لا تريد أن تفوت شيئا؟

نصائح اجتياز امتحان الشهادة

آخر أخبار الامتحانات ومعلومات الخصم

برعاية وحديثة من قبل خبرائنا

نعم، أرسل لي النشرة الإخبارية

خذ اختبارات أخرى عبر الإنترنت
السؤال #1
The rules for “e-discovery” mainly prevent which of the following?
A. A conflict between business practice and technological safeguards
B. The loss of information due to poor data retention practicescorrect
C. The practice of employees using personal devices for work
D. A breach of an organization’s data retention program
عرض الإجابة
اجابة صحيحة: B
السؤال #2
SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Because HealthCo did not require CloudHealth to implement appropriate physical and administrative measures to safeguard the ePHI
B. Because HealthCo did not conduct due diligence to verify or monitor CloudHealth’s security measurescorrect
C. Because HIPAA requires the imposition of a fine if a data breach of this magnitude has occurred
D. Because CloudHealth violated its contract with HealthCo by not encrypting the ePHI
عرض الإجابة
اجابة صحيحة: B
السؤال #3
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
A. Describing the policy changes on its website
B. Obtaining affirmative consent from its customers
C. Publicizing the policy changes through social media
D. Reassuring customers of the security of their information
عرض الإجابة
اجابة صحيحة: AB
السؤال #4
SCENARIO Please use the following to answer the next question: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Administrative Safeguards
B. Technical Safeguards
C. Physical Safeguardscorrect
D. Security Safeguards
عرض الإجابة
اجابة صحيحة: C
السؤال #5
What is the main purpose of requiring marketers to use the Wireless Domain Registry?
A. To access a current list of wireless domain names
B. To prevent unauthorized emails to mobile devicescorrect
C. To acquire authorization to send emails to mobile devices
D. To ensure their emails are sent to actual wireless subscribers
عرض الإجابة
اجابة صحيحة: B
السؤال #6
Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?
A. International data transfers
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
عرض الإجابة
اجابة صحيحة: A
السؤال #7
SCENARIO Please use the following to answer the next QUESTION When there was a data breach involving customer personal and financial information at a large retail store, the company’s directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate r
A. Mishandling of information caused by lack of access controls
B. Unintended disclosure of information shared with a third party
C. Fraud involving credit card theft at point-of-service terminals
D. Lost company property such as a computer or flash drive
عرض الإجابة
اجابة صحيحة: A
السؤال #8
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?
A. A local nonprofit charity’s fundraiser
B. An online merchant’s free shipping offercorrect
C. A national bank’s no-fee checking promotion
D. A city bus system’s frequent rider program
عرض الإجابة
اجابة صحيحة: B
السؤال #9
SCENARIO Please use the following to answer the next QUESTION Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in
A. That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute
B. That the company is governed by CCPA, but does not need to take any additional steps because it follows CPB
C. That business contact information could be considered personal information governed by CCP
D. That CCPA only applies to companies based in California, which exempts the company from compliance
عرض الإجابة
اجابة صحيحة: A
السؤال #10
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
A. 7 days
B. 10 dayscorrect
C. 15 days
D. 21 days
عرض الإجابة
اجابة صحيحة: B
السؤال #11
Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers”?
A. International data transferscorrect
B. Large platform providers
C. Promoting enforceable self-regulatory codes
D. Do Not Track
عرض الإجابة
اجابة صحيحة: A
السؤال #12
SCENARIO Please use the following to answer the next QUESTION: You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo’s business associ
A. Because HealthCo did not require CloudHealth to implement appropriate physical and administrative measures to safeguard the ePHI
B. Because HealthCo did not conduct due diligence to verify or monitor CloudHealth’s security measurescorrect
C. Because HIPAA requires the imposition of a fine if a data breach of this magnitude has occurred
D. Because CloudHealth violated its contract with HealthCo by not encrypting the ePHI
عرض الإجابة
اجابة صحيحة: B
السؤال #13
SCENARIO Please use the following to answer the next question: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Right of Access
B. Right of Removalcorrect
C. Right of Rectification
D. Right to Be Forgotten
عرض الإجابة
اجابة صحيحة: B
السؤال #14
What type of material is exempt from an individual’s right to disclosure under the Privacy Act?
A. Material requires by statute to be maintained and used solely for research purposes
B. Material reporting investigative efforts to prevent unlawful persecution of an individual
C. Material used to determine potential collaboration with foreign governments in negotiation of trade deals
D. Material reporting investigative efforts pertaining to the enforcement of criminal law
عرض الإجابة
اجابة صحيحة: C
السؤال #15
What was the original purpose of the Federal Trade Commission Act?
A. To ensure privacy rights of
B. citizenscorrect
C. To protect consumers
D. To enforce antitrust laws
E. To negotiate consent decrees with companies violating personal privacy
عرض الإجابة
اجابة صحيحة: B
السؤال #16
What practice does the USA FREEDOM Act NOT authorize?
A. Emergency exceptions that allows the government to target roamerscorrect
B. An increase in the maximum penalty for material support to terrorism
C. An extension of the expiration for roving wiretaps
D. The bulk collection of telephone data and internet metadata
عرض الإجابة
اجابة صحيحة: A
السؤال #17
SCENARIO Please use the following to answer the next QUESTION: Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.” Bizarrely, E
A. The Whistleblower Protection Act
B. The Stored Communications Act (SCA)
C. The National Labor Relations Act (NLRA)correct
D. The Fair and Accurate Credit Transactions Act (FACTA)
عرض الإجابة
اجابة صحيحة: C
السؤال #18
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?
A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts
B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts
C. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices
D. The encryption of all personal information of Massachusetts residents when stored on portable devices
عرض الإجابة
اجابة صحيحة: AD
السؤال #19
Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders. Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?
A. If the algorithm uses risk factors that impact the automatic decision engine
B. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes
C. If the algorithm’s methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes
D. If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output
عرض الإجابة
اجابة صحيحة: AB
السؤال #20
Which of the following is an important implication of the Dodd-Frank Wall Street Reform and Consumer Protection Act?
A. Financial institutions must avoid collecting a customer’s sensitive personal information
B. Financial institutions must help ensure a customer’s understanding of products and servicescorrect
C. Financial institutions must use a prescribed level of encryption for most types of customer records
D. Financial institutions must cease sending e-mails and other forms of advertising to customers who opt out of direct marketing
عرض الإجابة
اجابة صحيحة: B
السؤال #21
Which of the following federal agencies does NOT enforce the Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA)?
A. The Office of the Comptroller of the Currencycorrect
B. The Consumer Financial Protection Bureau
C. The Department of Health and Human Servicescorrect
D. The Federal Trade Commission
عرض الإجابة
اجابة صحيحة: AC
السؤال #22
Which of the following best describes an employer’s privacy-related responsibilities to an employee who has left the workplace?
A. An employer has a responsibility to maintain a former employee’s access to computer systems and company data needed to support claims against the company such as discrimination
B. An employer has a responsibility to permanently delete or expunge all sensitive employment records to minimize privacy risks to both the employer and former employee
C. An employer may consider any privacy-related responsibilities terminated, as the relationship between employer and employee is considered primarily contractual
D. An employer has a responsibility to maintain the security and privacy of any sensitive employment records retained for a legitimate business purpose
عرض الإجابة
اجابة صحيحة: B
السؤال #23
Within what time period must a commercial message sender remove a recipient’s address once they have asked to stop receiving future e-mail?
A. 7 dayscorrect
B. 10 dayscorrect
C. 15 days
D. 21 days
عرض الإجابة
اجابة صحيحة: AB
السؤال #24
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?
A. Uses the transferred data for limited purposes
B. Provides the same level of privacy protection as the organization
C. Notifies the organization if it can no longer meet its requirements for proper data handling
D. Enters a contract with the organization that states the third party will process data according to the consent agreementcorrect
عرض الإجابة
اجابة صحيحة: D
السؤال #25
SCENARIO Please use the following to answer the next question: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. The policy would not be considered valid if not communicated in full
B. The policy might not be implemented consistency across departments
C. Employees would not be comfortable with a policy that is put into action over time
D. Employees might not understand how the documents relate to the policy as a whole
عرض الإجابة
اجابة صحيحة: B
السؤال #26
SCENARIO Please use the following to answer the next question: Matt went into his son’s bedroom one evening and found him stretched out on his bed typing on his laptop. “Doing your network?” Matt asked hopefully. “No,” the boy said. “I’m filling out a survey.” Matt looked over his son’s shoulder at his computer screen. “What kind of survey?” “It’s asking questions about my opinions.” “Let me see,” Matt said, and began reading the list of questions that his son had already answered. “It’s asking your opinion
A. The marketer failed to make an adequate attempt to provide Matt with informationcorrect
B. The marketer did not provide evidence that the prize books were appropriate for children
C. The marketer seems to have distributed his son’s information without Matt’s permission
D. The marketer failed to identify himself and indicate the purpose of the messages
عرض الإجابة
اجابة صحيحة: A
السؤال #27
SCENARIO Please use the following to answer the next QUESTION:
A. Training on techniques for identifying phishing attemptscorrect
B. Training on the terms of the contractual agreement with HealthCo
C. Training on the difference between confidential and non-public information
D. Training on CloudHealth’s HR policy regarding the role of employees involved data breaches
عرض الإجابة
اجابة صحيحة: A
السؤال #28
Which authority supervises and enforces laws regarding advertising to children via the Internet?
A. The Office for Civil Rights
B. The Federal Trade Commission
C. The Federal Communications Commission
D. The Department of Homeland Security
عرض الإجابة
اجابة صحيحة: B
السؤال #29
Which jurisdiction must courts have in order to hear a particular case?
A. Subject matter jurisdiction and regulatory jurisdiction
B. Subject matter jurisdiction and professional jurisdiction
C. Personal jurisdiction and subject matter jurisdictioncorrect
D. Personal jurisdiction and professional jurisdiction
عرض الإجابة
اجابة صحيحة: C
السؤال #30
Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?
A. A K-12 assessment vendor obtains a student’s signed essay about her hometown from her school to use as an exemplar for public releasecorrect
B. A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors
C. A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll
D. University police provide an arrest report to a student’s hometown police, who suspect him of a similar crime
عرض الإجابة
اجابة صحيحة: A

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

عرض الإجابات بعد التقديم

يرجى إرسال البريد الإلكتروني الخاص بك والواتس اب للحصول على إجابات الأسئلة.

ملحوظة: يرجى التأكد من صلاحية معرف البريد الإلكتروني وWhatsApp حتى تتمكن من الحصول على نتائج الاختبار الصحيحة.

بريد إلكتروني:
رقم الواتس اب/الهاتف:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.