CIPP/US Practice Exam Overview and Instructions, Exams of Nursing

CIPP/US Practice Exam - correct answer Designed to support preparation for the CIPP/US certification exam. IAPP - correct answer International Association of Privacy Professionals, the organization that provides the CIPP/US certification. Body of Knowledge - correct answer The set of topics and knowledge areas relevant to the CIPP/US certification. Practice Exam Purpose - correct answer Helps identify relative strengths and weaknesses in the major domains of the CIPP/US body of knowledge. Certification Exam Simulation - correct answer The practice exam simulates the types and breadth of questions encountered on the CIPP/US certification exam. Performance Guarantee - correct answer A strong performance on the practice exam does not guarantee similar success on the certification exam.

Typology: Exams

2024/2025

Available from 08/04/2025

Docgiana
Docgiana 🇺🇸

3.3

(14)

1.9K documents

1 / 29

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CIPP/US Practice Exam Overview and Instructions
CIPP/US Practice Exam - correct answer Designed to support preparation for the CIPP/US
certification exam.
IAPP - correct answer International Association of Privacy Professionals, the organization that
provides the CIPP/US certification.
Body of Knowledge - correct answer The set of topics and knowledge areas relevant to the
CIPP/US certification.
Practice Exam Purpose - correct answer Helps identify relative strengths and weaknesses in the
major domains of the CIPP/US body of knowledge.
Certification Exam Simulation - correct answer The practice exam simulates the types and
breadth of questions encountered on the CIPP/US certification exam.
Performance Guarantee - correct answer A strong performance on the practice exam does not
guarantee similar success on the certification exam.
Review for Accuracy - correct answer All items on the practice exam were reviewed for
accuracy at the time of publication.
Independent Development - correct answer The practice exam was developed independently
of the CIPP/US certification exam.
Reproduction Restrictions - correct answer The CIPP/US practice exam and rationales may not
be reproduced in any manner other than for use by the original purchaser.
Answer Sheet Instructions - correct answer Print out the answer sheet to indicate your
selection for each question.
Timer Setting - correct answer Set a timer for 150 minutes (2.5 hours) to simulate the
certification exam.
Answer Key Usage - correct answer Print out the answer key to check your answers against the
exam questions.
Correct Response Marking - correct answer Place a '1' or a checkmark in the corresponding
domain column of the answer key for each correct response.
Domain Scoring - correct answer Total the number of correct answer s under each domain
column.
Score Calculation - correct answer Calculate scores as a percent by dividing correct answer s by
total questions in that domain and multiplying by 100.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d

Partial preview of the text

Download CIPP/US Practice Exam Overview and Instructions and more Exams Nursing in PDF only on Docsity!

CIPP/US Practice Exam Overview and Instructions

CIPP/US Practice Exam - correct answer Designed to support preparation for the CIPP/US certification exam. IAPP - correct answer International Association of Privacy Professionals, the organization that provides the CIPP/US certification. Body of Knowledge - correct answer The set of topics and knowledge areas relevant to the CIPP/US certification. Practice Exam Purpose - correct answer Helps identify relative strengths and weaknesses in the major domains of the CIPP/US body of knowledge. Certification Exam Simulation - correct answer The practice exam simulates the types and breadth of questions encountered on the CIPP/US certification exam. Performance Guarantee - correct answer A strong performance on the practice exam does not guarantee similar success on the certification exam. Review for Accuracy - correct answer All items on the practice exam were reviewed for accuracy at the time of publication. Independent Development - correct answer The practice exam was developed independently of the CIPP/US certification exam. Reproduction Restrictions - correct answer The CIPP/US practice exam and rationales may not be reproduced in any manner other than for use by the original purchaser. Answer Sheet Instructions - correct answer Print out the answer sheet to indicate your selection for each question. Timer Setting - correct answer Set a timer for 150 minutes (2.5 hours) to simulate the certification exam. Answer Key Usage - correct answer Print out the answer key to check your answers against the exam questions. Correct Response Marking - correct answer Place a '1' or a checkmark in the corresponding domain column of the answer key for each correct response. Domain Scoring - correct answer Total the number of correct answer s under each domain column. Score Calculation - correct answer Calculate scores as a percent by dividing correct answer s by total questions in that domain and multiplying by 100.

Rationales Consultation - correct answer Consult the rationales for detailed explanations of each answer. Exam Format - correct answer All questions are multiple-choice with only one correct response. Sub-domain Indication - correct answer The letter in the box next to the unshaded box indicates the sub-domain of the body of knowledge related to the question. Version - correct answer The practice exam is based on the IAPP's CIPP/US body of knowledge version 2.6. Publication Year - correct answer The copyright year for the publication is 2025. Contact for Questions - correct answer Contact information is provided for questions or comments. Registered Trademarks - correct answer AIGP®, CIPP®, CIPP/A®, CIPP/C®, CIPP/E®, CIPP/G®, CIPP/US®, CIPM®, and CIPT® are registered trademarks of the IAPP. Fair and Accurate Credit Transactions Act of 2003 (FACTA) - correct answer Strengthens the Fair Credit Reporting Act (FCRA) by introducing provisions that deal directly with identity theft. Data flow mapping - correct answer A useful tool for organizations to comply with their regulatory responsibilities. Important step in data flow mapping - correct answer Identify custodians who are responsible for the data. Medical Quizzes app - correct answer A free app that allows users to take a two-minute quiz to receive a medical diagnosis. Health Insurance Portability and Accountability Act (HIPAA) - correct answer Does not protect the medical information provided to Medical Quizzes because the app is not provided by a covered entity. U.S. website collecting IP addresses - correct answer Is collecting personal data under U.S. law depending on whether the website can link the IP address to other identifying information about the visitor. Biometric information - correct answer A more popular and secure form of personal information to verify and/or authenticate identity. Illinois Biometric Information Privacy Act (BIPA) - correct answer Imposes a $1,000 penalty for each negligent violation, or a $5,000 penalty for each willful or reckless violation. Layered privacy notice - correct answer A short privacy notice with key points at the top.

Linking IP addresses to identifying information - correct answer A factor in determining if IP addresses are considered personal data. Voice-over-internet-protocol - correct answer A technology that allows for voice communication over the internet. Privacy Officer - correct answer An individual responsible for ensuring an organization's compliance with privacy laws and regulations. State privacy law - correct answer Legislation enacted by a state to protect the privacy of its residents. Data accountability - correct answer The responsibility of an organization to manage and protect data in accordance with applicable laws and regulations. Data classification - correct answer The process of organizing data into categories based on specific criteria. Sensitivity - correct answer The degree to which data must be protected due to its confidential nature. Transferability - correct answer The ability to move data from one system or location to another. Risk vulnerability - correct answer The potential for loss or harm related to data due to exposure to threats. Clinical class - correct answer A practical course in a nursing program where students gain hands-on experience in a healthcare setting. Internship - correct answer A temporary position that provides practical experience in a professional environment. Adjunct professor - correct answer A part-time instructor at a college or university who is not a full-time faculty member. Attendance - correct answer The act of being present at a class or event. Grading - correct answer The process of evaluating a student's performance and assigning a score or letter. Clinical internships - correct answer Practical training experiences for nursing students at healthcare facilities. Upstate Medical Hospital - correct answer The healthcare facility where John Doe is assigned for his clinical class.

Basic procedures - correct answer Fundamental medical tasks performed by nursing students under supervision. Appeal - correct answer A formal request to review and change a decision made by an authority. Disciplinary policy - correct answer The rules and procedures established by an institution to address misconduct. Hearing - correct answer A formal proceeding where evidence and arguments are presented regarding a dispute. Request for records - correct answer A formal inquiry to obtain documents or information held by an organization. Emails, texts, and written correspondence - correct answer Forms of communication that may be requested as part of a records inquiry. 45 days - correct answer The maximum time allowed for the School to provide requested records to John. FERPA - correct answer Family Education Rights and Privacy Act, which protects the privacy of student education records. CCPA - correct answer California Consumer Privacy Act, which gives consumers rights regarding their personal information. Schrems II - correct answer A decision by the Court of Justice of the European Union in July 2020 that invalidated the EU-U.S. Privacy Shield. Protective Order - correct answer A court order to prevent the disclosure of personal information during legal proceedings. Hospital Badge Confiscation - correct answer An action taken by the Hospital to investigate an incident involving John. Written Communications - correct answer All written messages regarding a student's grade that the nurse made. School's Email System - correct answer The email system used by the School to communicate, which must provide copies of emails sent. Health and Safety Exception - correct answer Allows the School to provide information about a student to the Hospital without consent if it relates to health and safety. Educational Records Access - correct answer The right of a student to access their educational records within 45 days of a request.

Federal Trade Commission (FTC) consent decree - correct answer A decree in which the respondent does not admit fault but will change its practices and avoid further litigation. Video Privacy Protection Act (VPPA) - correct answer A law that prohibits the disclosure of personal information about video rental customers. Exception to VPPA prohibition - correct answer Circumstances under which customer personal information may be shared with third parties. Order fulfillment - correct answer The process of completing a customer's order. Debt collection - correct answer The process of pursuing payments of debts owed by individuals or businesses. Opt-out process - correct answer A mechanism allowing users to decline participation in certain practices or data sharing. Regulatory complaints - correct answer Formal grievances filed with regulatory agencies regarding potential violations of laws or regulations. Unfair and deceptive practices - correct answer Business practices that mislead consumers or create an unfair advantage. Privacy policy - correct answer A statement that explains how an organization collects, uses, and protects personal information. Cross-sharing of information - correct answer The practice of sharing personal data across different products or services. Explicit consent - correct answer Clear and specific agreement given by an individual regarding the use of their personal information. Judge-approved settlement - correct answer An agreement reached between parties that is sanctioned by a judge. Privacy program office - correct answer A designated department within an organization focused on managing privacy-related issues. Tech Gurus - correct answer A fictional technology company involved in the scenario. Connect Me - correct answer An add-on product developed by Tech Gurus for social networking. Regulatory investigation - correct answer An inquiry conducted by a regulatory body to assess compliance with laws and regulations. Misrepresenting privacy - correct answer Providing false or misleading information regarding the handling of personal data.

Privacy or confidentiality of individuals' information - correct answer The protection of personal data from unauthorized access or disclosure. Misrepresenting compliance - correct answer Falsely claiming adherence to privacy, security, or compliance standards. Federal Trade Commission (FTC) - correct answer A regulatory authority that may enforce actions against companies like Tech Gurus. U.S. Department of Commerce (DOC) - correct answer A regulatory authority that may have jurisdiction over commerce-related issues. Federal Communications Commission (FCC) - correct answer A regulatory authority that oversees communications and may enforce regulations. Consumer Financial Protection Bureau (CFPB) - correct answer A regulatory authority that protects consumers in the financial sector. Consent decree - correct answer A type of settlement agreement reached between Tech Guru and the regulatory agency. Private right of action - correct answer A legal term referring to the right of an individual to sue for a legal remedy. Settlement agreement - correct answer An agreement reached to resolve a dispute without admission of guilt. Strict liability tort settlement - correct answer A legal term referring to a settlement where liability is established without fault. Judicial Branch - correct answer The branch of government that interprets laws and administers justice. Military Branch - correct answer The branch of government responsible for national defense and military operations. Executive Branch - correct answer The branch of government responsible for enforcing laws and administering the government. Legislative Branch - correct answer The branch of government responsible for making laws. Legal Authority - correct answer The power granted to a regulatory agency to enforce laws. Specific Authority - correct answer Authority granted to a regulatory agency for specific regulatory functions. General Authority - correct answer Broad authority granted to a regulatory agency to regulate within its jurisdiction.

Vendor agreements in California - correct answer If a consumer clicks on the 'Do Not Sell' button, the store can continue to share publicly visible account profile picture. AI-driven automated tool in hiring - correct answer A tool used by a hotel chain to help sort best suited applicants to open jobs based on received résumés. Sherry's qualifications - correct answer Included her name, phone number, past work experience at hospitality internships, education history at a top university and relevant extracurriculars. Interview selection bias - correct answer Despite her qualifications, only men were selected for interviews for the associate position. Human resources manager - correct answer Rhonda, who reviews recommendations for approved applicants. Consumer's in-store purchase history - correct answer An example of personal information that can be shared despite a 'Do Not Sell' request. Environmental safeguards under GLBA - correct answer Providing environmental safeguards, business continuity plans and disaster recovery. Securing computer systems under GLBA - correct answer Securing the computer systems, networks and applications together with access controls. Anticipated threats to information security - correct answer Protecting against anticipated threats or hazards to the security or integrity of the information. Disclosure of personal information under 42 CFR Part 2 - correct answer Requires consent to disclose personal information for the purpose of treatment. Subpoena for disclosing personal information - correct answer 42 CFR Part 2 requires only a subpoena for disclosing personal information to a court. Unique customer identifier - correct answer An example of personal information that can be shared despite a 'Do Not Sell' request. Private email address - correct answer An example of personal information that cannot be shared if a consumer clicks on 'Do Not Sell'. Publicly visible account profile picture - correct answer An example of personal information that can be shared despite a 'Do Not Sell' request. Civil lawsuits - correct answer Legal actions individuals can pursue under a private right of action. Health plan or healthcare provider - correct answer A covered entity that transmits protected health information data.

State regulatory agency - correct answer Any state regulatory agency or body that enforces a specific breach notification law. Resident affected by a breach - correct answer A resident of that state affected by a personal information breach who suffers harm. Discrepancy in résumé - correct answer A difference between Sherry's skill level and the position she was applying for. Recruitment selection tool - correct answer A tool that may sort applications and assess candidates for job positions. HIPAA compliance - correct answer A requirement ensuring that health information is protected and handled according to regulations. Résumé sorting tool assessment - correct answer The evaluation of the résumé sorting tool for potential bias in its application. Employee code violation discussion - correct answer A meeting summoned to address breaches of the organization's employee conduct policies. Invalid basis for discussion - correct answer A situation that does not constitute a legitimate reason for addressing a code violation. Layoff best practices - correct answer Recommended actions to take when terminating employees to ensure compliance and security. FACTA requirements - correct answer Regulations that require disclosure before using a credit score for loans. Opting out under GLBA - correct answer A method for consumers to prevent sharing of their personal information with third parties. Records retention under FACTA - correct answer Guidelines governing how long sensitive information derived from consumer reports must be kept. Biometric data removal - correct answer The process of deleting former employees' biometric information from access systems during layoffs. Email account deletion - correct answer The action of removing access to former employees' email accounts as part of the layoff process. Personal item disposal - correct answer The act of discarding personal and business-related items left by former employees. Personnel file retention policy - correct answer The rules governing how long personnel files of former employees must be kept.

Co-regulatory model - correct answer A model emphasizing industry development of enforceable codes or standards for privacy and data protection alongside government legal requirements. Trust Arc - correct answer An example of a co-regulatory model for privacy and data protection. Children's Online Privacy Protection Act (COPPA) - correct answer A law that regulates the online collection of personal information from children. Payment Card Industry Data Security Standards (PCI-DSS) - correct answer Standards that ensure companies protect cardholder data. Employee privacy risk reduction policy - correct answer A policy that might restrict employees from using personal devices for company business to reduce privacy risks. Keystroke monitoring - correct answer Monitoring of all employees to block non-business use of office computers. Discovery requests - correct answer Requests for information during litigation, which may include non-business-related material. Unauthorized accounts - correct answer Accounts opened by a bank's employees on behalf of customers without their consent, which can lead to enforcement action. Data breach - correct answer An incident where a consumer reporting agency suffers a breach due to lax information security practices. Money service business registration - correct answer The requirement for individuals buying and selling cryptocurrency on behalf of consumers to register as a money service business. Parental consent - correct answer The requirement for online platforms to obtain verified parental consent before collecting children's personal information. GLBA Safeguards Rule - correct answer A regulation that requires financial institutions to implement security measures to protect consumer information. Physical security - correct answer Measures taken to protect physical assets and facilities from unauthorized access or damage. Theoretical security - correct answer A concept of security that is based on theoretical frameworks rather than practical implementation. Operational security - correct answer Processes and practices that protect sensitive information from being accessed by unauthorized individuals. Reasonable security - correct answer Security measures that are appropriate and effective for the level of risk faced by an organization.

Data security - correct answer Protective measures that safeguard digital information from unauthorized access, corruption, or theft. Administrative security - correct answer Policies and procedures that govern the management and protection of sensitive information. Technical security - correct answer Technological measures used to protect information systems and data from cyber threats. Security surveillance - correct answer Monitoring activities in a specific area to ensure safety and security. Wiretap Act - correct answer A federal law that prohibits the interception of wire and oral communications without consent. Electronic Communication Privacy Act (ECPA) - correct answer A law that extends government restrictions on wiretaps to include electronic communications. KardiaBros Inc. (KBI) - correct answer A private company that manufactures implantable medical devices for cardiac patients. Initial Public Offering (IPO) - correct answer The process through which a private company offers shares to the public for the first time. Myocardial infarction - correct answer A medical term for a heart attack, which occurs when blood flow to the heart is blocked. Workforce expansion - correct answer The process of increasing the number of employees in an organization. Data protection checklist - correct answer A list of items and measures that need to be addressed to ensure data protection compliance. Chief Privacy Officer - correct answer An executive responsible for overseeing data protection and privacy policies within an organization. Lawyers LLC - correct answer The outside counsel advising KBI on legal matters, including data protection. Sam Myoma - correct answer A second-year MBA student interning at KBI, tasked with handling the data protection checklist. Data governance structure - correct answer The framework that defines how data is managed, protected, and utilized within an organization. Job requisition follow-up questions - correct answer Questions Sam should ask the director of human resources regarding the marketing executive role.

Independence between roles - correct answer No, Sam cannot accept these positions because there is not sufficient independence between the two roles. Country-based position requirement - correct answer No, Sam cannot accept these positions because each position must be based in its respective country. Algorithm for newsfeed curation - correct answer A social media platform uses an algorithm to curate users' newsfeeds based on factors like who they follow, their past interactions, and trending topics. Medical records transmission app - correct answer Grandview Hospital hired Apps for All to create and maintain a mobile app for transmitting medical records to patients. Contract for medical records - correct answer The contract establishes the accepted practice for the collection, use, retention, and disclosure of patients' medical records. Healthcare ransomware attacks - correct answer Healthcare entities were one of the highest targeted organizations for ransomware attacks in the last few years. Ransomware threat response - correct answer Disconnect all infected devices from the network. Federal Trade Commission enforcement - correct answer The Federal Trade Commission currently shares authority with another federal bureau for civil enforcement of alleged violations of Section 5 of the FTC Act. ECPA and email access - correct answer The ECPA requires a warrant to access the contents of an email if it has been stored on a provider's server for more than 180 days, but a subpoena can be used for emails stored for less than 180 days. Cybersecurity Information Sharing Act provisions - correct answer Identifying devices, data and systems used to conduct the core company activities. Consumer Financial Protection Bureau authority - correct answer The ability to conduct investigations and issue subpoenas, hold hearings and commence civil actions against offenders. EU to U.S. data transfer mechanisms - correct answer File Transfer Protocol. Department of Labor oversight - correct answer FLSA, OSHA and ERISA. HIPAA individual rights - correct answer Right to Request Confidential Communications. Information Management Program building stage - correct answer Procedure development and verification.

California Consumers Privacy Act enforcement - correct answer A handful of additional states passed comprehensive consumer data privacy laws giving enforcement authority to state offices. California Consumers Privacy Act (CCPA) - correct answer A law passed in 2019 that established comprehensive consumer data privacy regulations. Enforcement Authority - correct answer The power given to a state office to enforce laws. PCI DSS Levels - correct answer Levels based on the number of annual transactions the entity engages in. Privacy Office - correct answer A department managing privacy compliance within an organization. Phishing Attack - correct answer A cyber attack where a bad actor attempts to obtain sensitive information by masquerading as a trustworthy entity. Exfiltrated Data - correct answer Data that has been unlawfully transferred out of a system. Breach Notification Laws - correct answer Laws requiring organizations to notify individuals when their personal information has been compromised. Affected Individuals - correct answer Individuals whose personal data has been compromised in a data breach. Vendor - correct answer A third-party service provider that assists a company in its operations. Customer Data - correct answer Information collected from customers, including personal identifiers and payment information. Encryption - correct answer A method of securing data by converting it into a code to prevent unauthorized access. Incident Response - correct answer The process of managing and addressing a data breach or security incident. State Breach Law - correct answer Legislation that outlines the requirements for notifying individuals about data breaches. Personal Information - correct answer Data that can be used to identify an individual, such as name, address, and social security number. Holiday Sales Incentives - correct answer Promotional offers made to customers during the holiday season to increase sales. Customer Loyalty - correct answer The tendency of customers to continue buying from a specific company due to positive experiences.

FCRA Employment Denial Requirement A - correct answer The employer must provide the employee with the legal purpose of the report. FCRA Employment Denial Requirement B - correct answer The employer must provide notice to the applicant that an adverse action was taken. FCRA Employment Denial Requirement C - correct answer The employer must provide guidance to the applicant on how to dispute the CRA report. FCRA Employment Denial Requirement D - correct answer The employer must certify to the employee that the report is from a permissible agency. Preemption Definition - correct answer A federal statute taking precedence over a state statute. Federal Agency Authority - correct answer A federal agency exercising authority over its area of specialization. Federal Statute Fines - correct answer A federal statute establishing first priority for the application of fines. Federal Agency Prosecution - correct answer A federal agency's prosecution takes precedence over that of other countries. 21st Century Cures Act Balance - correct answer Using personal information for public interest purposes and the individual's right to object to such use. Personal Information Protection - correct answer Protecting an individual's personal information and the public interest in sharing the personal information. Research and Personal Information - correct answer Sharing personal information for research and the value of the personal information to pharmaceutical companies. FOIA and Personal Information - correct answer Allowing personal information to be disclosed under the Freedom of Information Act and the individual's right to be notified of such disclosure. Credit Report Check Law - correct answer Gramm-Leach-Bliley Act (GLBA). Unauthorized Expenses Law - correct answer Fair and Accurate Credit Transactions Act (FACTA). Gramm-Leach-Bliley Act (GLBA) - correct answer A law that requires financial institutions to explain how they share and protect their customers' private information. Foreign Intelligence Surveillance Act (FISA) - correct answer A law that provides a framework for the surveillance of foreign intelligence targets within the United States.

Fair and Accurate Credit Transactions Act (FACTA) - correct answer A law that aims to reduce identity theft by improving the accuracy of consumer credit information. AdChoices - correct answer A self-regulatory program that provides consumers with transparency and control over targeted advertising. TrustArc Privacy Certification - correct answer A certification that demonstrates compliance with privacy regulations and best practices. Age-Appropriate Design Code - correct answer A code that sets out standards for online services to protect children's privacy. Payment Card Industry Data Security Standard - correct answer A set of security standards designed to ensure that companies that accept, process, store or transmit credit card information maintain a secure environment. Section 5 FTS enforcement - correct answer FTC's enforcement authority over unfair methods of competition and deceptive practices. Invitation to Collude - correct answer Practices that facilitate explicit or implicit collusion between competitors. Unfair Methods of Competition Involving Intellectual Property - correct answer Abuse of intellectual property rights to harm competition. Quantitative Metrics - correct answer Specific quantitative metrics (e.g., market share thresholds) for triggering scrutiny under Section 5. Remedies - correct answer Variety of remedies the FTC may seek to address unfair methods of competition, including injunctions, divestitures, and disgorgement of ill-gotten gains. Data Handling Questions for Vendors - correct answer Questions companies should ask vendors to ensure proper data handling. Phone Interviews - correct answer Initial screening method used by NYS to assess candidates. Candidate Assessment Consistency - correct answer Requirement for all interviewers to ask the same questions to all applicants. Social Media Screen - correct answer Process used by NYS recruiters to track candidates' online presence for potential risks. Prohibition of Login Credentials - correct answer NYS HR team is prohibited from requesting or accepting candidate login credentials for social media accounts. Target Market of NYS - correct answer Consumers between the ages of 20-30 years who live a healthy lifestyle and participate in outdoor activities.