لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?
A. It must solicit informed consent through a notice on its websitecorrect
B. It must seek authorization from the European supervisory authorities
C. It must be able to demonstrate a prior business relationship with the customers
D. It must prove that it uses sufficient security safeguards to protect customer data
عرض الإجابة
اجابة صحيحة: A
السؤال #2
How does the GDPR now define “processing”?
A. Any act involving the collecting and recording of personal data
B. Any operation or set of operations performed on personal data or on sets of personal data
C. Any use or disclosure of personal data compatible with the purpose for which the data was collected
D. Any operation or set of operations performed by automated means on personal data or on sets of personal data
عرض الإجابة
اجابة صحيحة: A
السؤال #3
SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll solution for Company A relies on the collection of time and attendance data obtained via a biometric entry system installed in each of Company A’s factories. Company B won’t hold any biometric data itsel
A. Hiring companies whose measures are consistent with recommendations of accrediting bodies
B. Requesting advice and technical support from Company A’s IT team
C. Avoiding the use of another company’s data to improve their own services
D. Vetting companies’ measures with the appropriate supervisory authority
عرض الإجابة
اجابة صحيحة: A
السؤال #4
How does the GDPR now define “processing”?
A. Any act involving the collecting and recording of personal data
B. Any operation or set of operations performed on personal data or on sets of personal data
C. Any use or disclosure of personal data compatible with the purpose for which the data was collected
D. Any operation or set of operations performed by automated means on personal data or on sets of personal data
عرض الإجابة
اجابة صحيحة: A
السؤال #5
A well-known video production company, based in Spain but specializing in documentaries filmed worldwide, has just finished recording several hours of footage featuring senior citizens in the streets of Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for their documentary?
A. If obtaining consent is deemed to involve disproportionate effort
B. If obtaining consent is deemed voluntary by local legislation
C. If the company limits the footage to data subjects solely of legal age
D. If the company’s status as a documentary provider allows it to claim legitimate interest
عرض الإجابة
اجابة صحيحة: D
السؤال #6
Pursuant to Article 17 and EDPB Guidelines S'2019 on RTBF criteria in search engines cases, all of the following would be valid grounds for data subject delisting requests EXCEPT?
A. The personal dale has been collected in relation to the offer of Information society services (ISS) to a child
B. The data subject withdraws consent and there is no other legal basis for the processing
C. The personal data is no longer necessary in relation to the search engine provider's processing
D. The processing s necessary for exercising the right of freedom of expression and informationcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #7
How does the GDPR now define “processing”?
A. Any act involving the collecting and recording of personal data
B. Any operation or set of operations performed on personal data or on sets of personal data
C. Any use or disclosure of personal data compatible with the purpose for which the data was collected
D. Any operation or set of operations performed by automated means on personal data or on sets of personal data
عرض الإجابة
اجابة صحيحة: AB
السؤال #8
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
A. The ePrivacy Directive allows individual EU member states to engage in such data retention
B. The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention
C. The Data Retention Directive’s annulment makes such data retention now permissible
D. The GDPR allows the retention of such data for the prevention, investigation, detection or prosecution of criminal offences only
عرض الإجابة
اجابة صحيحة: A
السؤال #9
Which GDPR requirement will present the most significant challenges for organizations with Bring Your Own Device (BYOD) programs?
A. Data subjects must be sufficiently informed of the purposes for which their personal data is processed
B. Processing of special categories of personal data on a large scale requires appointing a DP
C. Personal data of data subjects must always be accurate and kept up to date
D. Data controllers must be in control of the data they hold at all times
عرض الإجابة
اجابة صحيحة: C
السؤال #10
Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?
A. A member of the judiciary involved in adjudicating a legal dispute involving the data subject and concerning the health of the data subject
B. A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace
C. A health professional involved in the medical care for the data subject, where the data subject’s life hinges on the timely dissemination of such information
D. A journalist writing an article relating to the medical condition in question, who believes that the publication of such information is in the public interest
عرض الإجابة
اجابة صحيحة: ABD
السؤال #11
Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?
A. The authority by which the controller is collecting the data and the third parties to whom the data will be sent
B. The name/s of relevant government agencies involved and the steps needed for revising the data
C. The identity and contact details of the controller and the reasons the data is being collected
D. The contact information of the controller and a description of the retention policy
عرض الإجابة
اجابة صحيحة: AC
السؤال #12
Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)?
A. The right to privacy is an absolute right
B. The right to privacy has to be balanced against other rights under the ECHR
C. The right to freedom of expression under Article 10 of the ECHR will always override the right to privacy
D. The right to privacy protects the right to hold opinions and to receive and impart ideas without interference
عرض الإجابة
اجابة صحيحة: B
السؤال #13
A Spanish electricity customer calls her local supplier with questions about the company’s upcoming merger. Specifically, the customer wants to know the recipients to whom her personal data will be disclosed once the merger is final. According to Article 13 of the GDPR, what must the company do before providing the customer with the requested information?
A. Verify that the request is applicable to the data collected before the GDPR entered into force
B. Verify that the purpose of the request from the customer is in line with the GDP
C. Verify that the personal data has not already been sent to the customer
D. Verify that the identity of the customer can be proven by other means
عرض الإجابة
اجابة صحيحة: ACD
السؤال #14
Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)? The right to privacy is an absolute right
A. The right to privacy has to be balanced against other rights under the ECHRcorrect
B. The right to freedom of expression under Article 10 of the ECHR will always override the right to privacycorrect
C. The right to privacy protects the right to hold opinions and to receive and impart ideas without interference
عرض الإجابة
اجابة صحيحة: AB
السؤال #15
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The NFC portal can read any data stored in the action figures
B. The information about the data processing involved has not been specifiedcorrect
C. The cloud service provider is in a country that has not been deemed adequate
D. The RFID tag in the action figures has the potential for misuse because of the toy’s evolving capabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #16
SCENARIO Please use the following to answer the next question: Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers’ data to third parties, and he’s convinced that Accidentable must have gotten his information from Bedrock Insurance.
A. If Accidentable is entitled to use of the data as an affiliate of Bedrock
B. If Accidentable also uses the data to conduct public health research
C. If the data becomes necessary to defend Accidentable’s legal rights
D. If the accuracy of the data is not an aspect that Louis is disputing
عرض الإجابة
اجابة صحيحة: A
السؤال #17
Which statement is correct when considering the right to privacy under Article 8 of the European Convention on Human Rights (ECHR)? The right to privacy is an absolute right
A. The right to privacy has to be balanced against other rights under the ECHRcorrect
B. The right to freedom of expression under Article 10 of the ECHR will always override the right to privacycorrect
C. The right to privacy protects the right to hold opinions and to receive and impart ideas without interference
عرض الإجابة
اجابة صحيحة: AB
السؤال #18
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?
A. The controller will be liable to pay an administrative finecorrect
B. The processor will be liable to pay compensation to affected data subjectscorrect
C. The processor will be considered to be a controller in respect of the processing concerned
D. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved
عرض الإجابة
اجابة صحيحة: AB
السؤال #19
When collecting personal data in a European Union (EU) member state, what must a company do if it collects personal data from a source other than the data subjects themselves?
A. Inform the subjects about the collectioncorrect
B. Provide a public notice regarding the data
C. Upgrade security to match that of the source
D. Update the data within a reasonable timeframe
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Which of the following was the first to implement national law for data protection in 1973?
A. France
B. Swedencorrect
C. Germany
D. United Kingdom
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Under the GDPR, where personal data is not obtained directly from the data subject, a controller is exempt from directly providing information about processing to the data subject if?
A. The data subject already has information regarding how his data will be usedcorrect
B. The provision of such information to the data subject would be too problematic
C. Third-party data would be disclosed by providing such information to the data subject
D. The processing of the data subject’s data is protected by appropriate technical measures
عرض الإجابة
اجابة صحيحة: A
السؤال #22
SCENARIO Please use the following to answer the next question: Dynaroux Fashion (‘Dynaroux’) is a successful international online clothing retailer that employs approximately 650 people at its headquarters based in Dublin, Ireland. Ronan is their recently appointed data protection officer, who oversees the company’s compliance with the General Data Protection Regulation (GDPR) and other privacy legislation. The company offers both male and female clothing lines across all age demographics, including childre
A. The company will be undertaking processing activities involving sensitive data categories such as financial and children’s data
B. The company employs approximately 650 people and will therefore be carrying out extensive processing activities
C. The company plans to undertake profiling of its customers through analysis of their purchasing patterns
D. The company intends to shift their business model to rely more heavily on online shopping
عرض الإجابة
اجابة صحيحة: C
السؤال #23
WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
A. A postal notificationcorrect
B. A direct electronic messagecorrect
C. A notice on a corporate blogcorrect
D. A prominent advertisement in print mediacorrect
عرض الإجابة
اجابة صحيحة: ABCD
السؤال #24
Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest. Which GDPR principle is she following?
A. Accuracycorrect
B. Storage Limitation
C. Integrity and confidentialitycorrect
D. Lawfulness, fairness and transparency
عرض الإجابة
اجابة صحيحة: AC
السؤال #25
According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?
A. Where the technology supporting the website is locatedcorrect
B. Where the website is accessed
C. Where the decisions about processing are made
D. Where the customer’s Internet service provider is locatedcorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #26
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot
B. CJEU can force national governments to implement and honor EU law, while the ECHR cannot
C. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot
D. ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot
عرض الإجابة
اجابة صحيحة: B
السؤال #27
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
A. The European Council
B. The European Parliament
C. The European Commission
D. The Council of the European Union
عرض الإجابة
اجابة صحيحة: C
السؤال #28
When hiring a data processor, which action would a data controller NOT be able to depend upon to avoid liability in the event of a security breach?
A. Documenting due diligence steps taken in the pre-contractual stage
B. Conducting a risk assessment to analyze possible outsourcing threats
C. Requiring that the processor directly notify the appropriate supervisory authority
D. Maintaining evidence that the processor was the best possible market choice available
عرض الإجابة
اجابة صحيحة: A
السؤال #29
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The child, as the user of the action figure, can provide consent himself, as long as no information is shared for marketing purposes
B. Written authorization attesting to the responsible use of children’s data would need to be obtained from the supervisory authority
C. Consent for data collection is implied through the parent’s purchase of the action figure for the child
D. Parental consent for a child’s use of the action figures would have to be obtained before any data could be collected
عرض الإجابة
اجابة صحيحة: D
السؤال #30
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The NFC portal can read any data stored in the action figures
B. The information about the data processing involved has not been specifiedcorrect
C. The cloud service provider is in a country that has not been deemed adequate
D. The RFID tag in the action figures has the potential for misuse because of the toy’s evolving capabilities
عرض الإجابة
اجابة صحيحة: B

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.