Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP/US Exam Practice Questions With 100% Correct Answers 2024, Exams of Advanced Education

CIPP/US Exam Practice Questions With 100% Correct Answers 2024 Which of the following definitions best defines privacy as cited in the text and related to privacy law? A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others. B. The ability of an individual to not be observed or disturbed by other people. C. The desire of people to be free from surveillance by the government or undue public attention while residing on their personal property. D. The right of an individual or group to seclude themselves from other individuals or organizations. - Correct Answer-A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others.** In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?

Typology: Exams

2023/2024

Available from 07/17/2024

professoraxel
professoraxel 🇺🇸

3.7

(29)

10K documents

1 / 15

Toggle sidebar

Related documents


Partial preview of the text

Download CIPP/US Exam Practice Questions With 100% Correct Answers 2024 and more Exams Advanced Education in PDF only on Docsity!

CIPP/US Exam Practice Questions With

100% Correct Answers 2024

Which of the following definitions best defines privacy as cited in the text and related to privacy law? A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others. B. The ability of an individual to not be observed or disturbed by other people. C. The desire of people to be free from surveillance by the government or undue public attention while residing on their personal property. D. The right of an individual or group to seclude themselves from other individuals or organizations. - Correct Answer-A. The desire of people to freely choose the circumstances and the degree which individuals will expose their attitudes and behavior to others.** In most cases, the FTC settles disputes through consent decrees and consent orders. What is the maximum length of a consent decree?

A. 5 years B. 10 years C. 20 years D. Indefinitely - Correct Answer-C. 20 years Which step in developing an Information Management Program involves distributing privacy policies and privacy notices? A. Build B. Communicate C. Discover D. Regulate - Correct Answer-B. Communicate Regarding data information management, which of the following tasks can help with compliance audits, quickly comply with legal discovery requests, and ensure data is stored efficiently? A. Data Mapping B. Data Classification

C. Data Flow Documentation D. Data Protection Laws - Correct Answer-B. Data Classification Which of the following would NOT fall under the jurisdiction of the GDPR? A. A German company with assets in France and employees in both companies. B. An Italian company selling products and services worldwide. C. A Spanish company that processes data of US citizens. D. A US company who sells products and services in South America. - Correct Answer-D. A US company who sells products and services in South America. Which form of malicious online threat targets an individual user and pretends to be a legitimate party, such as a bank, to steal personal data? A. Spear Phishing B. Ransomware

C. Technical Based Attack D. Hacking - Correct Answer-A. Spear Phishing Which of the following entities is the PRIMARY enforcer of the HIPAA Privacy Rule and can assess civil monetary penalties? A. Federal Trade Commission B. Office of Civil Rights C. State Attorney General D. US Department of Justice - Correct Answer-B. Office of Civil Rights Which legislation provides privacy provisions for the exemption of disclosure of certain biomedical information, securing remote access to view PHI, prohibiting the blocking of information, certificates of confidentiality, and compassionate sharing of mental health or substance abuse information with family or caregivers? A. 21st Century Cures Act of 2016 B. GINA of 2008 C. HITECH of 2013

D. HIPAA Security Rule of 2003 - Correct Answer-A. 21st Century Cures Act of 2016 Who is responsible for notifying consumers when adverse action is taken based on information in a consumer credit report? A. The Credit Bureau B. The User C. The Credit Reporting Agency D. The Consumer Financial Protection Bureau - Correct Answer-B. The User Which two FCRA rules were added with the Fair and Accurate Credit Transitions Act in 2003? A. Disposal Rule and Red Flags Rule B. Privacy Rule and Safeguards Rule C. Disposal Rule and Safeguards Rule D. Privacy Rule and Red Flags Rule - Correct Answer-A. Disposal Rule and Red Flags Rule

Use the following scenario to answer questions 1 through 5 Don lives in California with his wife and two children. Sarah is 12 years old and in the 7th grade at her school. Robert is 15 and a Sophomore at his school. Don is concerned about his children and their online activities as they use social media and talk with their friends. Sarah has an Xbox One that she primarily uses to stream content from Netflix, Hulu, and YouTube, but she does play a few games on the system too. Robert has a PlayStation 4 and is an avid gamer. He loves cooperative multiplayer games with his friends. Sarah and Robert each received their gaming consoles as a gift from their parents last year. Upon first use, both had to setup user profiles and input some basic information

  1. According to the Children's Online Privacy Protection Rule, all the following would be considered personal information EXCEPT: A. The children's first and last name - Correct Answer-1. According to the Children's Online Privacy Protection Rule, all the following would be considered personal information EXCEPT:

C. Identifying favorite shows on streaming services

  1. Which statement is TRUE regarding Sarah and Robert under COPPA? B. COPPA applies to Sarah, but not Robert
  2. One of Don's concerns is the easy access to pornography on the internet today. He does not want his children viewing pornography either purposely or accidentally. Which statement is TRUE regarding protecting children from pornography? D. Don can discourage his children from viewing pornography by understanding and using parental controls on all their devices.
  3. Don understands that some location-based services simply enhance the user experience. Others, such as daily fantasy sports applications that allow sports betting, require that location-based services be activated to function at all. Given Don's concern over his children's safety, which of the following best practices would you recommend to Don?

C. Allow the children to turn on location-based services on their gaming consoles, but not their smart phones.

  1. Robert has been having some arguments with another boy at school. The other boy has posted a picture semi-nude picture of Robert on social media that he took in the boy's locker room after football practice. Along with the picture the boy identified Robert by first and last name and what school they attend. Regarding privacy law, what course of action would you recommend to Don in this situation? A. Contact the social media website to have the content removed. Which of the following requires financial institutions to maintain security controls to protect personal consumer information for both electronic and paper records, and requires institutions to implement an information security program? A. California Financial Information Privacy Act B. Privacy Rule

C. Red Flags Rule D. Safeguard Rule - Correct Answer-D. Safeguard Rule General health records data for private schools who accept no federal funding are subject to A. FERPA B. PPRA C. HIPAA D. No Child Left Behind - Correct Answer-C. HIPAA The criteria for an existing business relationship, as defined by TSR, includes A. A transaction taking place within the last 18 months. B. A transaction taking place within the past two years. C. An offer has been requested within the past year. D. An offer has been requested within the last six months - Correct Answer-A. A transaction taking place within the last 18 months.

Who has the right to private action regarding violations of the CAN SPAM Act? A. Businesses who receive unsolicited advertisements to business email addresses. B. Governmental agencies who receive unsolicited advertisements to .gov addresses. C. Individuals who receive unsolicited advertisements to personal email addresses. D. Internet Service Providers attempting to protect their customers from unsolicited email advertisements. - Correct Answer-D. Internet Service Providers attempting to protect their customers from unsolicited email advertisements. Use the following scenario to answer questions 1 through 5 Lawrence works in the billing office of TH Medical Clinic. Lawrence is 30 years old with a bachelor's degree in finance. Lawrence received training during his orientation that included what PHI is collected, when it is collected, how it is stored, when it is destroyed, when it is updated, and an overview of HIPAA requirements as they related to his position.

Since he is in billing, Lawrence has the highest security classification in at the medical clinic since he sees PHI for the patient, payment information for the patient, insurance information, and billing codes related to each patient's diagnosis and treatment at the clinic. Lawrence has been asked to be a trainer in the future for new employees who will need to understand HIPAA and various processes in the company related to the data. Therefore, Lawrence is reviewing his own materials to refresh his me - Correct Answer-1. What was the primary reason for the creation of HIPAA? B. To increase the efficiency of electronic healthcare payments.

  1. Lawrence works for a healthcare provider, which of the following healthcare entities covered by HIPAA (prior to HITECH) includes third-party organizations that host, handle, or process medical information? B. Healthcare Clearinghouses
  1. Which of the following scenarios would NOT be covered under HIPAA? D. Medical books purchased through Amazon
  2. What is the primary purpose of the HIPAA Security Rule? C. Establish minimum security requirements for PHI collected in electronic form.
  3. All the following are security requirements set forth by the HIPPA Security Rule, except: D. Establish an annual compliance audit process with the Office of Civil Rights. Which of the following is not a legal requirement when a potential employer is using information in a consumer report to determine employment eligibility? A. permissible purpose must exist for the report information.

B. The candidate must receive written notice that a report will be requested. C. The candidate must give written consent before the report is obtained. D. The candidate must receive notice whether adverse action was taken or not.** - Correct Answer-D. The candidate must receive notice whether adverse action was taken or not. Under Section 702 of FISA, which surveillance program allows data requests of Internet Service Providers? A. PRISM B. MAGENTA C. RAINBOW D. Upstream - Correct Answer-A. PRISM In which of the following laws is disclosure forbidden unless a person has expressly opted in? A. Bank Secrecy Act B. COPPA C. GLBA

D. US Patriot Act - Correct Answer-B. COPPA Based on current US employment privacy laws, which of the following should NOT be expected to happen while employed with a company? A. Taking a polygraph test due to a theft at work. B. Video monitoring only for workplace safety compliance. C. GPS tracking while making deliveries for work. D. A manager accessing your computer to get an needed file while you are on vacation. - Correct Answer-A. Taking a polygraph test due to a theft at work. "Third party doctrine" as it relates to the fourth amendment of the US constitution concerns: A. Three authorities are required for creating and administering a warrant. B. Someone referring to themselves in the third person is hiding something. C. Data or information a suspect shares with a third party is not privacy protected.

D. A third party can wiretap a suspect without a warrant and then give the data to the police. - Correct Answer-C. Data or information a suspect shares with a third party is not privacy protected.** Which legislation provides protection to the media from government searches unless they have committed a crime or threaten to commit a crime? A. US Communications Assistance to Law Enforcement B. Stored Communications Act C. Privacy Protection Act D. Cybersecurity Information Sharing Act - Correct Answer-C. Privacy Protection Act