لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?
A. The public
B. Company Xcorrect
C. Law enforcement
D. The supervisory authority
عرض الإجابة
اجابة صحيحة: B
السؤال #2
Which of the following would NOT be relevant when determining if a processing activity would be considered profiling?
A. If the processing is to be performed by a third-party vendorcorrect
B. If the processing involves data that is considered personal data
C. If the processing of the data is done through automated means
D. If the processing is used to predict the behavior of data subjects
عرض الإجابة
اجابة صحيحة: A
السؤال #3
SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company Techiva, hoping that they can design a new, cutting-edge website for TripBliss Inc.’s foundering business. During negotiations, a Techiva representative
A. Because not all of the cookies are strictly necessary to enable the use of a service requested from TripBliss Inc
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers
C. Because Techiva will receive only aggregate statistics of data collected from the cookies, no additional consent is necessary
D. Because the use of cookies involves the potential for location tracking, explicit consent must be obtained from customers
عرض الإجابة
اجابة صحيحة: A
السؤال #4
Which sentence BEST summarizes the concepts of “fairness,” “lawfulness” and “transparency”, as expressly required by Article 5 of the GDPR?
A. Fairness and transparency refer to the communication of key information before collecting data; lawfulness refers to compliance with government regulations
B. Fairness refers to limiting the amount of data collected from individuals; lawfulness refers to the approval of company guidelines by the state; transparency solely relates to communication of key information before collecting data
C. Fairness refers to the security of personal data; lawfulness and transparency refers to the analysis of ordinances to ensure they are uniformly enforced
D. Fairness refers to the collection of data from diverse subjects; lawfulness refers to the need for legal rules to be uniform; transparency refers to giving individuals access to their data
عرض الإجابة
اجابة صحيحة: A
السؤال #5
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. Encrypt the data in transit over the wireless Bluetooth connection
B. Include dual-factor authentication before each use by a child in order to ensure a minimum amount of security
C. Include three-factor authentication before each use by a child in order to ensure the best level of security possible
D. Insert contractual clauses into the contract between the toy manufacturer and the cloud service provider, since South Africa is outside the European Union
عرض الإجابة
اجابة صحيحة: A
السؤال #6
Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?
A. The payment card number of a Dutch citizen
B. The
C. social security number of an American citizen living in Francecorrect
D. The unlinked aggregated data used for statistical purposes by an Italian company
E. The identification number of a German candidate for a professional examination in Germany
عرض الإجابة
اجابة صحيحة: C
السؤال #7
A key component of the OECD Guidelines is the “Individual Participation Principle”. What parts of the General Data Protection Regulation (GDPR) provide the closest equivalent to that principle?
A. The lawful processing criteria stipulated by Articles 6 to 9
B. The information requirements set out in Articles 13 and 14
C. The breach notification requirements specified in Articles 33 and 34
D. The rights granted to data subjects under Articles 12 to 22
عرض الإجابة
اجابة صحيحة: D
السؤال #8
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?
A. When the personal data is processed only in non-electronic formcorrect
B. When the personal data is collected and then pseudonymised by the controllercorrect
C. When the personal data is held by the controller but not processed for further purposes
D. When the personal data is processed by an individual only for their household activities
عرض الإجابة
اجابة صحيحة: AB
السؤال #9
According to the GDPR, how is pseudonymous personal data defined?
A. Data that can no longer be attributed to a specific data subject without the use of additional information kept separately
B. Data that can no longer be attributed to a specific data subject, with no possibility of re-identifying the data
C. Data that has been rendered anonymous in such a manner that the data subject is no longer identifiable
D. Data that has been encrypted or is subject to other technical safeguards
عرض الإجابة
اجابة صحيحة: A
السؤال #10
SCENARIO Please use the following to answer the next question: Joe started the Gummy Bear Company in 2000 from his home in Vermont, USA. Today, it is a multi-billion-dollar candy company operating in every continent. All of the company’s IT servers are located in Vermont. This year Joe hires his son Ben to join the company and head up Project Big, which is a major marketing strategy to triple gross revenue in just 5 years. Ben graduated with a PhD in computer software from a top university. Ben decided to j
A. New corporate governance and code of conduct
B. A data protection impact assessment
C. A comprehensive data inventory
D. Hiring a data protection officer
عرض الإجابة
اجابة صحيحة: B
السؤال #11
According to the E-Commerce Directive 2000/31/EC, where is the place of “establishment” for a company providing services via an Internet website confirmed by the GDPR?
A. Where the technology supporting the website is located
B. Where the website is accessed
C. Where the decisions about processing are madecorrect
D. Where the customer’s Internet service provider is located
عرض الإجابة
اجابة صحيحة: C
السؤال #12
SCENARIO Please use the following to answer the next question: You have just been hired by a toy manufacturer based in Hong Kong. The company sells a broad range of dolls, action figures and plush toys that can be found internationally in a wide variety of retail stores. Although the manufacturer has no offices outside Hong Kong and in fact does not employ any staff outside Hong Kong, it has entered into a number of local distribution contracts. The toys produced by the company can be found in all popular t
A. The child, as the user of the action figure, can provide consent himself, as long as no information is shared for marketing purposes
B. Written authorization attesting to the responsible use of children’s data would need to be obtained from the supervisory authority
C. Consent for data collection is implied through the parent’s purchase of the action figure for the child
D. Parental consent for a child’s use of the action figures would have to be obtained before any data could be collected
عرض الإجابة
اجابة صحيحة: D
السؤال #13
SCENARIO Please use the following to answer the next question: Louis, a long-time customer of Bedrock Insurance, was involved in a minor car accident a few months ago. Although no one was hurt, Louis has been plagued by texts and calls from a company called Accidentable offering to help him recover compensation for personal injury. Louis has heard about insurance companies selling customers’ data to third parties, and he’s convinced that Accidentable must have gotten his information from Bedrock Insurance.
A. Bedrock does not have a duty to transfer Louis’s data to Zantrum if doing so is legitimately not technically feasible
B. Bedrock does not have to transfer Louis’s data to Zantrum because the right to data portability does not apply where personal data are processed in order to carry out tasks in the public interest
C. Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because the duty applies wherever personal data are processed by automated means and necessary for the performance of a contract with the customer
D. Bedrock has failed to comply with the duty to transfer Louis’s data to Zantrum because it has an obligation to develop commonly used, machine-readable and interoperable formats so that all customer data can be ported to other insurers on request
عرض الإجابة
اجابة صحيحة: B
السؤال #14
SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company Techiva, hoping that they can design a new, cutting-edge website for TripBliss Inc.’s foundering business. During negotiations, a Techiva representative
A. Because not all of the cookies are strictly necessary to enable the use of a service requested from TripBliss Inc
B. Because of the categories of data involved, explicit consent for the use of cookies must be obtained separately from customers
C. Because Techiva will receive only aggregate statistics of data collected from the cookies, no additional consent is necessary
D. Because the use of cookies involves the potential for location tracking, explicit consent must be obtained from customers
عرض الإجابة
اجابة صحيحة: B
السؤال #15
Tanya is the Data Protection Officer for Curtains Inc., a GDPR data controller. She has recommended that the company encrypt all personal data at rest. Which GDPR principle is she following?
A. Accuracycorrect
B. Storage Limitation
C. Integrity and confidentialitycorrect
D. Lawfulness, fairness and transparency
عرض الإجابة
اجابة صحيحة: AC
السؤال #16
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
A. The ePrivacy Directive allows individual EU member states to engage in such data retention
B. The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention
C. The Data Retention Directive’s annulment makes such data retention now permissible
D. The GDPR allows the retention of such data for the prevention, investigation, detection or prosecution of criminal offences only
عرض الإجابة
اجابة صحيحة: AD
السؤال #17
What is an important difference between the European Court of Human Rights (ECHR) and the Court of Justice of the European Union (CJEU) in relation to their roles and functions?
A. ECHR can rule on issues concerning privacy as a fundamental right, while the CJEU cannot
B. CJEU can force national governments to implement and honor EU law, while the ECHR cannot
C. CJEU can hear appeals on human rights decisions made by national courts, while the ECHR cannot
D. ECHR can enforce human rights laws against governments that fail to implement them, while the CJEU cannot
عرض الإجابة
اجابة صحيحة: B
السؤال #18
SCENARIO Please use the following to answer the next question: Anna and Frank both work at Granchester University. Anna is a lawyer responsible for data protection, while Frank is a lecturer in the engineering department. The University maintains a number of types of records: - Student records, including names, student numbers, home addresses, pre-university information, university attendance and performance records, details of special educational needs and financial information. - Staff records, including
A. Student records
B. Staff and alumni records
C. Frank’s performance database
D. Department for Education recordscorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #19
What type of data lies beyond the scope of the General Data Protection Regulation?
A. Pseudonymized
B. Anonymizedcorrect
C. Encrypted
D. Masked
عرض الإجابة
اجابة صحيحة: B
السؤال #20
What type of data lies beyond the scope of the General Data Protection Regulation?
A. Pseudonymizedcorrect
B. Anonymizedcorrect
C. Encrypted
D. Masked
عرض الإجابة
اجابة صحيحة: AB
السؤال #21
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
A. The behavior of suspected terrorists being monitored by EU law enforcement bodies
B. Personal data of EU citizens being processed by a controller or processor based outside the Ecorrect
C. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies
D. Personal data of EU residents being processed by a non-EU business that targets EU customers
عرض الإجابة
اجابة صحيحة: ABD
السؤال #22
Which statement provides an accurate description of a directive?
A. A directive speo5es certain results that must be achieved, but each member state is free to decide how to turn it into a national lawcorrect
B. A directive has binding legal force throughout every member state and enters into force on a set date in all the member states
C. A directive is a legal act relating to specific cases and directed towards member states, companies 0' private individuals
D. A directive is a legal act that applies automatically and uniformly to all EU countries as soon as it enters into force
عرض الإجابة
اجابة صحيحة: A
السؤال #23
Under which of the following conditions does the General Data Protection Regulation NOT apply to the processing of personal data?
A. When the personal data is processed only in non-electronic formcorrect
B. When the personal data is collected and then pseudonymised by the controllercorrect
C. When the personal data is held by the controller but not processed for further purposes
D. When the personal data is processed by an individual only for their household activities
عرض الإجابة
اجابة صحيحة: AB
السؤال #24
Under the GDPR, who would be LEAST likely to be allowed to engage in the collection, use, and disclosure of a data subject’s sensitive medical information without the data subject’s knowledge or consent?
A. A member of the judiciary involved in adjudicating a legal dispute involving the data subject and concerning the health of the data subject
B. A public authority responsible for public health, where the sharing of such information is considered necessary for the protection of the general populace
C. A health professional involved in the medical care for the data subject, where the data subject’s life hinges on the timely dissemination of such information
D. A journalist writing an article relating to the medical condition in question, who believes that the publication of such information is in the public interest
عرض الإجابة
اجابة صحيحة: AD
السؤال #25
Assuming that the “without undue delay” provision is followed, what is the time limit for complying with a data access request?
A. Within 40 days of receiptcorrect
B. Within 40 days of receipt, which may be extended by up to 40 additional days
C. Within one month of receipt, which may be extended by up to an additional monthcorrect
D. Within one month of receipt, which may be extended by an additional two months
عرض الإجابة
اجابة صحيحة: AC
السؤال #26
What is one major goal that the OECD Guidelines, Convention 108 and the Data Protection Directive (Directive 95/46/EC) all had in common but largely failed to achieve in Europe?
A. The establishment of a list of legitimate data processing criteriacorrect
B. The creation of legally binding data protection principles
C. The synchronization of approaches to data protectioncorrect
D. The restriction of cross-border data flow
عرض الإجابة
اجابة صحيحة: AC
السؤال #27
Which of the following would most likely NOT be covered by the definition of “personal data” under the GDPR?
A. The payment card number of a Dutch citizen
B. The
C. social security number of an American citizen living in Francecorrect
D. The unlinked aggregated data used for statistical purposes by an Italian company
E. The identification number of a German candidate for a professional examination in Germany
عرض الإجابة
اجابة صحيحة: C
السؤال #28
Which of the following would MOST likely trigger the extraterritorial effect of the GDPR, as specified by Article 3?
A. The behavior of suspected terrorists being monitored by EU law enforcement bodies
B. Personal data of EU citizens being processed by a controller or processor based outside the Ecorrect
C. The behavior of EU citizens outside the EU being monitored by non-EU law enforcement bodies
D. Personal data of EU residents being processed by a non-EU business that targets EU customers
عرض الإجابة
اجابة صحيحة: ABD
السؤال #29
SCENARIO Please use the following to answer the next question: TripBliss Inc. is a travel service company which has lost substantial revenue over the last few years. Their new manager, Oliver, suspects that this is partly due to the company’s outdated website. After doing some research, he meets with a sales representative from the up-and-coming IT company Techiva, hoping that they can design a new, cutting-edge website for TripBliss Inc.’s foundering business. During negotiations, a Techiva representative
A. The resulting obligation to notify data subjects would involve disproportionate effort
B. The incident resulted from the actions of a third-party that were beyond their control
C. The destruction of the stolen data makes any risk to the affected data subjects unlikely
D. The sensitivity of the categories of data involved in the incident was not substantial enough
عرض الإجابة
اجابة صحيحة: C
السؤال #30
How is the retention of communications traffic data for law enforcement purposes addressed by European data protection law?
A. The ePrivacy Directive allows individual EU member states to engage in such data retention
B. The ePrivacy Directive harmonizes EU member states’ rules concerning such data retention
C. The Data Retention Directive’s annulment makes such data retention now permissible
D. The GDPR allows the retention of such data for the prevention, investigation, detection or prosecution of criminal offences only
عرض الإجابة
اجابة صحيحة: A

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.