[Q15-Q33] CIPP-US Practice IAPP Verified Answers - Pass Your Exams For Sure! [2021]

Share

CIPP-US Practice IAPP Verified Answers - Pass Your Exams For Sure! [2021]

Valid Way To Pass Certified Information Privacy Professional's  CIPP-US Exam


Prerequisites

Commonly, candidates do not have specific conditions to meet before they sit for the CIPP-US exam. However, one needs to have a basic understanding of data protection policies and concepts in the country. If a candidate does not have prior experience in the industry that will have exposed them to the concepts and skills tested, they should study the Body of Knowledge for this certificate, the certification handbook, as well as the exam outline.

 

NEW QUESTION 15
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?

  • A. Being more closely scrutinized for any breaches of policy
  • B. Getting accused of discriminatory practices
  • C. Having a security system failure
  • D. Attracting skepticism from auditors

Answer: A

 

NEW QUESTION 16
Within what time period must a commercial message sender remove a recipient's address once they have asked to stop receiving future e-mail?

  • A. 7 days
  • B. 21 days
  • C. 10 days
  • D. 15 days

Answer: C

 

NEW QUESTION 17
SCENARIO
Please use the following to answer the next QUESTION:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions."
"Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
How could the marketer have best changed its privacy management program to meet COPPA "Safe Harbor" requirements?

  • A. By making a COPPA privacy notice available on website
  • B. By participating in an approved self-regulatory program
  • C. By regularly assessing the security risks to consumer privacy
  • D. By receiving FTC approval for the content of its emails

Answer: D

 

NEW QUESTION 18
A student has left high school and is attending a public postsecondary institution. Under what condition may a school legally disclose educational records to the parents of the student without consent?

  • A. If the student has not yet turned 18 years of age
  • B. If the student has applied to transfer to another institution
  • C. If the student is in danger of academic suspension
  • D. If the student is still a dependent for tax purposes

Answer: D

 

NEW QUESTION 19
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John's personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.
Which of the following answers most accurately reflects John's ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?

  • A. John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.
  • B. John cannot sue the corporation for the data breach because only the state's Attoney General has authority to file suit under the CCPA.
  • C. John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.
  • D. John has no right to sue the corporation because the CCPA does not address any data breach rights.

Answer: C

 

NEW QUESTION 20
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?

  • A. Making student education records publicly available
  • B. Scanning emails sent to and received by students
  • C. Disclosing education records without obtaining required consent
  • D. Relying on verbal consent for a disclosure of education records

Answer: B

Explanation:
Explanation/Reference: https://www.edweek.org/ew/articles/2014/03/13/26google.h33.html

 

NEW QUESTION 21
Which of these organizations would be required to provide its customers with an annual privacy notice?

  • A. The Breezy City Housing Commission.
  • B. The King County Savings and Loan.
  • C. The Four Winds Tribal College.
  • D. The Golden Gavel Auction House.

Answer: D

 

NEW QUESTION 22
In which situation is a company operating under the assumption of implied consent?

  • A. An employer contacts the professional references provided on an applicant's resume
  • B. A landlord uses the information on a completed rental application to run a credit report
  • C. An online retailer subscribes new customers to an e-mail list by default
  • D. A retail clerk asks a customer to provide a zip code at the check-out counter

Answer: A

 

NEW QUESTION 23
Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?

  • A. A city bus system's frequent rider program
  • B. An online merchant's free shipping offer
  • C. A national bank's no-fee checking promotion
  • D. A local nonprofit charity's fundraiser

Answer: B

 

NEW QUESTION 24
SCENARIO
Please use the following to answer the next question:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many questions, he was pleased about his new position.
How can the radiology department address Declan's concern about paper waste and still comply with the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. Direct patients to the correct area of the hospital website
  • B. Confirm that patients are given the privacy notice on their first visit
  • C. Post the privacy notice in a prominent location instead
  • D. State the privacy policy to the patient verbally

Answer: A

 

NEW QUESTION 25
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the "most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

  • A. Maine
  • B. California
  • C. New York
  • D. Florida

Answer: D

 

NEW QUESTION 26
The Video Privacy Protection Act of 1988 restricted which of the following?

  • A. Which purchase records of audio visual materials may be disclosed
  • B. When downloading of copyrighted audio visual materials is allowed
  • C. When a user's viewing of online video content can be monitored
  • D. Who advertisements for videos and video games may target

Answer: A

 

NEW QUESTION 27
A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?

  • A. The vendor's employee training program
  • B. The vendor's financial health
  • C. The vendor's reputation
  • D. The vendor's employee retention rates

Answer: B

 

NEW QUESTION 28
In which situation would a policy of "no consumer choice" or "no option" be expected?

  • A. When a job applicant's credit report is provided to an employer
  • B. When a customer's financial information is requested by the government
  • C. When a customer's street address is shared with a shipping company
  • D. When a patient's health record is made available to a pharmaceutical company

Answer: C

 

NEW QUESTION 29
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

  • A. The impact of an organizational data breach will be more severe than if the data had been segregated.
  • B. Temporary employees will be able to find the data necessary to fulfill their responsibilities.
  • C. The organization will still be in compliance with most sector-specific privacy and security laws.
  • D. The organization will be able to address legal discovery requests efficiently without producing more information than necessary.

Answer: D

 

NEW QUESTION 30
What privacy concept grants a consumer the right to view and correct errors on his or her credit report?

  • A. Notice.
  • B. Choice.
  • C. Access.
  • D. Action.

Answer: A

 

NEW QUESTION 31
Even when dealing with an organization subject to the CCPA, California residents are NOT legally entitled to request that the organization do what?

  • A. Delete their personal information.
  • B. Correct their personal information.
  • C. Disclose their personal information to them.
  • D. Refrain from selling their personal information to third parties.

Answer: B

 

NEW QUESTION 32
Which of the following is NOT a principle found in the APEC Privacy Framework?

  • A. Preventing Harm.
  • B. Access and Correction.
  • C. Privacy by Design.
  • D. Integrity of Personal Information.

Answer: C

Explanation:
Explanation/Reference: https://www.google.com/url?
sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiqtJX4tPHvAhUQG-
wKHUoGBgkQFjAHegQIBRAD&url=https%3A%2F%2Fwww.apec.org%2F-%2Fmedia%2FAPEC%
2FPublications%2F2016%2F11%2F2016-CTI-Report-to-Ministers%2FTOC%2FAppendix-17-Updates-to-the- APEC-Privacy-Framework.pdf&usg=AOvVaw1Yysi4Ym_1VaCw1VZiB70a

 

NEW QUESTION 33
......


The IAPP CIPP-US exam is a measure of how well a specialist is conversant with data protection laws in the US. The associated certification called the CIPP-US stands for the Certified Information Privacy Professional-US. It has accreditation from ANSI/ISO and is continually updated to ensure that the candidate only gets tested for the most current concepts in the industry. The questions in the official exam assess varying areas of the US data protection policies and a candidate needs to know how to apply and manage them in their daily work.

 

IAPP CIPP-US Pre-Exam Practice Tests | ValidTorrent: https://www.validtorrent.com/CIPP-US-valid-exam-torrent.html

CIPP-US practice test questions, answers, explanations: https://drive.google.com/open?id=1MN3K1ntN1kXA9CYPthCDY6ou8_b5XskV