لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
What type of data lies beyond the scope of the General Data Protection Regulation?
A. Pseudonymizedcorrect
B. Anonymizedcorrect
C. Encrypted
D. Masked
عرض الإجابة
اجابة صحيحة: AB
السؤال #2
What is true of both the General Data Protection Regulation (GDPR) and the Council of Europe Convention 108?
A. Both govern international transfers of personal datacorrect
B. Both govern the manual processing of personal data
C. Both only apply to European Union countries
D. Both require notification of processing activities to a supervisory authority
عرض الإجابة
اجابة صحيحة: A
السؤال #3
Which of the following would require designating a data protection officer?
A. Processing is carried out by an organization employing 250 persons or more
B. Processing is carried out for the purpose of providing for-profit goods or services to individuals in the E
C. The core activities of the controller or processor consist of processing operations of financial information or information relating to children
D. The core activities of the controller or processor consist of processing operations that require systematic monitoring of data subjects on a large scale
عرض الإجابة
اجابة صحيحة: ACD
السؤال #4
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. Encrypt the data in transit over the wireless Bluetooth connection
B. Include dual-factor authentication before each use by a child in order to ensure a minimum amount of security
C. Include three-factor authentication before each use by a child in order to ensure the best level of security possible
D. Insert contractual clauses into the contract between the toy manufacturer and the cloud service provider, since South Africa is outside the European Union
عرض الإجابة
اجابة صحيحة: A
السؤال #5
Which institution has the power to adopt findings that confirm the adequacy of the data protection level in a non-EU country?
A. The European Parliamentcorrect
B. The European Commissioncorrect
C. The Article 29 Working Party
D. The European Council
عرض الإجابة
اجابة صحيحة: AB
السؤال #6
WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
A. A postal notification
B. A direct electronic message
C. A notice on a corporate blogcorrect
D. A prominent advertisement in print media
عرض الإجابة
اجابة صحيحة: C
السؤال #7
Which change was introduced by the 2009 amendments to the e-Privacy Directive 2002/58/EC?
A. A voluntary notification for personal data breaches applicable to all data controllers
B. A voluntary notification for personal data breaches applicable to electronic communication providers
C. A mandatory notification for personal data breaches applicable to all data controllers
D. A mandatory notification for personal data breaches applicable to electronic communication providers
عرض الإجابة
اجابة صحيحة: D
السؤال #8
SCENARIO Please use the following to answer the next question: Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the time, Javier g
A. Submit a draft decision to other supervisory authorities for their opinion
B. Request that the other supervisory authorities provide the lead authority with a draft decision for its consideration
C. Submit a draft decision directly to the Commission to ensure the effectiveness of the consistency mechanism
D. Request that members of the seconding supervisory authority and the host supervisory authority co-draft a decision
عرض الإجابة
اجابة صحيحة: A
السؤال #9
An entity’s website stores text files on EU users’ computer and mobile device browsers. Prior to doing so, the entity is required to provide users with notices containing information and consent under which of the following frameworks?
A. General Data Protection Regulation 2016/679
B. E-Privacy Directive 2002/58/Ecorrect
C. E-Commerce Directive 2000/31/E
D. Data Protection Directive 95/46/E
عرض الإجابة
اجابة صحيحة: B
السؤال #10
What is true of both the General Data Protection Regulation (GDPR) and the Council of Europe Convention 108?
A. Both govern international transfers of personal datacorrect
B. Both govern the manual processing of personal data
C. Both only apply to European Union countries
D. Both require notification of processing activities to a supervisory authoritycorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #11
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
A. The ePrivacy Directive allows individual EU member states to engage in such data retention
B. The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention
C. The Data Retention Directive’s annulment makes such data retention now permissible
D. The GDPR allows the retention of such data for the prevention, investigation, detection or prosecution of criminal offences only
عرض الإجابة
اجابة صحيحة: AD
السؤال #12
SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll solution for Company A relies on the collection of time and attendance data obtained via a biometric entry system installed in each of Company A’s factories. Company B won’t hold any biometric data itsel
A. Their omission of data protection provisions in their contract with Company
B. Their failure to provide sufficient security safeguards to Company A’s data
C. Their engagement of Company C to improve their payroll service
D. Their decision to operate without a data protection officer
عرض الإجابة
اجابة صحيحة: B
السؤال #13
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. More information about Frank’s data protection training
B. More information about the extent of the information loss
C. More information about the algorithm Frank used to mask student numbers
D. More information about what students have been told and how the research will be used
عرض الإجابة
اجابة صحيحة: D
السؤال #14
Under Article 21 of the GDPR, a controller must stop profiling when requested by a data subject, unless it can demonstrate compelling legitimate grounds that override the interests of the individual. In the Guidelines on Automated individual decision-making and Profiling, the WP 29 says the controller needs to do all of the following to demonstrate that it has such legitimate grounds EXCEPT?
A. Carry out an exercise that weighs the interests of the controller and the basis for the data subject’s objection
B. Consider the impact of the profiling on the data subject’s interest, rights and freedoms
C. Demonstrate that the profiling is for the purposes of direct marketing
D. Consider the importance of the profiling to their particular objective
عرض الإجابة
اجابة صحيحة: AC
السؤال #15
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?
A. That it essentially functions as a one-stop shop mechanismcorrect
B. That it takes the form of a Regulation as opposed to a Directive
C. That it makes notification of large-scale data breaches mandatory
D. That it makes appointment of a data protection officer mandatorycorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #16
Article 29 Working Party has emphasized that the GDPR forbids “forum shopping”, which occurs when companies do what?
A. Choose the data protection officer that is most sympathetic to their business concerns
B. Designate their main establishment in member state with the most flexible practices
C. File appeals of infringement judgments with more than one EU institution simultaneously
D. Select third-party processors on the basis of cost rather than quality of privacy protection
عرض الإجابة
اجابة صحيحة: B
السؤال #17
SCENARIO Please use the following to answer the next question: Due to rapidly expanding workforce, Company A has decided to outsource its payroll function to Company B. Company B is an established payroll service provider with a sizable client base and a solid reputation in the industry. Company B’s payroll solution for Company A relies on the collection of time and attendance data obtained via a biometric entry system installed in each of Company A’s factories. Company B won’t hold any biometric data itsel
A. Hiring companies whose measures are consistent with recommendations of accrediting bodies
B. Requesting advice and technical support from Company A’s IT team
C. Avoiding the use of another company’s data to improve their own services
D. Vetting companies’ measures with the appropriate supervisory authority
عرض الإجابة
اجابة صحيحة: A
السؤال #18
Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?
A. The public
B. Company X
C. Law enforcementcorrect
D. The supervisory authority
عرض الإجابة
اجابة صحيحة: C
السؤال #19
Read the following steps: ? Discover which employees are accessing cloud services and from which devices and apps Lock down the data in those apps and devices ? Monitor and analyze the apps and devices for compliance ? Manage application life cycles ? Monitor data sharing An organization should perform these steps to do which of the following?
A. Pursue a GDPR-compliant Privacy by Design process
B. Institute a GDPR-compliant employee monitoring process
C. Maintain a secure Bring Your Own Device (BYOD) program
D. Ensure cloud vendors are complying with internal data use policies
عرض الإجابة
اجابة صحيحة: C
السؤال #20
Under the GDPR, which essential pieces of information must be provided to data subjects before collecting their personal data?
A. The authority by which the controller is collecting the data and the third parties to whom the data will be sent
B. The name/s of relevant government agencies involved and the steps needed for revising the data
C. The identity and contact details of the controller and the reasons the data is being collected
D. The contact information of the controller and a description of the retention policy
عرض الإجابة
اجابة صحيحة: AC
السؤال #21
A company has collected personal data tor direct marketing purpose on the basis of consent. It is now considering using this data to develop new products through analytics. What is the company first required to do?
A. Obtain specific consent for the new processingcorrect
B. Only inform the data subjects of the new purpose
C. Proceed no further, as such repurposing is unlawful
D. Update the privacy notice upon which consent was given
عرض الإجابة
اجابة صحيحة: A
السؤال #22
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The NFC portal can read any data stored in the action figures
B. The information about the data processing involved has not been specifiedcorrect
C. The cloud service provider is in a country that has not been deemed adequate
D. The RFID tag in the action figures has the potential for misuse because of the toy’s evolving capabilities
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Which aspect of the GDPR will likely have the most impact on the consistent implementation of data protection laws throughout the European Union?
A. That it essentially functions as a one-stop shop mechanismcorrect
B. That it takes the form of a Regulation as opposed to a Directivecorrect
C. That it makes notification of large-scale data breaches mandatory
D. That it makes appointment of a data protection officer mandatory
عرض الإجابة
اجابة صحيحة: AB
السؤال #24
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?
A. When the personal data is processed only in non-electronic formcorrect
B. When the personal data is collected and then pseudonymised by the controller
C. When the personal data is held by the controller but not processed for further purposes
D. When the personal data is processed by an individual only for their household activitiescorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #25
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. Student records
B. Staff and alumni records
C. Frank’s performance databasecorrect
D. Department for Education records
عرض الإجابة
اجابة صحيحة: C
السؤال #26
Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?
A. Within 40 days of receiptcorrect
B. Within 40 days of receipt, which may be extended by up to 40 additional days
C. Within one month of receipt, which may be extended by up to an additional month
D. Within one month of receipt, which may be extended by an additional two monthscorrect
عرض الإجابة
اجابة صحيحة: AD
السؤال #27
What is a reason the European Court of Justice declared the Data Retention Directive invalid in 2014?
A. The requirements affected individuals without exception
B. The requirements were financially burdensome to EU businesses
C. The requirements specified that data must be held within the E
D. The requirements had limitations on how national authorities could use data
عرض الإجابة
اجابة صحيحة: A
السؤال #28
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. The data subjects are no longer current students of Frank’s
B. The processing will not negatively affect the rights of the data subjects
C. The algorithms that Frank uses for the processing are technologically sound
D. The data subjects gave their unambiguous consent for the original processingcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #29
Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?
A. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations
B. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data
C. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced
D. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data
عرض الإجابة
اجابة صحيحة: A
السؤال #30
WP29’s “Guidelines on Personal data breach notification under Regulation 2016/679’’ provides examples of ways to communicate data breaches transparently. Which of the following was listed as a method that would NOT be effective for communicating a breach to data subjects?
A. A postal notificationcorrect
B. A direct electronic messagecorrect
C. A notice on a corporate blogcorrect
D. A prominent advertisement in print mediacorrect
عرض الإجابة
اجابة صحيحة: ABCD

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.