DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

IAPP CIPP-US Exam Sample Questions | SPOTO

SPOTO's latest exam dumps on the homepage, with a 100% pass rate! SPOTO delivers authentic Cisco CCNA, CCNP study materials, CCIE Lab solutions, PMP, CISA, CISM, AWS, and Palo Alto exam dumps. Our comprehensive study materials are meticulously aligned with the latest exam objectives. With a proven track record, we have enabled thousands of candidates worldwide to pass their IT certifications on their first attempt. Over the past 20+ years, SPOTO has successfully placed numerous IT professionals in Fortune 500 companies.
Take other online exams
Question #1
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than 500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?
A. Department of Health and Human Services
B. The affected individuals
C. The local media
D. Medical providerscorrect
View answer
Correct Answer: D
Question #2
SCENARIO Please use the following to answer the next QUESTION: Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer’s privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships. Although Chery
A. It will help employees stay better organized
B. It will help the company meet a federal mandate
C. It will increase the security of customers’ personal information (PI)correct
D. It will prevent the company from collecting too much personal information (PI)
View answer
Correct Answer: C
Question #3
Which of the following federal agencies does NOT enforce the Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA)?
A. The Office of the Comptroller of the Currency
B. The Consumer Financial Protection Bureau
C. The Department of Health and Human Servicescorrect
D. The Federal Trade Commission
View answer
Correct Answer: C
Question #4
The Cable Communications Policy Act of 1984 requires which activity?
A. Delivery of an annual notice detailing how subscriber information is to be usedcorrect
B. Destruction of personal information a maximum of six months after it is no longer needed
C. Notice to subscribers of any investigation involving unauthorized reception of cable services
D. Obtaining subscriber consent for disseminating any personal information necessary to render cable services
View answer
Correct Answer: A
Question #5
What is the main purpose of the Global Privacy Enforcement Network?
A. To promote universal cooperation among privacy authoritiescorrect
B. To investigate allegations of privacy violations internationally
C. To protect the interests of privacy consumer groups worldwide
D. To arbitrate disputes between countries over jurisdiction for privacy laws
View answer
Correct Answer: A
Question #6
More than half of U.S. states require telemarketers to?
A. Identify themselves at the beginning of a callcorrect
B. Obtain written consent from potential customers
C. Register with the state before conducting business
D. Provide written contracts for customer transactionscorrect
View answer
Correct Answer: AD
Question #7
Which of the following best describes what a “private right of action” is?
A. The right of individuals to keep their information private
B. The right of individuals to submit a request to access their information
C. The right of individuals harmed by data processing to have their information deleted
D. The right of individuals harmed by a violation of a law to file a lawsuit against the violation
View answer
Correct Answer: AD
Question #8
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer data. Which was NOT one of these principles?
A. Simplifying consumer choice
B. Enhancing security measures
C. Practicing Privacy by Design
D. Providing greater transparency
View answer
Correct Answer: B
Question #9
SCENARIO Please use the following to answer the next QUESTION: Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse. Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issu
A. By suggesting that Declan look at the hospital’s publicly posted privacy policy
B. By assuring Declan that third parties are prevented from seeing Private Health Information (PHI)
C. By pointing out that contracts are in place to help ensure the observance of minimum security standardscorrect
D. By describing how the billing system is integrated into the hospital’s electronic health records (EHR) system
View answer
Correct Answer: C
Question #10
SCENARIO Please use the following to answer the next QUESTION Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asia. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in
A. Request that the Board sign off in a written document on the choice of cloud provider
B. Ensure that the cloud provider abides by the contractual requirements by conducting an on-site audit
C. Obtain express consent from employees for storing the HR data in the cloud and keep a record of the employee consents
D. Negotiate a Business Associate Agreement with the cloud provider to protect any health-related data employees might share with Filtration Station
View answer
Correct Answer: B
Question #11
Which of the following is NOT one of three broad categories of products offered by data brokers, as identified by the U.S. Federal Trade Commission (FTC)?
A. Research (such as information for understanding consumer trends)
B. Risk mitigation (such as information that may reduce the risk of fraud)
C. Location of individuals (such as identifying an individual from partial information)
D. Marketing (such as appending data to customer information that a marketing company already has)
View answer
Correct Answer: C
Question #12
Sarah lives in San Francisco, California. Based on a dramatic increase in unsolicited commercial emails, Sarah believes that a major social media platform with over 50 million users has collected a lot of personal information about her. The company that runs the platform is based in New York and France. Why is Sarah entitled to ask the social media platform to delete the personal information they have collected about her?
A. Any company with a presence in Europe must comply with the General Data Protection Regulation globally, including in response to data subject deletion requests
B. Under Section 5 of the FTC Act, the Federal Trade Commission has held that refusing to delete an individual’s personal information upon request constitutes an unfair practice
C. The California Consumer Privacy Act entitles Sarah to request deletion of her personal information
D. The New York “Stop Hacks and Improve Electronic Data Security” (SHIELD) Act requires that businesses under New York’s jurisdiction must delete customers’ personal information upon request
View answer
Correct Answer: AC
Question #13
Although an employer may have a strong incentive or legal obligation to monitor employees’ conduct or behavior, some excessive monitoring may be considered an intrusion on employees’ privacy? Which of the following is the strongest example of excessive monitoring by the employer?
A. An employer who installs a video monitor in physical locations, such as a warehouse, to ensure employees are performing tasks in a safe manner and environment
B. An employer who installs data loss prevention software on all employee computers to limit transmission of confidential company information
C. An employer who installs video monitors in physical locations, such as a changing room, to reduce the risk of sexual harassment
D. An employer who records all employee phone calls that involve financial transactions with customers completed over the phone
View answer
Correct Answer: C
Question #14
What was the original purpose of the Foreign Intelligence Surveillance Act?
A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries
B. To further clarify a reasonable expectation of privacy stemming from the Katz v
C. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution
D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect’s home, stemming from the Olmstead v
View answer
Correct Answer: A
Question #15
SCENARIO Please use the following to answer the next QUESTION: A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer’s data handling practices. The complainant accuses the retailer of improperly disclosing her personal data, without consent, to par
A. Reports on recent purchase histories
B. Database schemas held by the retailer
C. Lists of all customers, sorted by countrycorrect
D. Interviews with key marketing personnel
View answer
Correct Answer: C
Question #16
Which authority supervises and enforces laws regarding advertising to children via the Internet?
A. The Office for Civil Rights
B. The Federal Trade Commissioncorrect
C. The Federal Communications Commission
D. The Department of Homeland Security
View answer
Correct Answer: B
Question #17
SCENARIO Please use the following to answer the next QUESTION Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in California. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would
A. Reconsider the plan in favor of a policy of dedicated work devices
B. Adopt the same kind of monitoring policies used for work-issued devices
C. Weigh any productivity benefits of the plan against the risk of privacy issues
D. Make employment decisions based on those willing to consent to the plan in writing
View answer
Correct Answer: D
Question #18
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?
A. Healthcare information clearinghouses
B. Pharmaceutical companiescorrect
C. Healthcare providers
D. Health plans
View answer
Correct Answer: B
Question #19
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?
A. State Attorneys General
B. The Federal Trade Commission
C. The Department of Commerce
D. The Consumer Financial Protection Bureaucorrect
View answer
Correct Answer: D
Question #20
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?
A. Scanning emails sent to and received by studentscorrect
B. Making student education records publicly available
C. Relying on verbal consent for a disclosure of education records
D. Disclosing education records without obtaining required consent
View answer
Correct Answer: A
Question #21
What consumer protection did the Fair and Accurate Credit Transactions Act (FACTA) require?
A. The ability for the consumer to correct inaccurate credit report information
B. The truncation of account numbers on credit card receiptscorrect
C. The right to request removal from e-mail lists
D. Consumer notice when third-party data is used to make an adverse decision
View answer
Correct Answer: B
Question #22
What is the main purpose of requiring marketers to use the Wireless Domain Registry?
A. To access a current list of wireless domain names
B. To prevent unauthorized emails to mobile devicescorrect
C. To acquire authorization to send emails to mobile devices
D. To ensure their emails are sent to actual wireless subscribers
View answer
Correct Answer: B
Question #23
SCENARIO Please use the following to answer the next QUESTION Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years. One potential employer, Arnie’s Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report
A. The rules under the Fair Debt Collection Practices Act
B. The creation of the Consumer Financial Protection Bureau
C. Federal Trade Commission investigations into “unfair and deceptive” acts or practices
D. Investigations of “abusive” acts and practices under the Dodd-Frank Wall Street Reform and Consumer Protection Act
View answer
Correct Answer: D
Question #24
What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?
A. A consent decreecorrect
B. Stare decisis decree
C. A judgment rider
D. Common law judgment
View answer
Correct Answer: A
Question #25
What is the main reason some supporters of the European approach to privacy are skeptical about self-regulation of privacy practices?
A. A large amount of money may have to be sent on improved technology and security
B. Industries may not be strict enough in the creation and enforcement of rulescorrect
C. A new business owner may not understand the regulations
D. Human rights may be disregarded for the sake of privacy
View answer
Correct Answer: B
Question #26
What is the main challenge financial institutions face when managing user preferences?
A. Ensuring they are in compliance with numerous complex state and federal privacy laws
B. Developing a mechanism for opting out that is easy for their consumers to navigate
C. Ensuring that preferences are applied consistently across channels and platformscorrect
D. Determining the legal requirements for sharing preferences with their affiliates
View answer
Correct Answer: C
Question #27
SCENARIO Please use the following to answer the next QUESTION: Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse. Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients’ Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issu
A. By suggesting that Declan look at the hospital’s publicly posted privacy policy
B. By assuring Declan that third parties are prevented from seeing Private Health Information (PHI)
C. By pointing out that contracts are in place to help ensure the observance of minimum security standardscorrect
D. By describing how the billing system is integrated into the hospital’s electronic health records (EHR) system
View answer
Correct Answer: C
Question #28
What is a key way that the Gramm-Leach-Bliley Act (GLBA) prevents unauthorized access into a person’s back account?
A. By requiring immediate public disclosure after a suspected security breach
B. By requiring the amount of customer personal information printed on paper
C. By requiring the financial institutions limit the collection of personal information
D. By restricting the disclosure of customer account numbers by financial institutions
View answer
Correct Answer: D
Question #29
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?
A. Scanning emails sent to and received by studentscorrect
B. Making student education records publicly available
C. Relying on verbal consent for a disclosure of education records
D. Disclosing education records without obtaining required consent
View answer
Correct Answer: A
Question #30
What type of material is exempt from an individual’s right to disclosure under the Privacy Act?
A. Material requires by statute to be maintained and used solely for research purposes
B. Material reporting investigative efforts to prevent unlawful persecution of an individual
C. Material used to determine potential collaboration with foreign governments in negotiation of trade deals
D. Material reporting investigative efforts pertaining to the enforcement of criminal law
View answer
Correct Answer: C

View The Updated IAPP Exam Questions

SPOTO Provides 100% Real IAPP Exam Questions for You to Pass Your IAPP Exam!

Get IAPP Practice Test

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number:


Copyright © 2024. Designer by SPOTO Official Website. All Rights Reserved.