Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

CIPP US Practice Questions accurate answers already graded A+/2024-2025, Exams of Advanced Education

CIPP US Practice Questions accurate answers already graded A+/2024-2025

Typology: Exams

2024/2025

Available from 07/06/2025

tizian-mwangi
tizian-mwangi 🇺🇸

3.8

(6)

7.8K documents

1 / 56

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1 / 56
CIPP US Practice Questions accurate answers
already graded A+/2024-2025
1. What kind of liability may only be asserted in court by governmental
author- ities and not by a private citizen?
A. Civil
B. Negligence
C. Criminal
D. Invasion of privacy: C
2. Which of the following preemployment screening activities would
turn a regular consumer report into an investigative report?
A. The report includes information about prior bankruptcies.
B. The CRA furnishing the report includes information about a job
seeker's mortgage payments.
C. The preemployment screening includes a criminal background check.
D. A thirdparty agent interviews a job seeker's neighbors about their
charac- ter.: D
3. Dana is frustrated because she continues to receive telemarketing
calls from her current internet service provider (ISP), even though she
added her number to the national donotcall list. Is Dana's ISP breaking
the law?
A. Yes, because it is the responsibility of the ISP to maintain an updated
copy of the national donotcall registry.
B. No, because she is a customer of the ISP and the TSR provides an
exemp- tion for firms that have an existing business relationship with a
consumer.
C. No, because Dana's ISP may not know she has added her number to
the donotcall registry.
D.Yes, because the DNC does not provide an exemption for existing
cus- tomers.: B
4. Nick and Jenny often meet with other employees in the company
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38

Partial preview of the text

Download CIPP US Practice Questions accurate answers already graded A+/2024-2025 and more Exams Advanced Education in PDF only on Docsity!

CIPP US Practice Questions accurate answers

already graded A+/2024-

  1. What kind of liability may only be asserted in court by governmental author- ities and not by a private citizen? A. Civil B. Negligence C. Criminal D. Invasion of privacy: C
  2. Which of the following preemployment screening activities would turn a regular consumer report into an investigative report? A. The report includes information about prior bankruptcies. B. The CRA furnishing the report includes information about a job seeker's mortgage payments. C. The preemployment screening includes a criminal background check. D. A thirdparty agent interviews a job seeker's neighbors about their charac- ter.: D
  3. Dana is frustrated because she continues to receive telemarketing calls from her current internet service provider (ISP), even though she added her number to the national donotcall list. Is Dana's ISP breaking the law? A. Yes, because it is the responsibility of the ISP to maintain an updated copy of the national donotcall registry. B. No, because she is a customer of the ISP and the TSR provides an exemp- tion for firms that have an existing business relationship with a consumer. C. No, because Dana's ISP may not know she has added her number to the donotcall registry. D. Yes, because the DNC does not provide an exemption for existing cus- tomers.: B
  4. Nick and Jenny often meet with other employees in the company

cafeteria to advocate for collective bargaining. One day, Jenny notices that a security camera has suddenly been installed in the cafeteria, near where they usually sit. Why might this be a problem? A. Employees have not consented to video surveillance during their lunch hours when not conducting company business. B. Video surveillance may inadvertently reveal an employee's physical disabil- ity and lead to compliance risks under the Americans with Disabilities Act (ADA). C. The company did not post adequate signage to notify the employees of the new video surveillance system. D. The NLRB may view the security camera as an attempt to intimidate employ- ees engaging in unionizing activities.: D

  1. Gary's firm was recently sued by an athlete who claimed that the firm used his picture in marketing materials without permission. What type of claim was brought against Gary's firm? A. False light B. Appropriation C. Invasion of solitude D. Public disclosure of private facts: B
  2. Which one of the following statements about workforce privacy training is incorrect? A. Computerbased training is an acceptable training option. B. Training should include content on specific regulatory requirements. C. Training should include details on an individual's role in minimizing privacy risks. D. Every user should receive the same level of training.: D
  3. Which one of the following categories would include any information that uniquely identifies an individual person? A. PII B. PHI C. PFI D. PCI: A
  4. Carla is building an inventory of the information maintained by her organiza- tion that should be considered within the scope of its privacy program. Which one of the following types of information would not
  1. Tom recently filled out a survey about his political and religious views. The survey data is maintained by a nonprofit research organization. What term best describes Tom's role with respect to this data? A. Data controller B. Data processor C. Data steward D. Data subject: D
  2. It is probably permissible to use a polygraph test in preemployment screening for all of the following jobs, except: A. U.S. Treasury employee B. Daycare worker C. Armored car driver D. Pharmacist: B
  3. Which one of the following firms was sanctioned by the Federal Trade Commission (FTC) after an investigation showed that they were not diligently carrying out privacy program recertifications of their clients? A. Snapchat B. Nomi C. TRUSTe D. GeoCities: C
  4. The Washington State Biometric Privacy Law protects all of the following forms of biometric data except: A. Fingerprint B. Eye retinas C. Voiceprint D. Photographs: D
  5. H. Which one of the following is an example of a checkandbalance held by the executive branch of government? A. Power of the purse B. Veto C. Confirmation D. Judicial review: B
  6. Why are antidiscrimination laws relevant to workplace privacy? A. Proprivacy lawmakers have used large antidiscrimination legislation as an opportunity to include unrelated privacy regulations.

B. Antidiscrimination laws require employers to collect personal data on employees to prove they have diverse workforces. C. Antidiscrimination laws require large employers to conduct surveillance of employees to prevent discrimination. D. Personal data about workers may be used in discriminatory decision mak- ing.: D

  1. Which of the following is not likely to appear as a state breach notification requirement? A. Notifications to the three major CRAs to monitor for identity theft B. Notification to state regulators about individuals affected in their state C. A notification to the families of victims to warn them of potential identity fraud D. Notice to local media outlets, in case all affected individuals cannot be contacted.: C
    1. What checkandbalance does the legislative branch hold over the exec- utive branch? A. Power of the purse B. Veto power C. Prosecutorial discretion D. Judicial review: A
    1. What portion of the U.S. Constitution defines the powers of the legisla- tive branch of government? A. Article I B. Article II C. Article III D. Article IV: A
    1. Which amendment to the U.S. Constitution explicitly grants individuals the right to privacy? A. First Amendment B. Fourth Amendment

B. Breach of duty C. Causation D. Damages: D

    1. In a lawsuit against a political opponent, the plaintiff alleged that the respondent invaded their privacy by accessing their email account without permission. What tort is involved in this case? A. False light B. Appropriation C. Invasion of solitude D. Public disclosure of private facts: C
    1. How many voting members comprise the U.S. Senate? A. 50 B. 100 C. 200 D. 435: B
    1. Which one of the following courts is the trial court for most matters arising under federal law? A. Supreme Court B. U.S. Circuit Court C. U.S. Trial Court D. U.S. District Court: D
    1. What proportion of the states must ratify an amendment before it is added to the U.S. Constitution? A. 1/ B. 1/ C. 2/ D. ¾: D
    1. Which one of the following elements is not always required for the creation of a legal contract? A. An offer B. Acceptance of an offer C. Written agreement D. Consideration: C
    1. What clause of the U.S. Constitution establishes the concept of preemp- tion? A. Establishment clause B. Supremacy clause C. Commerce clause

D. Incompatibility clause: B

    1. What nation was the original source of the common law used in many parts of the world? A. Roman Empire B. England C. France D. Egypt: B
    1. What category of law best describes the HIPAA Privacy Rule? A. Constitutional law B. Common law C. Legislative law D. Administrative law: D
    1. What court has subject matter jurisdiction specifically tailored to matters of national security? A. U.S. District Court B. State Supreme Courts C. U.S. Supreme Court D. Foreign Intelligence Surveillance Court: D
    1. Under what standard might a company located in one state become subject to the jurisdiction of the courts of another state by engaging in transactions with customers located in that other state? A. Physical presence B. Place of business C. Consent D. Minimum contracts: D
    1. In a recent invasion of privacy lawsuit, the plaintiff claimed that the respondent disclosed information that caused them to be falsely perceived by others. What tort is involved in this case? A. Appropriation B. Disclosure of private facts C. Invasion of solitude D. False light: D
    1. Which of the following types of information should be protected by a privacy program? A. Customer records B. Product plans C. Trade secrets D. All of the above: A

A. Data subject B. Data custodian C. Data controller D. Data processor: C

    1. Richard would like to use an industry standard reference for designing his organization's privacy controls. Which one of the following ISO standards is best suited for this purpose? A. ISO 27001 B. ISO 27002 C. ISO 27701 D. ISO 27702: C
    1. Which of the following organizations commonly requests a formal audit of a privacy program? A. Management B. Board of directors C. Regulators D. All of the above: D
    1. Which element of a privacy program is likely to remain unchanged for long periods of time? A. Mission B. Goals C. Objectives D. Procedures: A
    1. Tonya is seeking to deidentify a set of records about her organization's customers. She is following the HHS guidelines for deidentifying records and is removing ZIP codes associated with small towns. What is the smallest population size for which she may retain a ZIP code? A. 1, B. 2, C. 10, D. 20,000: D
    1. Which one of the following statements is not correct about privacy best practices? A. Organizations should maintain personal information that is accurate, com- plete, and relevant.

B. Organizations should inform data subjects of their privacy practices. C. Organizations should retain a thirdparty dispute resolution service for handling privacy complaints. D. Organizations should restrict physical and logical access to personal infor- mation: C

    1. Which one of the following is not a common responsibility for an organization's chief privacy officer? A. Managing privacy risks B. Encrypting personal information C. Developing privacy policy D. Advocating privacy strategies: B
    1. When designing privacy controls, an organization should be informed by the results of what type of analysis? A. Impact analysis B. Gap analysis C. Business analysis D. Authorization analysis: B
    1. Which one of the following is an example of active online data collec- tion? A. Users completing an online survey B. Collecting IP addresses from website visitors C. Tracking user activity with web cookies D. Analyzing the geographic locations of site visitors: A
    1. Which one of the following would not normally appear in an organiza- tion's privacy notice? A. Types of information collected B. Contact information for the data controller C. Detailed descriptions of security controls D. Categories of recipients to whom persona information is disclosed: C
    1. Gwen is investigating a security incident where attackers deleted im- portant medical records from a hospital's electronic system. There are no backups and the information was irretrievably lost. What cybersecurity goal was most directly affected?

A. The injury must be substantial. B. The injury must not be outweighed by countervailing benefits. C. The injury must be directed at a specific group of consumers. D. The injury must not be reasonably avoidable.: C

    1. Which one of the following firms was charged by the FTC with failing to conduct required privacy recertifications of its clients?

A. TrustE B. Geocities C. DesignerWare D. Nomi: A

    1. What federal agency has lead responsibility for enforcing the privacy and security obligations of healthcare providers under HIPAA? A. FTC B. CFPB C. HHS D. FCC: C
    1. Your firm was the target of an FTC investigation into unfair trade prac- tices. Rather than engaging in litigation, you negotiated a formal settlement with the agency. What type of document did you most likely sign? A. Consent decree B. Court order C. Negotiated agreement D. Merchant agreement: A
    1. Acme Widgets failed to implement reasonable security controls and was the subject of an FTC enforcement action. What criterion did the FTC most likely use to bring this action? A. The action was deceptive. B. The action was unfair. C. The action was both deceptive and unfair. D. The action was neither deceptive nor unfair.: B
    1. What firm received the largest privacyrelated fine in FTC history? A. Snapchat B. Facebook C. Google D. Amazon: B
    1. What industry is subject to the privacy regulations found in Family Educational Rights and Privacy Act (FERPA)? A. Healthcare B. Financial services C. Education D. Brokerages: C
    1. What selfregulatory scheme includes detailed requirements for the

C. COPPA

D. PCI DSS: D

    1. What industry group operates a selfregulatory framework that governs organizations that advertise specifically to children? A. Network Advertising Initiative B. Better Business Bureau C. U.S. Chamber of Commerce D. U.S. Department of Commerce: B
    1. Anytown Savings Bank engaged in deceptive practices in promoting their money market accounts to consumers. What federal agency would have jurisdiction over this deceptive practice? A. FTC B. FCC C. CFPB D. NCUA: C
    1. When reviewing the website of a potential business partner, you see a symbol that appears on a company's website demonstrating that an indepen- dent third party has certified that the company meets clearly defined privacy standards. What is this called? A. Privacy Shield B. Trust mark C. Privacy emblem D. Trust shield: B
    1. What law grants the FTC authority to regulate websites that are targeted specifically at children? A. COPPA B. SOX C. GLBA D. FERPA: A
    1. If the FTC files a complaint against a company and the company contests that complaint, who oversees the first trial that may take place? A. Administrative law judge B. FTC commissioners C. US District Court judge D. US Circuit Court judge: A
    1. In 2014, the FCC reached a settlement with Verizon related to the firm's use of customer information for marketing purposes without consent. What law did the FCC accuse Verizon of violating?

B. Wyndham C. Snapchat D. Nomi: D

    1. What federal regulatory agency has the primary authority to take en- forcement actions against unfair and deceptive practices? A. Federal Trade Commission B. Federal Communications Commission C. Federal Regulatory Commission D. Department of Commerce: A
    1. Jen is the data classification manager for a hospital system and is assigning data into categories. Which one of the following categories would be the most directly applicable to a patient's medical record? A. PII B. Financial information C. PHI D. Government information: C
    1. Which one of the following statements about data flow diagrams is incorrect? A. Data flow diagrams should always show details of the technical environ- ment. B. Data flow diagrams should show internal processes that handle sensitive information. C. Data flow diagrams should map the sharing and transfer of information to third parties. D. Data flow diagrams contribute to the ability of privacy professionals to manage the data lifecycle.: A
    1. Which one of the following laws includes specific requirements for the destruction of information contained within consumer reports? A. FACTA B. HIPAA C. GLBA D. SOX: A
    1. Which of the following statements about workforce privacy training are incorrect? (Select all that apply). A. All employees should receive the same information during privacy training. B. Privacy training should take place on a regular basis. C. Training should include content on regulatory requirements. D. Individuals completing training should understand their role in