPA C. GLBA D. HIPAA - Correct Answer-A
  3. During a negligence lawsuit, the court determined that the respondent was not at fault because the plaintiff did not present evidence that they suffered some form of harm. What element of negligence was missing from this case? A. Duty of care

B. Breach of duty C. Causation D. Damages - Correct Answer-D

  1. In a lawsuit against a political opponent, the plaintiff alleged that the respondent invaded their privacy by accessing their email account without permission. What tort is involved in this case? A. False light B. Appropriation C. Invasion of solitude D. Public disclosure of private facts - Correct Answer-C
  2. How many voting members comprise the U.S. Senate? A. 50 B. 100 C. 200 D. 435 - Correct Answer-B
  3. Which one of the following courts is the trial court for most matters arising under federal law?

A. Supreme Court B. U.S. Circuit Court C. U.S. Trial Court D. U.S. District Court - Correct Answer-D

  1. What proportion of the states must ratify an amendment before it is added to the U.S. Constitution? A. 1/ B. 1/ C. 2/ D. ¾ - Correct Answer-D
  2. Which one of the following elements is not always required for the creation of a legal contract? A. An offer B. Acceptance of an offer C. Written agreement D. Consideration - Correct Answer-C
  3. What clause of the U.S. Constitution establishes the concept of preemption?

A. Establishment clause B. Supremacy clause C. Commerce clause D. Incompatibility clause - Correct Answer-B

  1. What nation was the original source of the common law used in many parts of the world? A. Roman Empire B. England C. France D. Egypt - Correct Answer-B
  2. What category of law best describes the HIPAA Privacy Rule? A. Constitutional law B. Common law C. Legislative law D. Administrative law - Correct Answer-D
  3. What court has subject matter jurisdiction specifically tailored to matters of national security?

A. U.S. District Court B. State Supreme Courts C. U.S. Supreme Court D. Foreign Intelligence Surveillance Court - Correct Answer-D

  1. Under what standard might a company located in one state become subject to the jurisdiction of the courts of another state by engaging in transactions with customers located in that other state? A. Physical presence B. Place of business C. Consent D. Minimum contracts - Correct Answer-D
  2. In a recent invasion of privacy lawsuit, the plaintiff claimed that the respondent disclosed information that caused them to be falsely perceived by others. What tort is involved in this case? A. Appropriation B. Disclosure of private facts C. Invasion of solitude D. False light - Correct Answer-D
  1. Which of the following types of information should be protected by a privacy program? A. Customer records B. Product plans C. Trade secrets D. All of the above - Correct Answer-A
  2. Barry is consulting with his organization's cybersecurity team on the development of their cybersecurity program. Which one of the following would not be a typical objective of such a program? A. Privacy B. Confidentiality C. Availability D. Integrity - Correct Answer-A
  3. Howard is assisting his firm in developing a new privacy program and wants to incorporate a privacy risk assessment process into the program. If Howard wishes to comply with industry best practices, how often should the firm conduct these risk assessments?

A. Monthly B. Semiannually C. Annually D. Biannually - Correct Answer-C

  1. Of the following fields, which fits into the "special categories of personal data" under GDPR? A. Banking records B. Union membership records C. Educational records D. Employment records - Correct Answer-B
  2. Katie is assessing her organization's privacy practices and determines that the organization previously collected customer addresses for the purpose of shipping goods and is now using those addresses to mail promotional materials. If this possibility was not previously disclosed, what privacy principle is the organization most likely violating? A. Quality B. Management C. Notice

D. Security - Correct Answer-C

  1. Kara is the chief privacy officer of an organization that maintains a database of customer information for marketing purposes. What term best describes the role of Kara's organization with respect to that database? A. Data subject B. Data custodian C. Data controller D. Data processor - Correct Answer-C
  2. Richard would like to use an industry standard reference for designing his organization's privacy controls. Which one of the following ISO standards is best suited for this purpose? A. ISO 27001 B. ISO 27002 C. ISO 27701 D. ISO 27702 - Correct Answer-C
  3. Which of the following organizations commonly requests a formal audit of a privacy program?

A. Management B. Board of directors C. Regulators D. All of the above - Correct Answer-D

  1. Which element of a privacy program is likely to remain unchanged for long periods of time? A. Mission B. Goals C. Objectives D. Procedures - Correct Answer-A
  2. Tonya is seeking to de identify a set of records about her organization's customers. She is following the HHS guidelines for de identifying records and is removing ZIP codes associated with small towns. What is the smallest population size for which she may retain a ZIP code? A. 1, B. 2, C. 10, D. 20,000 - Correct Answer-D
  1. Which one of the following statements is not correct about privacy best practices? A. Organizations should maintain personal information that is accurate, complete, and relevant. B. Organizations should inform data subjects of their privacy practices. C. Organizations should retain a third party dispute resolution service for handling privacy complaints. D. Organizations should restrict physical and logical access to personal information - Correct Answer-C
  2. Which one of the following is not a common responsibility for an organization's chief privacy officer? A. Managing privacy risks B. Encrypting personal information C. Developing privacy policy D. Advocating privacy strategies - Correct Answer-B
  3. When designing privacy controls, an organization should be informed by the results of what type of analysis? A. Impact analysis

B. Gap analysis C. Business analysis D. Authorization analysis - Correct Answer-B

  1. Which one of the following is an example of active online data collection? A. Users completing an online survey B. Collecting IP addresses from website visitors C. Tracking user activity with web cookies D. Analyzing the geographic locations of site visitors - Correct Answer-A
  2. Which one of the following would not normally appear in an organization's privacy notice? A. Types of information collected B. Contact information for the data controller C. Detailed descriptions of security controls D. Categories of recipients to whom persona information is disclosed - Correct Answer-C
  1. Gwen is investigating a security incident where attackers deleted important medical records from a hospital's electronic system. There are no backups and the information was irretrievably lost. What cybersecurity goal was most directly affected? A. Integrity B. Privacy C. Confidentiality D. Availability - Correct Answer-D
  2. When creating his organization's privacy policy, Chris wrote a simplified version of the policy and placed it at the top of the document, following it with the legal detail. What term best describes this approach? A. Layered policy B. Filtered policy C. Redacted policy D. Condensed policy - Correct Answer-A
  3. Under the Privacy by Design philosophy, which statement is correct?

A. Organizations should design systems to respond to privacy lapses that occur. B. Privacy should be treated as requiring trade offs with business objectives. C. Organizations should strictly limit the disclosure of their privacy practices. D. Privacy should be embedded into design. - Correct Answer- D

  1. In what Supreme Court case did the term "right to be let alone" first appear? A. Olmstead v. United States B. Carpenter v. United States C. Roe v. Wade D. Katz v. United States - Correct Answer-A
  2. Matt wants to share some information gathered from student records but is concerned about disclosing personal information. To protect privacy, he discloses only a table of summary statistics about overall student performance. What technique has he used? A. Anonymization

B. De identification C. Aggregation D. Redaction - Correct Answer-C

  1. Which one of the following is not part of the three pronged test used to determine whether a trade practice unfairly injures consumers? A. The injury must be substantial. B. The injury must not be outweighed by countervailing benefits. C. The injury must be directed at a specific group of consumers. D. The injury must not be reasonably avoidable. - Correct Answer-C
  2. Which one of the following firms was charged by the FTC with failing to conduct required privacy recertifications of its clients? A. TrustE B. Geocities C. DesignerWare D. Nomi - Correct Answer-A