لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
All of the following are tasks in the “Discover” phase of building an information management program EXCEPT?
A. Facilitating participation across departments and levels
B. Developing a process for review and update of privacy policies
C. Deciding how aggressive to be in the use of personal information
D. Understanding the laws that regulate a company’s collection of informationcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #2
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?
A. To follow the Disposal Rule by having the reports shredded
B. To follow the Red Flags Rule by mailing the reports to customers
C. To follow the Privacy Rule by notifying customers that the reports are being storedcorrect
D. To follow the Safeguards Rule by transferring the reports to a secure electronic file
عرض الإجابة
اجابة صحيحة: C
السؤال #3
SCENARIO Please use the following to answer the next QUESTION: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. As a data supervisorcorrect
B. As a data processor
C. As a data controller
D. As a data manager
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
A. 7 days
B. 10 dayscorrect
C. 15 days
D. 21 days
عرض الإجابة
اجابة صحيحة: B
السؤال #5
When does the Telemarketing Sales Rule require an entity to share a do-not-call request across its organization?
A. When the operational structures of its divisions are not transparent
B. When the goods and services sold by its divisions are very similar
C. When a call is not the result of an error or other unforeseen causecorrect
D. When the entity manages user preferences through multiple platforms
عرض الإجابة
اجابة صحيحة: C
السؤال #6
Which federal act does NOT contain provisions for preempting stricter state laws?
A. The CAN-SPAM Act
B. The Children’s Online Privacy Protection Act (COPPA)
C. The Fair and Accurate Credit Transactions Act (FACTA)
D. The Telemarketing Consumer Protection and Fraud Prevention Actcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #7
Which of the following laws is NOT involved in the regulation of employee background checks?
A. The Civil Rights Act
B. The Gramm-Leach-Bliley Act (GLBA)
C. The
D. Fair Credit Reporting Act (FCRA)
E. The California Investigative Consumer Reporting Agencies Act (ICRAA)
عرض الإجابة
اجابة صحيحة: B
السؤال #8
According to Section 5 of the FTC Act, self-regulation primarily involves a company’s right to do what?
A. Determine which bodies will be involved in adjudication
B. Decide if any enforcement actions are justified
C. Adhere to its industry’s code of conduct
D. Appeal decisions made against it
عرض الإجابة
اجابة صحيحة: C
السؤال #9
In which situation is a company operating under the assumption of implied consent?
A. An employer contacts the professional references provided on an applicant’s resumecorrect
B. An online retailer subscribes new customers to an e-mail list by default
C. A landlord uses the information on a completed rental application to run a credit report
D. A retail clerk asks a customer to provide a zip code at the check-out counter
عرض الإجابة
اجابة صحيحة: A
السؤال #10
SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Reports on recent purchase histories
B. Database schemas held by the retailer
C. Lists of all customers, sorted by countrycorrect
D. Interviews with key marketing personnel
عرض الإجابة
اجابة صحيحة: C
السؤال #11
SCENARIO Please use the following to answer the next question: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Because HealthCo did not require CloudHealth to implement appropriate physical and administrative measures to safeguard the ePHI
B. Because HealthCo did not conduct due diligence to verify or monitor CloudHealth’s security measurescorrect
C. Because HIPAA requires the imposition of a fine if a data breach of this magnitude has occurred
D. Because CloudHealth violated its contract with HealthCo by not encrypting the ePHI
عرض الإجابة
اجابة صحيحة: B
السؤال #12
In a case of civil litigation, what might a defendant who is being sued for distributing an employee’s private information face?
A. Probation
B. Criminal fines
C. An injunction
D. A jail sentence
عرض الإجابة
اجابة صحيحة: C
السؤال #13
In which situation would a policy of “no consumer choice” or “no option” be expected?
A. When a job applicant’s credit report is provided to an employer
B. When a customer’s financial information is requested by the government
C. When a patient’s health record is made available to a pharmaceutical company
D. When a customer’s street address is shared with a shipping companycorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #14
In what way does the “Red Flags Rule” under the Fair and Accurate Credit Transactions Act (FACTA) relate to the owner of a grocery store who uses a money wire service?
A. It mandates the use of updated technology for securing credit records
B. It requires the owner to implement an identity theft warning system
C. It is not usually enforced in the case of a small financial institution
D. It does not apply because the owner is not a creditorcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #15
SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. Leaving the company susceptible to violations by setting unrealistic goalscorrect
B. Failing to meet the needs of customers who are concerned about privacy
C. Showing a lack of trust in the organization’s privacy practices
D. Not being in standard compliance with applicable laws
عرض الإجابة
اجابة صحيحة: A
السؤال #16
SCENARIO Please use the following to answer the next question: Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse. Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issu
A. State the privacy policy to the patient verbally
B. Post the privacy notice in a prominent location instead
C. Direct patients to the correct area of the hospital websitecorrect
D. Confirm that patients are given the privacy notice on their first visit
عرض الإجابة
اجابة صحيحة: C
السؤال #17
According to FERPA, when can a school disclose records without a student’s consent?
A. If the disclosure is not to be conducted through email to the third party
B. If the disclosure would not reveal a student’s student identification number
C. If the disclosure is to practitioners who are involved in a student’s health care
D. If the disclosure is to provide transcripts to a school where a student intends to enrollcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #18
According to FERPA, when can a school disclose records without a student’s consent?
A. If the disclosure is not to be conducted through email to the third party
B. If the disclosure would not reveal a student’s student identification number
C. If the disclosure is to practitioners who are involved in a student’s health care
D. If the disclosure is to provide transcripts to a school where a student intends to enrollcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #19
SCENARIO Please use the following to answer the next question: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Training on techniques for identifying phishing attemptscorrect
B. Training on the terms of the contractual agreement with HealthCo
C. Training on the difference between confidential and non-public information
D. Training on CloudHealth’s HR policy regarding the role of employees involved data breaches
عرض الإجابة
اجابة صحيحة: A
السؤال #20
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the “most expeditious time possible without unreasonable delay.” By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?
A. Mainecorrect
B. Floridacorrect
C. New York
D. California
عرض الإجابة
اجابة صحيحة: AB
السؤال #21
SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Available data flow diagrams
B. The text of the original complaint
C. The company’s data privacy policies
D. Prevailing regulation on this subjectcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #22
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?
A. Being more closely scrutinized for any breaches of policycorrect
B. Getting accused of discriminatory practices
C. Attracting skepticism from auditors
D. Having a security system failure
عرض الإجابة
اجابة صحيحة: A
السؤال #23
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
A. Describing the policy changes on its website
B. Obtaining affirmative consent from its customers
C. Publicizing the policy changes through social media
D. Reassuring customers of the security of their information
عرض الإجابة
اجابة صحيحة: B
السؤال #24
SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. Creating a more comprehensive plan for implementing a new policy
B. Spending more time understanding the company’s information goalscorrect
C. Explaining the importance of transparency in implementing a new policy
D. Removing the financial burden of the company’s employee training program
عرض الإجابة
اجابة صحيحة: B
السؤال #25
Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?
A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination
B. An employer has a responsibility to permanently delete or expunge all sensitiveemployment records to minimize privacy risks to both the employer and former employee
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose
عرض الإجابة
اجابة صحيحة: B
السؤال #26
SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Training on techniques for identifying phishing attemptscorrect
B. Training on the terms of the contractual agreement with HealthCo
C. Training on the difference between confidential and non-public information
D. Training on CloudHealth’s HR policy regarding the role of employees involved data breaches
عرض الإجابة
اجابة صحيحة: A
السؤال #27
Which law provides employee benefits, but often mandates the collection of medical information?
A. The Occupational Safety and Health Act
B. The Americans with Disabilities Act
C. The Employee Medical Security Act
D. The Family and Medical Leave Act
عرض الإجابة
اجابة صحيحة: AB
السؤال #28
The “Consumer Privacy Bill of Rights” presented in a 2012 Obama administration report is generally based on?
A. The 1974 Privacy Act
B. Common law principles
C. European Union Directivecorrect
D. Traditional fair information practices
عرض الإجابة
اجابة صحيحة: C
السؤال #29
What is the main purpose of the CAN-SPAM Act?
A. To diminish the use of electronic messages to send sexually explicit materials
B. To authorize the states to enforce federal privacy laws for electronic marketing
C. To empower the FTC to create rules for messages containing sexually explicit content
D. To ensure that organizations respect individual rights when using electronic advertisingcorrect
عرض الإجابة
اجابة صحيحة: D

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.