لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت

السؤال #1
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?
A. The controller will be liable to pay an administrative finecorrect
B. The processor will be liable to pay compensation to affected data subjects
C. The processor will be considered to be a controller in respect of the processing concernedcorrect
D. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved
عرض الإجابة
اجابة صحيحة: AC
السؤال #2
What is the consequence if a processor makes an independent decision regarding the purposes and means of processing it carries out on behalf of a controller?
A. The controller will be liable to pay an administrative finecorrect
B. The processor will be liable to pay compensation to affected data subjectscorrect
C. The processor will be considered to be a controller in respect of the processing concerned
D. The controller will be required to demonstrate that the unauthorized processing negatively affected one or more of the parties involved
عرض الإجابة
اجابة صحيحة: AB
السؤال #3
What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?
A. The establishment of a list of legitimate data processing criteriacorrect
B. The creation of legally binding data protection principles
C. The synchronization of approaches to data protection
D. The restriction of cross-border data flowcorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #4
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
A. The European Councilcorrect
B. The European Parliament
C. The European Commission
D. The Council of the European Unioncorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #5
Under what circumstances would the GDPR apply to personal data that exists in physical form, such as information contained in notebooks or hard copy files?
A. Only where the personal data is produced as a physical output of specific automated processing activities, such as printing, labelling, or stamping
B. Only where the personal data is to be subjected to specific computerized processing, such as image scanning or optical character recognition
C. Only where the personal data is treated by automated means in some way, such as computerized distribution or filing
D. Only where the personal data is handled in a sufficiently structured manner so as to form part of a filing system
عرض الإجابة
اجابة صحيحة: AD
السؤال #6
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot
B. CJEU can force national governments to implement and honor EU law, while the ECHR cannot
C. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot
D. ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot
عرض الإجابة
اجابة صحيحة: B
السؤال #7
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?
A. That it essentially functions as a one-stop shop mechanismcorrect
B. That it takes the form of a Regulation as opposed to a Directive
C. That it makes notification of large-scale data breaches mandatory
D. That it makes appointment of a data protection officer mandatorycorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #8
Which of the following describes a mandatory requirement for a group of undertakings that wants to appoint a single data protection officer?
A. The group of undertakings must obtain approval from a supervisory authority
B. The group of undertakings must be comprised of organizations of similar sizes and functions
C. The data protection officer must be located in the country where the data controller has its main establishment
D. The data protection officer must be easily accessible from each establishment where the undertakings are located
عرض الإجابة
اجابة صحيحة: D
السؤال #9
Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?
A. The European Parliamentcorrect
B. The European Commissioncorrect
C. The Article 29 Working Party
D. The European Council
عرض الإجابة
اجابة صحيحة: AB
السؤال #10
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. The data subjects are no longer current students of Frank’s
B. The processing will not negatively affect the rights of the data subjects
C. The algorithms that Frank uses for the processing are technologically sound
D. The data subjects gave their unambiguous consent for the original processingcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #11
A U.S.-based online shop uses sophisticated software to track the browsing behavior of its European customers and predict future purchases. It also shares this information with third parties. Under the GDPR, what is the online shop’s PRIMARY obligation while engaging in this kind of profiling?
A. It must solicit informed consent through a notice on its websitecorrect
B. It must seek authorization from the European supervisory authorities
C. It must be able to demonstrate a prior business relationship with the customers
D. It must prove that it uses sufficient security safeguards to protect customer data
عرض الإجابة
اجابة صحيحة: A
السؤال #12
Article 5(1)(b) of the GDPR states that personal data must be “collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.” Based on Article 5(1)(b), what is the impact of a member state’s interpretation of the word “incompatible”?
A. It dictates the level of security a processor must follow when using and storing personal data for two different purposes
B. It guides the courts on the severity of the consequences for those who are convicted of the intentional misuse of personal data
C. It sets the standard for the level of detail a controller must record when documenting the purpose for collecting personal data
D. It indicates the degree of flexibility a controller has in using personal data in ways that may vary from its original intended purpose
عرض الإجابة
اجابة صحيحة: A
السؤال #13
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The child, as the user of the action figure, can provide consent himself, as long as no information is shared for marketing purposes
B. Written authorization attesting to the responsible use of children’s data would need to be obtained from the supervisory authority
C. Consent for data collection is implied through the parent’s purchase of the action figure for the child
D. Parental consent for a child’s use of the action figures would have to be obtained before any data could be collected
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
A. The European Councilcorrect
B. The European Parliament
C. The European Commission
D. The Council of the European Unioncorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #15
A Spanish electricity customer calls her local supplier with questions about the company’s upcoming merger. Specifically, the customer wants to know the recipients to whom her personal data will be disclosed once the merger is final. According to Article 13 of the GDPR, what must the company do before providing the customer with the requested information?
A. Verify that the request is applicable to the data collected before the GDPR entered into force
B. Verify that the purpose of the request from the customer is in line with the GDP
C. Verify that the personal data has not already been sent to the customer
D. Verify that the identity of the customer can be proven by other means
عرض الإجابة
اجابة صحيحة: ACD
السؤال #16
In 2016’s Guidance, the United Kingdom’s Information Commissioner’s Office (ICO) reaffirmed the importance of using a “layered notice” to provide data subjects with what?
A. A privacy notice containing brief information whilst offering access to further detail
B. A privacy notice explaining the consequences for opting out of the use of cookies on a website
C. An explanation of the security measures used when personal data is transferred to a third party
D. An efficient means of providing written consent in member states where they are required to do so
عرض الإجابة
اجابة صحيحة: A
السؤال #17
With the issue of consent, the GDPR allows member states some choice regarding what?
A. The mechanisms through which consent may be communicatedcorrect
B. The circumstances in which silence or inactivity may constitute consent
C. The age at which children must be required to obtain parental consentcorrect
D. The timeframe in which data subjects are allowed to withdraw their consent
عرض الإجابة
اجابة صحيحة: AC
السؤال #18
According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?
A. Where the technology supporting the website is locatedcorrect
B. Where the website is accessed
C. Where the decisions about processing are made
D. Where the customer’s Internet service provider is locatedcorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #19
Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?
A. If the processing is to be performed by a third-party vendor
B. If the processing involves data that is considered personal data
C. If the processing of the data is done through automated means
D. If the processing is used to predict the behavior of data subjectscorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #20
SCENARIO Please use the following to answer the next question: Building Block Inc. is a multinational company, headquartered in Chicago with offices throughout the United States, Asia, and Europe (including Germany, Italy, France and Portugal). Last year the company was the victim of a phishing attack that resulted in a significant data breach. The executive board, in coordination with the general manager, their Privacy Office and the Information Security team, resolved to adopt additional security measures
A. Since the GDPR does not apply to this situation, the company would be entitled to apply any disciplinary measure authorized under Italian labor law
B. Since the employee was the cause of a serious risk for the server performance and their data, the company would be entitled to apply disciplinary measures to this employee, including fair dismissal
C. Since the employee was not informed that the security measures would be used for other purposes such as monitoring, the company could face difficulties in applying any disciplinary measures to this employee
D. Since this was a serious infringement, but the employee was not appropriately informed about the consequences the new security measures, the company would be entitled to apply some disciplinary measures, but not dismissal
عرض الإجابة
اجابة صحيحة: C
السؤال #21
What is the main task of the European Data Protection Board?
A. To assess adequacy of data protection in third countries
B. To ensure consistent application of the GDPcorrect
C. To proactively prevent disputes between national supervisory authorities
D. To publish guidelines tor data subjects on how to property enforce their rights
عرض الإجابة
اجابة صحيحة: B
السؤال #22
What type of data lies beyond the scope of the General Data Protection Regulation?
A. Pseudonymizedcorrect
B. Anonymizedcorrect
C. Encrypted
D. Masked
عرض الإجابة
اجابة صحيحة: AB
السؤال #23
Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?
A. The ability to enact new laws by executive order
B. The right to access data for investigative purposes
C. The discretion to carry out goals of elected officials within the member state
D. The authority to select penalties when a controller is found guilty in a court of law
عرض الإجابة
اجابة صحيحة: B
السؤال #24
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. More information about Frank’s data protection training
B. More information about the extent of the information loss
C. More information about the algorithm Frank used to mask student numbers
D. More information about what students have been told and how the research will be used
عرض الإجابة
اجابة صحيحة: D
السؤال #25
A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?
A. The lawful processing criteria stipulated by Articles 6 to 9
B. The information requirements set out in Articles 13 and 14
C. The breach notification requirements specified in Articles 33 and 34
D. The rights granted to data subjects under Articles 12 to 22correct
عرض الإجابة
اجابة صحيحة: D
السؤال #26
SCENARIO Please use the following to answer the next question: Joe is the new privacy manager for Who-R-U, a Canadian business that provides DNA analysis. The company is headquartered in Montreal, and all of its employees are located there. The company offers its services to Canadians only: Its website is in English and French, it accepts only Canadian currency, and it blocks internet traffic from outside of Canada (although this solution doesn’t prevent all non-Canadian traffic). It also declines to proces
A. Get consent from the app users
B. Provide a transparent notice to users
C. Anonymize the data and add latency so it avoids disclosing real time locations
D. Obtain a court order because location data is a special category of personal data
عرض الإجابة
اجابة صحيحة: A
السؤال #27
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. The data subjects are no longer current students of Frank’s
B. The processing will not negatively affect the rights of the data subjects
C. The algorithms that Frank uses for the processing are technologically sound
D. The data subjects gave their unambiguous consent for the original processingcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #28
Which EU institution is vested with the competence to propose new data protection legislation on its own initiative?
A. The European Councilcorrect
B. The European Parliament
C. The European Commissioncorrect
D. The Council of the European Union
عرض الإجابة
اجابة صحيحة: AC
السؤال #29
Which of the following would require designating a data protection officer?
A. Processing is carried out by an organization employing 250 persons or more
B. Processing is carried out for the purpose of providing for-profit goods or services to individuals in the E
C. The core activities of the controller or processor consist of processing operations of financial information or information relating to children
D. The core activities of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale
عرض الإجابة
اجابة صحيحة: ACD
السؤال #30
A well-known video production company, based in Spain but specializing in documentaries filmed worldwide, has just finished recording several hours of footage featuring senior citizens in the streets of Madrid. Under what condition would the company NOT be required to obtain the consent of everyone whose image they use for their documentary?
A. If obtaining consent is deemed to involve disproportionate effort
B. If obtaining consent is deemed voluntary by local legislation
C. If the company limits the footage to data subjects solely of legal age
D. If the company’s status as a documentary provider allows it to claim legitimate interest
عرض الإجابة
اجابة صحيحة: B

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف: