Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP/US Practice Exam With 100% Correct Answers 2024, Exams of Advanced Education

CIPP/US Practice Exam With 100% Correct Answers 2024 Which branch government generally has the final say in the passing of a law? - Correct Answer-a. The Executive Branch b. the Legislative Branch c. the Operational Branch d. the Judicial Branch Which branch of government does the president belong to? - Correct Answer-a. The Judicial Branch b. The Executive Branch c. The Operational Branch d. None of these answers How can personal information best be described? - Correct Answer-a. Any information relating to a natural person b. This depends on the field and even state law c. Directory information d. Information of value

Typology: Exams

2023/2024

Available from 07/17/2024

professoraxel
professoraxel 🇺🇸

3.7

(28)

9.9K documents

1 / 50

Toggle sidebar

Related documents


Partial preview of the text

Download CIPP/US Practice Exam With 100% Correct Answers 2024 and more Exams Advanced Education in PDF only on Docsity!

CIPP/US Practice Exam With 100%

Correct Answers 2024

Which branch government generally has the final say in the passing of a law? - Correct Answer-a. The Executive Branch b. the Legislative Branch c. the Operational Branch d. the Judicial Branch Which branch of government does the president belong to? - Correct Answer-a. The Judicial Branch b. The Executive Branch c. The Operational Branch d. None of these answers How can personal information best be described? - Correct Answer-a. Any information relating to a natural person b. This depends on the field and even state law c. Directory information d. Information of value

Which comprehensive federal privacy laws are there in the US? - Correct Answer-a. The Children's Online Privacy Protection Act b. The Health Insurance Portability and Accountability Act c. None, there are no comprehensive federal privacy laws in the US d. The General Data Protection Regulation Of the following, which are three different tort categories? - Correct Answer-a. Negligence, notice breach, intrusion b. Intrusion upon seclusion, strict liability, negligence with blame c. Intentional, negligent, strict liability d. Privacy notice breach, wrongful intrusion, defamation What is the best description of the difference between criminal and civil liability? - Correct Answer-a. Civil cases are the only cases with victims b. Criminal cases involve entities and persons c. Civil cases are between person and/or entities, whereas criminal cases are brought by the government d. In a civil case no laws are broken

In relation to privacy, which of the following is most restrictive for employers in the US? - Correct Answer-a. The Health Insurance Portability and Accountability Act b. The Children's Online Privacy Protection Act c. The Fourth Amendment d. The Fair and Accurate Credit Transactions Act What is the most likely purpose for which an organization creates a data inventory? - Correct Answer-a. Showing the public which data are stored b. Creating an overview of data, helpful for creating a compliance and security approach c. Complying with a US legal requirement d. Identifying storage size requirements Which of the following statements is not true regarding data classification? - Correct Answer-a. Organizations are free to classify data elements a certain way to place it inside or outside the scope of certain laws b. Data classification can help identity applicable laws c. To assist in creating a security strategy

d. Help breach response Which of the following contains specific data retention and disposal requirements? - Correct Answer-a. The Fair and Accurate Credit Transactions Act b. Any pre-emptive law c. The Children's Online Privacy Protection Act d. The Cable Communications Policy Act Which of the following is not applicable to international data transfers? - Correct Answer-a. The Fair and Accurate Credit Transaction Act b. The General Data Protection Regulation c. The CLOUD Act d. The Personal Information Protection and Electronic Documents Act How can security in relation to privacy be described best? - Correct Answer-a. Privacy deserves higher priority than security b. Privacy needs security, but security is not only about privacy

c. Security and privacy have no overlap d. De-identified data do not require security measures Which of the following is not an appropriate way for an international organization operating in the US to be compliant with European Privacy regulations? - Correct Answer-a. Standard contractual clauses b. European ownership of the organization c. Binding Corporate Rules d. Keeping all data in the country of origin Which of the following is true about privacy notices? - Correct Answer-a. Only certain US laws require a privacy notice b. Privacy notices are required for all websites in the US or targeted at a US audience c. Changing a privacy notice mid-service is not deceptive d. The CLOUD Act What does workforce training on privacy matters establish? - Correct Answer-a. It eliminates all compliance risk b. The training motivates the workforce, and allows the workforce to work more efficiently

c. It shows that management delegates the process of becoming compliant d. Increase the level of knowledge of staff, decreasing the chance of non-compliance A merger between a US based company, and affiliates in Asia and Canada is planned to take place. As a privacy officer, what considerations would you bring to the CEO's attention? - Correct Answer-a. Canada's non-Personal Information Protection and Electronic Documents Act legislation b. The potential benefits of sharing data c. An expansion of your department and an increase in salary d. Data flow mapping What is one of the important considerations for companies selling to consumers internationally? - Correct Answer-a. The salary of the privacy officers b. Whether they actively target customers in other countries c. Bring Your Own Device practices d. The Fourth amendment

What is the name of the guidelines developed by the Asia- Pacific Economic Cooperation? - Correct Answer-a. The OECD guidelines b. The IT Act c. The Fair Information Practices d. The APEC privacy framework Which of the following is not a key attribute of security? - Correct Answer-a. Confidentiality b. Delivery c. Integrity d. Availability Which types of security controls can be considered in developing a security strategy? - Correct Answer-a. Physical, administrative, technical b. Proactive, reactive, distortive c. Detective, cumulative, reactive d. Physical, cosmetic, digital

What is the best fitting description of a data breach? - Correct Answer-a. A failure of security measures, resulting in the unauthorized accessing of data b. Loss of data, including an encrypted hard drive c. A shutdown of the company server d. The National Security Agency has access to classified information After a data breach, there are several ways to deal with the breach. Which of the following is the least likely reason for correctly dealing with incidents? - Correct Answer-a. To comply with legislation b. To minimize adverse consequences c. To hide security flaws d. To fix any security weaknesses What is the biggest reason online privacy is a complicated thing? - Correct Answer-a. Smart devices automatically gather data b. The Internet of Things is not controllable c. People are social media addicts, and unable to stop sharing personal information

d. It is decentralized, non-transparent with a large collection of (seemingly) restrictive and contradicting legislation When a consent decree is published, what has happened? - Correct Answer-a. A lawsuit is started regarding a data breach, resulting in a publication of the appropriate security policy b. The Federal Trade Commission and the other party entered into an agreement to stop a certain conduct, and the information is published for other organizations to learn from c. Compensation is paid to the victims, so they cannot start a lawsuit d. Binding Corporate Rules are implemented, ensuring consistent practices across all affiliates How can the Federal Trade Commission be described best? - Correct Answer-a. A part of the executive branch with rule- making powers b. A counterpart of the European Parliament c. The enforcer of the Fourth amendment d. The Federal Trade Commission has won every case When does the Children's Online Privacy Protection Act apply?

  • Correct Answer-a. For websites targeting children under 18

b. For websites targeting children under 13 c. For websites without a privacy notice d. For websites that store de-identified data of toddlers For which law does the Federal Trade Commission have specific authority? - Correct Answer-a. The General Data Protection Regulations b. The Children's Online Privacy Protection Act c. The APEC Privacy Framework d. The Fair Information Practices There are several laws concerning medical privacy, both on national and state level. Which of the following is the most likely reason for this legislation? - Correct Answer-a. Medical data are in high demand, hence legislation is needed to guide medical practitioners in the selling of such data b. Privacy is an absolute right, and therefore requires protection c. Organ theft is a major issue, and unsafely stored medical records were a valuable source of information for organ thieves d. It is believed that patients are more open and honest about their conditions if they experience a sense of privacy

What safeguard is often put in place by researchers when using medical data for research? - Correct Answer-a. Non- disclosure agreement b. Encryption of data c. The data is de-identified d. Patient consent form The Health Insurance Portability and Accountability Act is quite strict. Which of the following statements is most accurate? - Correct Answer-a. All medical data are covered by the Health Insurance Portability and Accountability Act b. The Health Insurance Portability and Accountability Act is based on the Fifth amendment c. Aspects of the Health Insurance Portability and Accountability Act can be disregarded when stricter state law is in place d. All medical practitioners sign a Health Insurance and Portability and Accountability Act declaration before being authorized to practice medicine Which of the following best describes the privacy rights of a person visiting a doctor? - Correct Answer-a. Absolute right,

with full control over every aspect of the data, including control over the use for research b. Covered by the Health Insurance Portability and Accountability Act for the electronic transactions for the treatment, as well as the Reader Privacy Act for the book he bought in California to learn about disease c. The medical data derived from the visit to the doctor can under no circumstances be used for research d. Only the government is forbidden access to the data, based on the Fourth amendment, which includes e-health data generated by medical practitioners According to the Confidentiality Substance Use Disorder Patient Record Rule, what is required for disclosure of patient information? - Correct Answer-a. A recommendation from the patient's counselor b. Fully documented parental consent, regardless of the age of the patient c. Written patient consent, explicitly describing the type of information to be disclosed d. Under no circumstances is patient information to be disclosed

What was the initial reason for the Health Insurance Portability and Accountability Act? - Correct Answer-a. Patient privacy and security b. To define Personal Health Information c. To define electronic Personal Health Information d. The improvement of the efficiency of delivery of health care What is one of the limitations of the Health Insurance Portability and Accountability Act? - Correct Answer-a. The Health Information Technology for Economic and Clinical Health Act was needed to define electronic Personal Health Information b. The Health Insurance Portability and Accountability Act is a guideline and not a law c. The Health Insurance Portability and Accountability Act is not applicable to situations involving retired citizens d. Some doctors are not covered by the Health Insurance Portability and Accountability Act Which of the following is not a key privacy protection under the Health Insurance Portability and Accountability Act? - Correct Answer-a. Layered privacy notices b. Administrative, physical and technical safeguards

c. A privacy professional for covered entities d. Individuals are allowed to access and copy a designated record set Which of the following preempts state law in most areas? - Correct Answer-a. The Fair and Accurate Credit Transactions Act b. The Fair Credit Reporting Act c. The Gramm-Leach-Bliley Act d. The Financial Turmoil Reconciliation Assurance Act The Fair Credit Reporting Act affects organizations like Equifax, Experian and TransUnion. What are these organizations classified as? - Correct Answer-a. Consumer Reporting Agencies b. Credit Reporting Agencies c. Credit Score Agencies d. Transaction Recording Agencies Which of the following is required by the Fair and Accurate Credit Transactions Act and enhances privacy? - Correct

Answer-a. Receipts are legally stored for a period of seven years b. Credit card numbers are only allowed to be stored without the accompanying signature c. Receipts are not allowed to reveal a full credit card number or debit card number d. Receipts are only allowed to be issued digitally in specific situations How can the disposal rule be most accurately described? - Correct Answer-a. Making sure unauthorized recipients dispose of a consumer report after there is no legal basis for it anymore b. When issued, the unnecessary information is disposed of before issuing a report c. Physical copies need to be scanned and disposed of, and digital storage needs to be encrypted d. A way to ensure that a consumer report is disposed of properly after it is no longer needed or allowed to be used Which of the following is not true regarding the Red Flag Rule? - Correct Answer-a. Originally required through the Fair and Accurate Credit Transactions Act

b. Authorized the Federal Trade Commission & federal banking agencies c. Certain financial entities are required to develop an identity theft detection program d. Requires insurance against Identity Theft What was U.S. Bancorp accused of? - Correct Answer-a. Not properly encrypting the credit card data of its customers b. Illegal data transfers to India, due to outsourcing c. Sharing detailed customer information with a telemarketing firm d. Storing data of minors without the required parental consent What kind of institutions fall within the scope of the Family Educational Rights and Privacy Acts? - Correct Answer-a. All educational institutions fall within the scope b. Educational institutions that receive federal funding c. It applies to education institutions with exchange students d. Privately funded education institutions

Which type of information is still allowed to be disclosed under the Family Educational Rights and Privacy Act? - Correct Answer-a. Grade Point Average b. Directory information c. Home addresses of students d. Health insurance coverage Which of the following best describes the US National Do Not Call Registry? - Correct Answer-a. A program implemented by the Federal Communications Commission, where phone numbers of US residents can be registered to be placed in the registry b. The requirement for citizens to actively indicate that they are open to receiving unsolicited phone calls c. A program implemented by the Federal Trade Commission, where phone numbers can be registered to be placed in the registry d. An initiative that was sparked by the concept of the Internet of Things What is not true about the Do Not Call Registry? - Correct Answer-a. Sellers and telemarketers are required to update their call lists annually

b. Only sellers, telemarketers, and service providers may access the registry c. Violations can lead to civil penalties d. The Do Not Call Registry is implemented by the Federal Trade Commission Which of the following is not true regarding consent to allow telemarketers and sellers to call a consumer? - Correct Answer-a. Must include a signature b. Consent requires a privacy notice c. Must be in writing d. Consent must be clear and conspicuous What are robocalls? - Correct Answer-a. Phone calls established through the automated dialing of random numbers b. Phone calls augmented with Artificial Intelligence c. Communication established through the Internet of Things d. Prerecorded calls The goal of the Controlling the Assault of Non-Solicited Pornography and Marketing Act is best described as which of

the following? - Correct Answer-a. Apply a paternalistic filtering of pornographic material so as to raise slipping moral standards b. A way to respect individual rights and provide a way to indicate how desirable the communication is c. Eliminate phishing attacks, and reducing the financial burden it causes d. Allow parents to be in control over what messages their children receive Which of the following can be said about the Cable Communications Policy Act? - Correct Answer-a. Video rental records cannot be disclosed freely b. It has become redundant due to internet television c. Certain damages as a result of violations can be recovered because it provides for private right of action d. There is no such law as the Cable Communications Policy Act Which state was the first to include a Do Not Track requirement in its laws? - Correct Answer-a. New York b. California c. Washington

d. North Carolina Due to the 2007 revisions to the Federal Rules of Civil Procedures, what is now required? - Correct Answer-a. A non- disclosure requirement for members of the jury b. Names omitted in court cases c. Encryption of e-discovery data d. Redacting sensitive personal information Which of the following is not required for a subpoena according to the Federal Rule of Civil Procedure 45? - Correct Answer-a. State the court from which it is issued b. State the title of the action and its civil action number c. Take photographic evidence of the receipt of the subpoena d. Mention a person's right to challenge or modify the subpoena How can courts prohibit the disclosure of personal information used or generated in litigation? - Correct Answer- a. The court can issue a protective order b. The court can issue a restrictive order c. The court can issue a redactive order

d. The court can issue a national security letter What was the main concern when posting personal information used in bankruptcy cases online? - Correct Answer-a. Stalking b. Family feuds c. Identity theft d. Data breaches Which of the following is not one of the four key guidelines from the Sedona Conference? - Correct Answer-a. Professionals from several disciplines should provide input into the e-mail retention policy b. E-mail retention policies should continually be developed c. A Chief Information Security Officer in charge of e-discovery d. Industry standards should be taken into account What is the Communications Assistance to Law Enforcement Act also referred to? - Correct Answer-a. The Pen Register b. The Digital Telephone Bill c. The Wire d. Track and Trace

In 2016 the FBI was quarrelling with Apple. What was the quarrel about? - Correct Answer-a. A new firmware slowing down phones b. Helping gain access to the data on a seized phone c. The tablets in the Federal Bureau of Investigation's office could not fit the micro-SD required for the investigation d. A cloud security breach exposing pictures of celebrities Which of the following is most accurate regarding workplace privacy? - Correct Answer-a. A workplace privacy is the same in every state b. US privacy protection at the workplace is the strictest in the world c. Workers have a high level of influence in the workplace practices d. There is no law that covers privacy specifically Which of the following is not a source of privacy protection for employees? - Correct Answer-a. State labor laws b. Contract and tort law c. Overarching employment privacy law

d. Certain federal laws What is the most accurate comparison between US and EU workplace privacy? - Correct Answer-a. The US inspired the EU legislation b. The EU has no law that is applicable to the workplace c. The US has cubicles, whereas in the EU cubicles are forbidden because of privacy concerns d. EU employee data fall under the scope of the General Data Protection Regulation and offers more protection than all US laws combined What can be said about the Constitution's Fourth Amendment? - Correct Answer-a. It provides protection from employers b. It provides protection from government employers c. It does not concern privacy d. It only protects against the king of England In the US, there is employment at will. What is a consequence of this? - Correct Answer-a. All legislation is rendered invalid b. You can buy privacy

c. Many aspects, covered by laws in other continents, are at the discretion of the employer d. Employees have no rights Which of the following is not a tort that can be relied on by an employee in a privacy case? - Correct Answer-a. Intrusion upon seclusion b. Publicity given to private life c. Defamation d. Intellectual property Of the following laws, which does not have employment privacy implications? - Correct Answer-a. The Children's Online Privacy Protection Act b. The Employee Retirement Income Security Act c. The Health Insurance Portability and Accountability Act d. The Fair Labor Standards Act At which state of employment do employers need to take into account workplace privacy considerations? - Correct Answer- a. Before employment b. Before, during and after employment

c. During employment d. After employment What is true about Bring Your Own Device policies? - Correct Answer-a. Only company-issued equipment is allowed to be used b. It brings along security risks and requires reconsideration of the level of monitoring c. Employees surrender their data when a Bring You Own Device policy is in place d. Bring Your Own Device practices are illegal Which of the following is a consequence of the Employee Polygraph Protection Act? - Correct Answer-a. Only grade A and B type polygraphs are allowed to be used b. An employer cannot use a polygraph test to screen an applicant c. A statement of sincerity is required to substitute a polygraph d. Employers cannot screen applicants