DON'T WANT TO MISS A THING?

Certification Exam Passing Tips

Latest exam news and discount info

Curated and up-to-date by our experts

Yes, send me the newsletter

Pass the IAPP CIPP Exam Easily with Updated Practice Questions

I highly recommend SPOTO's IAPP CIPP practice questions for candidates preparing for the exam. These practice tests are incredibly effective in helping candidates pass successfully. SPOTO's focus on exam questions and answers ensures thorough preparation, as their mock exams closely resemble the actual test format and content. These practice questions are invaluable exam resources that significantly enhance exam preparation. With SPOTO's comprehensive study materials and practice questions, candidates can approach the exam with confidence, knowing they have covered all necessary topics. Don't underestimate the power of practice tests in your exam readiness; choose SPOTO for a comprehensive and successful exam preparation experience in becoming a Certified Information Privacy Professional.
Take other online exams

Question #1
A company is located in a country NOT considered by the European Union (EU) to have an adequate level of data protection. Which of the following is an obligation of the company if it imports personal data from another organization in the European Economic Area (EEA) under standard contractual clauses?
A. Submit the contract to its own government authority
B. Ensure that notice is given to and consent is obtained from data subjects
C. Supply any information requested by a data protection authority (DPA) within 30 days
D. Ensure that local laws do not impede the company from meeting its contractual obligations
View answer
Correct Answer: D
Question #2
SCENARIO -Please use the following to answer the next question:Javier is a member of the fitness club EVERFIT. This company has branches in many EU member states, but for the purposes of the GDPR maintains its primary establishment in France. Javier lives in Newry, Northern Ireland (part of the U.K.), and commutes across the border to work in Dundalk, Ireland. Two years ago while on a business trip, Javier was photographed while working out at a branch of EVERFIT in Frankfurt, Germany. At the time, Javier g
A. He will have to sue the EVETFIT’s head office in France, where EVETFIT has its main establishment
B. He will be able to sue any one of the relevant EVETFIT branches, as each one may be held liable for the entire damage
C. He will have to sue each EVETFIT branch so that each branch provides proportionate compensation commensurate with its contribution to the damage or distress suffered by Javier
D. He will be able to apply to the European Data Protection Board in order to determine which particular EVETFIT branch is liable for damages, based on the decision that was made by the board
View answer
Correct Answer: C
Question #3
An unforeseen power outage results in company Z’s lack of access to customer data for six hours. According to article 32 of the GDPR, this is considered a breach. Based on the WP 29’s February, 2018 guidance, company Z should do which of the following?
A. Notify affected individuals that their data was unavailable for a period of time
B. Document the loss of availability to demonstrate accountability
C. Notify the supervisory authority about the loss of availability
D. Conduct a thorough audit of all security systems
View answer
Correct Answer: C
Question #4
Which of the following countries will continue to enjoy adequacy status under the GDPR, pending any future European Commission decision to the contrary?
A. Argentina
B. Mexico
C. Taiwan
D. Korea
View answer
Correct Answer: A
Question #5
What was the original purpose of the Foreign Intelligence Surveillance Act?
A. To further define what information can reasonably be under surveillance in public places under the USA PATRIOT Act, such as Internet access in public libraries
B. To further clarify a reasonable expectation of privacy stemming from the Katz v
C. To further define a framework for authorizing wiretaps by the executive branch for national security purposes under Article II of the Constitution
D. To further clarify when a warrant is not required for a wiretap performed internally by the telephone company outside the suspect’s home, stemming from the Olmstead v
View answer
Correct Answer: A
Question #6
Although the right to privacy is not explicitly granted in the Indian Constitution, privacy advocates frequently cite Article 21's guarantee of?
A. Personal liberty
B. Right to property
C. Equality before the law
D. Freedom from intrusion
View answer
Correct Answer: A
Question #7
The GDPR specifies fines that may be levied against data controllers for certain infringements. Which of the following infringements would be subject to the less severe administrative fine of up to 10 million euros (or in the case of an undertaking, up to 2% of the total worldwide annual turnover of the preceding financial year)?
A. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for processing
B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default
C. Failure to process personal information in a manner compatible with its original purpose
D. Failure to provide the means for a data subject to rectify inaccuracies in personal data
View answer
Correct Answer: B
Question #8
What was the basis for the "TrustSg" mark, which was designed to build confidence in e-commerce transactions before the PDPA was enacted?
A. The Fair Information Practice Principles
B. The Model Data Protection Code
C. The Electronic Transactions Act
D. The 1995 European Directive
View answer
Correct Answer: B
Question #9
Which of the following types of information would an organization generally NOT be required to disclose to law enforcement?
A. Information about medication errors under the Food, Drug and Cosmetic Act
B. Money laundering information under the Bank Secrecy Act of 1970
C. Information about workplace injuries under OSHA requirements
D. Personal health information under the HIPAA Privacy Rule
View answer
Correct Answer: D
Question #10
What is an exception to the Electronic Communications Privacy Act of 1986 ban on interception of wire, oral and electronic communications?
A. Where one of the parties has given consent
B. Where state law permits such interception
C. If an organization intercepts an employee’s purely personal call
D. Only if all parties have given consent
View answer
Correct Answer: C
Question #11
Which area of privacy is a lead supervisory authority’s (LSA) MAIN concern?
A. Data subject rights
B. Data access disputes
C. Cross-border processing
D. Special categories of data
View answer
Correct Answer: C
Question #12
A company is hesitating between Binding Corporate Rules and Standard Contractual Clauses as a global data transfer solution. Which of the following statements would help the company make an effective decision?
A. Binding Corporate Rules are especially recommended for small and medium companies
B. The data exporter does not need to be located in the EU for the standard Contractual Clauses
C. Binding Corporate Rules provide a global solution for all the entities of a company that are bound by the intra-group agreement
D. The company will need the prior authorization of all EU data protection authorities for concluding Standard Contractual Clauses
View answer
Correct Answer: C
Question #13
What practice do courts commonly require in order to protect certain personal information on documents, whether paper or electronic, that is involved in litigation?
A. Redaction
B. Encryption
C. Deletion
D. Hashing
View answer
Correct Answer: A
Question #14
In enforcement cases, what is Singapore's Personal Data Protection Commission (PDPC) obligated to do?
A. Publish the decisions it makes regarding complaints
B. Provide the complainant with a way to appeal a decision
C. Publish the name of an organization named in a complaint
D. Intervene in civil actions to provide assistance to complainants
View answer
Correct Answer: B
Question #15
If a multi-national company wanted to conduct background checks on all current and potential employees, including those based in Europe, what key provision would the company have to follow?
A. Background checks on employees could be performed only under prior notice to all employees
B. Background checks are only authorized with prior notice and express consent from all employees including those based in Europe
C. Background checks on European employees will stem from data protection and employment law, which can vary between member states
D. Background checks may not be allowed on European employees, but the company can create lists based on its legitimate interests, identifying individuals who are ineligible for employment
View answer
Correct Answer: C
Question #16
Protection of which kind of personal information is NOT explicitly mentioned in the privacy laws of Hong Kong, Singapore, and India?
A. Sensitive data
B. Children's data
C. Outsourced data
D. Extraterritorial data
View answer
Correct Answer: B
Question #17
Under Article 58 of the GDPR, which of the following describes a power of supervisory authorities in European Union (EU) member states?
A. The ability to enact new laws by executive order
B. The right to access data for investigative purposes
C. The discretion to carry out goals of elected officials within the member state
D. The authority to select penalties when a controller is found guilty in a court of law
View answer
Correct Answer: B
Question #18
What do the Civil Rights Act, Pregnancy Discrimination Act, Americans with Disabilities Act, Age Discrimination Act, and Equal Pay Act all have in common?
A. They require employers not to discriminate against certain classes when employees use personal information
B. They require that employers provide reasonable accommodations to certain classes of employees
C. They afford certain classes of employees’ privacy protection by limiting inquiries concerning their personal information
D. They permit employers to use or disclose personal information specifically about employees who are members of certain classes
View answer
Correct Answer: A
Question #19
Which of the following is NOT excluded from the scope of Singapore's Do Not Call registry?
A. Messages that promote investment opportunities
B. Messages that conduct market research
C. Messages from charitable organizations
D. Messages from political candidates
View answer
Correct Answer: B
Question #20
SCENARIO -Please use the following to answer the next question:Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state’s Do Not Call list, as well as the people on it. “If they were really serious about not being bothered,” Evan said, “They’d be on the national DNC list. That’s the only one we’re required to follow. At SunriseLynx, we call until they ask us not to.”Bizarrely, Ev
A. The conditions under which recipients can opt out
B. The wishes of recipients who request callbacks
C. The right to monitor calls for quality assurance
D. The relationship of state law to federal law
View answer
Correct Answer: B
Question #21
A law enforcement agency subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?
A. SCA
B. ECPA
C. CALEA
D. USA FREEDOM Act
View answer
Correct Answer: C
Question #22
Under the GDPR, which of the following is true in regard to adequacy decisions involving cross-border transfers?
A. The European Commission can adopt an adequacy decision for individual companies
B. The European Commission can adopt, repeal or amend an existing adequacy decision
C. EU member states are vested with the power to accept or reject a European Commission adequacy decision
D. To be considered as adequate, third countries must implement the EU General Data Protection Regulation into their national legislation
View answer
Correct Answer: B

View Answers after Submission

Please submit your email and WhatsApp to get the answers of questions.

Note: Please make sure your email ID and Whatsapp are valid so that you can get the correct exam results.

Email:
Whatsapp/phone number: