DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

IAPP CIPP-A Exam Questions and Answers, Certified Information Privacy Professional/ Asia | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
Section 43A was amended by India's IT Rules 2011 to include?
A. A definition of what constitutes reasonable security practices
B. A requirement for the creation of a data protection authority
C. A list of cases in which privacy policies are not necessary
D. A clarification regarding the role of non-automated data
View answer
Correct Answer: A
Question #2
Section 43A of India's IT Rules 2011 requires which of the following for a privacy policy?
A. It should be available and produced on request
B. It should be published on the website of the body corporate
C. It should be emailed or faxed to data providers by the body corporate
D. It should be shown to the data provider at the time of data collection
View answer
Correct Answer: A
Question #3
What clarification did India make in a 2011 Press Note regarding their Sensitive Personal Data Rules?
A. That the rules apply to data subjects located outside of India
B. That the rules apply to persons or companies collecting sensitive data within India
C. That the data processor must provide notice to the data subject before data is processed
D. That sensitive personal data or information includes passwords, financial information,medical records, andbiometric information
View answer
Correct Answer: AD
Question #4
Which concept is NOT an element of Cross Border Privacy Rules (CBPR)?
A. Enforcement by Accountability Agents
B. Self-assessment against CBPR QUESTION NO:naire
C. Consultation with Privacy Enforcement (PE) Authority
D. Dispute resolution via the Accountability Agent's compliance program
View answer
Correct Answer: ABC
Question #5
In Singapore, a potential employer can collect all of the following data on an individual in the pre-employment phase EXCEPT?
A. Postings from social media websites
B. Information from a background check
C. Information about the individual's children
D. The individual's university attendance records
View answer
Correct Answer: B
Question #6
Which of the following is NOT excluded from the scope of Singapore's Do Not Call registry?
A. Messages that promote investment opportunities
B. Messages that conduct market research
C. Messages from charitable organizations
D. Messages from political candidates
View answer
Correct Answer: ABCD
Question #7
SCENARIO C Please use the following to answer the next QUESTION: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. FFE's collection of full name from prospective clients
B. FFE affiliates' receipt of Stephen's contact information
C. FFE's collection of age and HKID from prospective clients
D. FFE's collection of Stephen's messenger cell details through Kelvin
View answer
Correct Answer: D
Question #8
Which of the following would NOT be exempt from Singapore’s PDPA?
A. A government automobile registration website
B. A private party room at a popular restaurant
C. A documentary filmed at a rock concert
D. A video from a store's dosed-circuit Tcorrect
View answer
Correct Answer: D
Question #9
SCENARIO C Please use the following to answer the next QUESTION: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Inform the staff that Relax Ltd can transfer the data to StarOne given they are in the same premises and guests would reasonably expect that
B. Inform the staff that Relax Ltd should not transfer the data to StarOne without a privacy notice identifying StarOne as a class of transferee
C. Inform the staff that Relax Ltd should not transfer the data to StarOne without the guest's opt-in consent to do so
D. Inform the staff that Relax Ltd can transfer the data as Section 33 is not in force
View answer
Correct Answer: C
Question #10
In India, the obligation to appoint a Grievance Officer applies ONLY to companies that?
A. Deal with sensitive personal data
B. Conduct cross-border data transfers
C. Are considered part of the public sector
D. Lack alternate enforcement mechanisms
View answer
Correct Answer: A
Question #11
Protection of which kind of personal information is NOT explicitly mentioned in the privacy laws of Hong Kong, Singapore, and India?
A. Sensitive data
B. Children's data
C. Outsourced data
D. Extraterritorial data
View answer
Correct Answer: B
Question #12
Which of the following principles of the OECD guidelines and Council of European Convention principles does Singapore's PDPA incorporate?
A. Disclosures to third parties included in access requests
B. Additional protections for sensitive personal data
C. The ability to opt-out from direct marketing
D. The right of deletion of data on request
View answer
Correct Answer: AC
Question #13
What term is defined by the European Commission to mean any data that relates to an identified or identifiable individual?
A. Personally identifiable information
B. Sensitive information
C. Personal data
D. Identified data
View answer
Correct Answer: C
Question #14
In the Asia-Pacific Economic Cooperation (APEC) Privacy Framework, what exception is allowed to the Access and Correction principle?
A. Paper-based records
B. Publicly-available information
C. Foreign intelligence
D. Unreasonable expense
View answer
Correct Answer: D
Question #15
The "due diligence" exemption in Hong Kong's PDPO was meant to apply to?
A. Third-party data processors located in foreign countries
B. Companies researching the viability of business mergers
C. Service providers hosting customer information in the cloud
D. Direct marketers acting in the best interest of their company
View answer
Correct Answer: A
Question #16
SCENARIO C Please use the following to answer the next QUESTION: Bharat Medicals is an established retail chain selling medical goods, with a presence in a number of cities throughout India. Their strategic partnership with major hospitals in these cities helped them capture an impressive market share over the years. However, with lifestyle and demographic shifts in India, the company saw a huge opportunity in door-to-door delivery of essential medical products. The need for such a service was confirmed by
A. It must have a privacy policy on its website describing its data processing practices
B. It must obtain consent from Bharat Medicals consumers before processing their data
C. It must process Bharat Medicals' consumer data only according to agreed contractual terms
D. It must protect any unauthorized access any of Bharat Medicals consumer data that it obtained
View answer
Correct Answer: B
Question #17
Under the PDPO, what are Hong Kong companies that make use of personal data required to do?
A. Appoint an official compliance officer
B. Register with the appropriate data authority
C. Honor all data subject requests for correcting personal information
D. Provide contact information of persons handling data access requests
View answer
Correct Answer: C
Question #18
SCENARIO C Please use the following to answer the next QUESTION: Fitness For Everyone ("FFE") is a gym on Hong Kong Island that is affiliated with a network of gyms throughout Southeast Asia. When prospective members of the gym stop in, call in or submit an inquiry online, they are invited for a free trial session. At first, the gym asks prospective clients only for basic information: a full name, contact number, age and their Hong Kong ID number, so that FFE's senior trainer Kelvin can reach them to arrang
A. From the FFE retention department, offering a special discount for reactivating membership
B. From health care services provided by Hong Kong's Hospital Authority or Department of Health
C. From an FFE affiliate that provides a mechanism to opt out of further communications by reply-texting "Ocorrect
D. "
E. From an FFE affiliate in the region Stephen was transferred to, offering services similar to those he purchased previously
View answer
Correct Answer: C
Question #19
How can the privacy principles issued in 1980 by the Organisation for Economic Cooperation and Development (OECD) be defined?
A. Guidelines governing the protection of privacy and trans-border data flows issued in collaboration with the Federal Trade Commission
B. Guidelines governing the protection of privacy and trans-border data flows of personal data in states that are members
C. Mandatory rules governing the protection of privacy and trans-border data flows within the European Union
D. Mandatory rules governing the protection of privacy and trans-border data flows among binding member states
View answer
Correct Answer: B
Question #20
Which method ensures the greatest security when erasing data that is no longer needed, according to the Hong Kong Office of the Privacy Commissioner?
A. Strip-shredding paper copies of data
B. Crosscut shredding paper copies of data
C. Deleting electronic files containing data
D. Reformatting USB memory devices containing data
View answer
Correct Answer: B
Question #21
Employee benefits administration, including health insurance. Dracarys will have employees on the ground in India managing the systems for the functions listed above. They have been presented with a variety of vendor options for these systems, and are currently assessing the suitability of these vendors for their needs. The CEO of Dracarys is concerned about the behavior of her employees, especially online. After having proprietary company information being shared with competitors by former employees, she i
A. Breach notification
B. Data retention periods
C. Employee recruitment process
D. Data subject consent provisions
View answer
Correct Answer: D
Question #22
On what group does Singapore's PDPA impose disclosure restrictions that Hong Kong and India do not?
A. Government officials
B. Children under 13
C. The deceased
D. The clergy
View answer
Correct Answer: A
Question #23
Employee benefits administration, including health insurance. Dracarys will have employees on the ground in India managing the systems for the functions listed above. They have been presented with a variety of vendor options for these systems, and are currently assessing the suitability of these vendors for their needs. The CEO of Dracarys is concerned about the behavior of her employees, especially online. After having proprietary company information being shared with competitors by former employees, she i
A. The Indian Information Technology Act of 2000
B. The Hong Kong guide to monitoring personal data privacy at work
C. The Hong Kong Code of Practice on Human Resource Management
D. The Singapore advisory guidelines on the personal data protection act for selected topics (employment and CCTV)
View answer
Correct Answer: A
Question #24
How are the scope of Singapore's Personal Data Protection Act and the scope of India's IT Rules similar?
A. They only apply to the private sector
B. They allow exemptions for military personnel
C. They apply to controllers and processors alike
D. They impose obligations on individuals acting in a domestic capacity
View answer
Correct Answer: C
Question #25
Which provision of Hong Kong's Personal Data (Privacy) Ordinance (PDPO) strengthens the purpose limitation principle (DPP3)?
A. Notice; because the data subject must be provided with the purpose of the collection
B. Public domain; because the data subjects must agree to the purpose before their information is made publicly available
C. Prescribed consent; because the data subject must give express consent to their personal information being used for additional purposes
D. Finality; because the purpose for collection of personal information from the subject must be directly related to a function of the collector
View answer
Correct Answer: A
Question #26
SCENARIO C Please use the following to answer the next QUESTION: Bharat Medicals is an established retail chain selling medical goods, with a presence in a number of cities throughout India. Their strategic partnership with major hospitals in these cities helped them capture an impressive market share over the years. However, with lifestyle and demographic shifts in India, the company saw a huge opportunity in door-to-door delivery of essential medical products. The need for such a service was confirmed by
A. The recipients of the collected data
B. The name of the body collecting the data
C. The type of safeguards protecting the data
D. The options the subject has to access his data
View answer
Correct Answer: D
Question #27
How can the privacy principles issued in 1980 by the Organisation for Economic Cooperation and Development (OECD) be defined?
A. Guidelines governing the protection of privacy and trans-border data flows issued in collaboration with the Federal Trade Commission
B. Guidelines governing the protection of privacy and trans-border data flows of personal data in states that are members
C. Mandatory rules governing the protection of privacy and trans-border data flows within the European Union
D. Mandatory rules governing the protection of privacy and trans-border data flows among binding member states
View answer
Correct Answer: AB
Question #28
SCENARIO C Please use the following to answer the next QUESTION: Zoe is the new Compliance Manager for the Star Hotel Group, which has five hotels across Hong Kong and China. On her first day, she does an inspection of the largest property, StarOne. She starts with the hotel reception desk. Zoe sees the front desk assistant logging in to a database as he is checking in a guest. The hotel manager, Bernard, tells her that all guest data, including passport numbers, credit card numbers, home address, mobile nu
A. Zoe must immediately notify all guests, the police and the Privacy Commissioner of the breach
B. Zoe does not need to do anything as there is no mandatory breach notification requirement in Hong Kong
C. Zoe must report the breach to the Privacy Commissioner and make an action plan together with the Commissioner
D. Zoe should consider if there is a real risk of harm to the guests and take appropriate action based on her assessment
View answer
Correct Answer: D
Question #29
Which concept is NOT an element of Cross Border Privacy Rules (CBPR)?
A. Enforcement by Accountability Agents
B. Self-assessment against CBPR questionnaire
C. Consultation with Privacy Enforcement (PE) Authority
D. Dispute resolution via the Accountability Agent's compliance program
View answer
Correct Answer: B
Question #30
Both Sections 72 and 72A of India's IT Act 2000 involve unauthorized access of personal information. One main difference between the sections is that 72A does what?
A. Stipulates that disclosure has to have occurred
B. Specifies imprisonment as a possible penalty
C. Adds a provision about wrongful loss or gain
D. Includes the concept of consent
View answer
Correct Answer: AB

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.