Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

IAPP EXAM 2024/2025 WITH 100% ACCURATE SOLUTIONS, Exams of Nursing

IAPP EXAM 2024/2025 WITH 100% ACCURATE SOLUTIONS

Typology: Exams

2024/2025

Available from 09/09/2024

ACADEMICLINKS
ACADEMICLINKS ๐Ÿ‡บ๐Ÿ‡ธ

3.9

(10)

3.3K documents

1 / 12

Toggle sidebar

Related documents


Partial preview of the text

Download IAPP EXAM 2024/2025 WITH 100% ACCURATE SOLUTIONS and more Exams Nursing in PDF only on Docsity!

IAPP EXAM 2024/2025 WITH 100%

ACCURATE SOLUTIONS

  1. Two of the four categories of data\nprotection and privacy law and practices are informational privacy and\nA. Territorial privacy.\nB. Health privacy.\nC. Electronic privacy.\nD. Financial privacy. - Precise Answer โœ”โœ”A. Territorial privacy.
  2. What is provided in Article 8 of the\nEuropean Convention for the Protection of Human Rights and Fundamental Freedoms?\nA. The right of every individual to vote in his or her own country.\nB. The right of public authorities to collect certain necessary personal data.\nC. The right to respect for an individual's privacy and family life.\nD. The right of consumers to freely choose their service provider. - Precise Answer โœ”โœ”C. The right to respect for an individual's privacy and family life.
  3. What are the three main sources of personal information?\nA. Public and private sector financial records. Medical records and military service records.\nB. Public records. Publicly available information and non- public information.\nC. National insurance information. Employment records and law enforcement records.\nD. Birth records national and foreign government records and state/provincial government information. - Precise Answer โœ”โœ”B. Public records. Publicly available information and non public information.
  4. Which of these elements may be considered personal information?
    nA. Information relating to a company's primary competitors.\nB.

Information about a company's leads or prospects.\nC. Company's financial information disclosed on its website.\nD. The physical location of a company's headquarters. - Precise Answer โœ”โœ”B. Information about a company's leads or prospects.

  1. Which human resources data element is not generally considered personal data?\nA. Employee evaluation.\nB. Job title.\nC. Salary.\nD. Department assignment. - Precise Answer โœ”โœ”D. Department assignment.
  2. What is the definition of a data\ncontroller?\nA. A third-party service provider that maintains the platform on which personal data is stored.
    nB. A supervisory authority empowered to enforce privacy regulation or law.\nC. The individual who provides the personal data.\nD. An entity that holds personal data and determines the purposes of use. - Precise Answer โœ”โœ”D. An entity that holds personal data and determines the purposes of use.
  3. What is the correct definition of a privacy policy?\nA. An internal statement that summarizes an organization's goals for its privacy program.\nB. An internal statement that summarizes the compliance challenges an organization faces.\nC. An internal statement that governs an organization's handling practices of personal information.\nD. An internal statement that details an organization's penalties for employees who leak personal information. - Precise Answer โœ”โœ”C. An internal statement that governs an organization's handling practices of personal information.
  1. Effective security risk management balances the potential for loss with what cost?\nA. The cost of security protection and management.
    nB. The cost of statutory compliance and oversight.\nC. The cost of notifications related to a data loss.\nD. The cost of reduced efficiencies in operations. - Precise Answer โœ”โœ”A. The cost of security protection and management.
  2. The use of personal information should follow what primary principle?\nA. Personal information usage should be determined by third-party contracts.\nB. Personal information should be limited to the purposes identified in the notice.\nC. Personal information usage should be determined by the data controller that collected the personal information.\nD. Organizations should use personal information for any and all business practices. - Precise Answer โœ”โœ”B. Personal information should be limited to the purposes identified in the notice.
  3. A privacy notice does NOT relate towhich principle of the Information Lifecycle?\nA. Use and retention.\nB. Collection.\nC. Monitoring and enforcement.\nD. Disclosure - Precise Answer โœ”โœ”C. Monitoring and enforcement
  4. What must be included in a privacy impact assessment?\nA. A regulatory review of the assessment.\nB. The source code of the system processing the data.\nC. The attributes of the data collected.\nD. The administrator passwords of the system being evaluated. - Precise Answer โœ”โœ”C. The attributes of the data collected.
  5. Which is NOT an example of privacy\nnotice?\nA. A spreadsheet containing specific product names and general descriptions.\nB. Terms

governing a user's participation in an online service or social network.
nC. The Interactive Advertising Bureau's Advertising Option icon and accompanying language.\nD. Cardholder agreements or employment contracts. - Precise Answer โœ”โœ”A. A spreadsheet containing specific product names and general descriptions.

  1. Which is a concept provided for in the 1973 Code of Fair Information Practices?\nA. There must be a way to allow a person access to a record of identifiable information.\nB. There must be a way for a person to delete a record of identifiable information.\nC. There must be a way for a person to make a record anonymous.\nD. There must be a way for a person to correct or amend a record of identifiable information. - Precise Answer โœ”โœ”D. There must be a way for a person to correct or amend a record of identifiable information.
  2. According to the Asia-Pacific Economic Cooperation privacy principles individuals must be able to do all of the following except\nA. obtain confirmation whether the personal information controller hold personal information about them.\nB. have their personal information communicated to them within a reasonable time\nC. access the personal information of the personal information controller.\nD. challenge the accuracy of the Disclosure. - Precise Answer โœ”โœ”C. access the personal information of the personal information controller.
  3. Which model is used for privacy protection in the European Union?
    nA. Principal model.\nB. Comprehensive model.\nC. Co-regulatory model.\nD. Sectoral model. - Precise Answer โœ”โœ”B. Comprehensive model.
  1. Which international organization published a set of privacy principles entitled "Guidelines Governing the Protection of Privacy and Transborder Data Flows of Personal Data"?\nA. Asia-Pacific Economic Cooperation.\nB. International Organization of Standards.\nC. Organisation for Economic Cooperation and Development.\nD. Council of Europe Convention. - Precise Answer โœ”โœ”C. Organisation for Economic Cooperation and Development.
  2. Which jurisdiction limits its privacy protections to those established only by sector-specific statutes?\nA. Canada.\nB. United States.\nC. Asia-Pacific Economic Cooperation.\nD. European Union. - Precise Answer โœ”โœ”B. United States.
  3. Which statement is NOT true under Personal Information Protection and Electronic Documents Act (PIPEDA)?\nA. Anyone who has experienced a privacy violation may lodge a complaint.\nB. Complaints may come from any source including an individual a business competitor or an employee.\nC. The Canadian privacy commissioner only investigates complaints regarding public companies.\nD. The complaining party has the right to complain about any aspect of the organization's PIPEDA compliance. - Precise Answer โœ”โœ”C. The Canadian privacy commissioner only investigates complaints regarding public companies.
  4. According to the EU Data Protection Directive what three elements are essential characteristics of consent?\nA. A freely-given written and implied or expressed indication.\nB. A freely-given specific and informed indication.\nC. A freely-given specific and implied or expressed indication.\nD. A freely-given informed and written

indication. - Precise Answer โœ”โœ”B. A freely-given specific and informed indication.

  1. Which country has opted NOT to join\nthe European Economic Area but passed its own omnibus privacy legislation?\nA. Switzerland.\nB. Austria.\nC. Norway.\nD. Liechtenstein. - Precise Answer โœ”โœ”A. Switzerland.
  2. Under Mexico's Federal Data Protection law what is required for cross-border data transfers?\nA. An adequate level of data encryption.
    nB. Receiver assumes the same responsibilities as the transferring person.\nC. Registration with Mexico's data protection authority.\nD. Binding corporate rules. - Precise Answer โœ”โœ”B. Receiver assumes the same responsibilities as the transferring person.
  3. Which was the first Latin American country to grant citizens the right to access their personal information?\nA. Chile.\nB. Brazil.\nC. Peru.\nD. Argentina. - Precise Answer โœ”โœ”B. Brazil
  4. The two sector-specific privacy regulations enforced in the United States are the Gramm-Leach-Bliley Act and\nA. the Health Insurance Portability and Accountability Act.\nB. the Personal Information Privacy Act.\nC. the Data Protection Act of 1998.\nD. the National Privacy Principles. - Precise Answer โœ”โœ”A. the Health Insurance Portability and Accountability Act.
  5. What type of laws are designed to restrict access to financial information?\nA. Antiterrorism laws.\nB. Credit monitoring laws.\nC.

Money laundering laws.\nD. Tax enforcement laws. - Precise Answer โœ”โœ”B. Credit monitoring laws.

  1. Which new data element with new privacy-related issues has emerged in the telecommunications sector?\nA. Ghosting.\nB. Registers.\nC. Location.\nD. Burst transmissions. - Precise Answer โœ”โœ”C. Location
  2. What is NOT a privacy risk raised by the use of smart grid technology?\nA. Energy use for individual homes could be shared for behavioral marketing purposes without the consumer's permission.\nB. Energy use information obtained by a hacker could indicate when a residence is occupied or empty.\nC. Energy use data could be shared with law enforcement without disclosure.\nD. Energy use could increase due to continuous monitoring by energy companies. - Precise Answer โœ”โœ”D. Energy use could increase due to continuous monitoring by energy companies.
  3. What kind of information security control is an incident response procedure?\nA. Administrative control.\nB. Data control.\nC. Technical control.\nD. Physical control. - Precise Answer โœ”โœ”A. Administrative control.
  4. Data confidentiality. Data Availability and what other attribute comprise the three key attributes of information auditing and monitoring?\nA. Data security.\nB. Data retention.\nC. Data consistency.\nD. Data integrity. - Precise Answer โœ”โœ”D. Data integrity
  1. Safe Harbor violations are enforced by the Federal Trade Commission and what other government department?\nA. The U.S Department of Labor.\nB. The U.S. Department of Transportation.\nC. The U.S. Department of Commerce.\nD. The U.S. Justice Department - Precise Answer โœ”โœ”B. The U.S. Department of Transportation.
  2. Role-based access controls are based on what basic security principle?\nA. Access should be granted to employees on the basis of the lowest possible level.\nB. Employees shall not be granted access without management approval from CIO or CEO.\nC. Employees should be granted access if it is determined they are stakeholders.\nD. Employees should not be able to access personal information unless it is from a public source. - Precise Answer โœ”โœ”A. Access should be granted to employees on the basis of the lowest possible level.
  3. What is the purpose of Transmission Control Protocol?\nA. Counts the number of valid and invalid login attempts.\nB. Provides rules for using script languages such as HTML and Java.\nC. Enables devices to establish a connection and exchange data.\nD. Encrypts and transmits data using proxy servers. - Precise Answer โœ”โœ”C. Enables devices to establish a connection and exchange data.
  4. What safeguards should be implemented under the Gramm-Leach- Bliley Act (GLBA) to protect data?\nA. Annually communicate the safeguards to the relevant workforce.\nB. Only protect information that is covered under the GLBA rules.\nC. Monitor and implement test controls internally and with third parties.\nD. Allow individuals to securely obtain access to all information. - Precise Answer โœ”โœ”C. Monitor and implement test controls internally and with third parties.
  1. Which statement is considered a best practice regarding information security governance?\nA. Ultimately security is about information asset oversight.\nB. Ultimately security is about people.\nC. Ultimately security is about technology.\nD. Ultimately security is about well written internal policies. - Precise Answer โœ”โœ”B. Ultimately security is about people.
  2. Which standard web protocol allows for a peer's identity to be authenticated prior to a connection being made?\nA. Secure Sockets Layer.\nB. Transport Layer Security.\nC. Transmission Control Protocol.\nD. Internet Protocol. - Precise Answer โœ”โœ”A. Secure Sockets Layer.
  3. Which threat to online privacy includes malicious code that is unwittingly incorporated into a website's own source code?\nA. Denial of service attack.\nB. Cross-site scripting.\nC. Phishing.\nD. Pharming. - Precise Answer โœ”โœ”B. Cross-site scripting
  4. What is an XML document-formatted machine-readable method for producing online privacy policies?\nA. P3P.\nB. SSL.\nC. HTTP.\nD. PKI. - Precise Answer โœ”โœ”A. P3P
  5. In "phishing" which practices are used\nto collect personal information?\nA. Fraudulent websites secretly install malware on site visitor's computers that automatically collect personal information.\nB. Malware attached to freely downloaded games and apps secretly install keylogging software that collects passwords and account numbers.\nC. Fake e-mails contain links to websites that only appear to be genuine

and request personal information.\nD. Anonymous e-mails contain elaborate stories of available unclaimed funds with requests for participation in transfers. - Precise Answer โœ”โœ”C. Fake e-mails contain links to websites that only appear to be genuine and request personal information.

  1. Use of a smart card would be identified as what type of safeguard?
    nA. Two-factor authentication.\nB. Intrusion prevention systems.\nC. Public key infrastructure.\nD. Perimeter control. - Precise Answer โœ”โœ”A. Two-factor authentication.
  2. Under the US Children's Online Privacy Protection Act (COPPA) which of the following is FALSE?\nA. COPPA was passed with the express purpose of protecting children's use of the Internetโ€”particularly websites and services targeted toward children.\nB. COPPA requires website operators to provide clear and conspicuous notice of the data collection methods employed by the website.\nC. COPPA provides complete preventive measures against the potential abuse of children's personal information online.\nD. COPPA mandates strict requirements on parental oversight and consent on behalf of children. - Precise Answer โœ”โœ”C. COPPA provides complete preventive measures against the potential abuse of children's personal information online.
  3. What is an example of passive data collection on a website?\nA. Single sign-on service.\nB. Drop-down list.\nC. De-selected check box.
    nD. Web beacon. - Precise Answer โœ”โœ”D. Web beacon.
  4. What is a first-party cookie?\nA. A cookie that operates as a tag and records an end users visit to a particular webpage.\nB. A cookie that is

set and read by the web server hosting the website the user is visiting.
nC. A cookie that is set to expire at some point in the future.\nD. A cookie that only uses a persistent variation when justified. - Precise Answer โœ”โœ”B. A cookie that is set and read by the web server hosting the website the user is visiting.

  1. Which is NOT a method used for combating spam?\nA. Anti-virus software.\nB. Network protection software.\nC. Encryption.\nD. Firewall. - Precise Answer โœ”โœ”C. Encryption.
  2. Which measures have been adopted by major search engine firms to address privacy concerns specific to search technologies?\nA. Searches are deleted after a defined period of time.\nB. Searches are archived after a defined period of time.\nC. Searches are encrypted after a defined period of time.\nD. Searches are anonymized after a defined period of time. - Precise Answer โœ”โœ”D. Searches are anonymized after a defined period of time.
  3. What is NOT a best practice for organizations managing a social media page?\nA. Support anonymous positive posts by employees on the organization's social media page to help offset negative posts by customers.\nB. Monitor activity on the organization's social media page and delete offensive material or information posted by users.\nC. Direct users to the social media website's privacy policy to clarify how posted information may be used by the social media company.\nD. Advise users to refrain from posting personal information on the public sections of the organization's social media page. - Precise Answer โœ”โœ”A. Support anonymous positive posts by employees on the organization's social media page to help offset negative posts by customers.
  1. Which characteristic completes the following list of the five essential characteristics of cloud computing: on demand self-service-broad network access-measured service-rapid elasticity and\nA. Dedicated hosting.\nB. Resource pooling.\nC. Criticality testing.\nD. Continuous monitoring. - Precise Answer โœ”โœ”B. Resource pooling.