CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :

IAPP CIPP-US Online Questions & Answers

  • Question 1:

    Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

    A. Implied consent from a minor's parent or guardian, or affirmative consent from the minor.
    B. Affirmative consent from a minor's parent or guardian before collecting the minor's personal information online.
    C. Implied consent from a minor's parent or guardian before collecting a minor's personal information online, such as when they permit the minor to use the internet.
    D. Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

  • Question 2:

    Which jurisdiction must courts have in order to hear a particular case?

    A. Subject matter jurisdiction and regulatory jurisdiction
    B. Subject matter jurisdiction and professional jurisdiction
    C. Personal jurisdiction and subject matter jurisdiction
    D. Personal jurisdiction and professional jurisdiction

  • Question 3:

    What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

    A. Describing the policy changes on its website.
    B. Obtaining affirmative consent from its customers.
    C. Publicizing the policy changes through social media.
    D. Reassuring customers of the security of their information.

  • Question 4:

    If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

    A. The organization will still be in compliance with most sector-specific privacy and security laws.
    B. The impact of an organizational data breach will be more severe than if the data had been segregated.
    C. Temporary employees will be able to find the data necessary to fulfill their responsibilities.
    D. The organization will be able to address legal discovery requests efficiently without producing more information than necessary.

  • Question 5:

    Which of the following is NOT a principle found in the APEC Privacy Framework?

    A. Integrity of Personal Information.
    B. Access and Correction.
    C. Preventing Harm.
    D. Privacy by Design.

  • Question 6:

    A nancial services company install "bossware" software on its employees' remote computers to monitor performance. The software logs screenshots, mouse movements, and keystrokes to determine whether an employee is being productive. The software can also enable the computer webcams to record video footage.

    Which of the following would best support an employee claim for an intrusion upon seclusion tort?

    A. The webcam is enabled to record video any time the computer is turned on.
    B. The company creates and saves a biometric template for each employee based upon keystroke dynamics.
    C. The software automatically sends a noti cation to a supervisor any time the employee's mouse is dormant for more than ve minutes.
    D. The webcam records video of an employee using a company laptop to perform personal business while at a coffee shop during work hours.

  • Question 7:

    Under the Fair Credit Reporting Act (FCRA), what must a person who is denied employment based upon his credit history receive?

    A. A prompt notification from the employer.
    B. An opportunity to reapply with the employer.
    C. Information from several consumer reporting agencies (CRAs).
    D. A list of rights from the Consumer Financial Protection Bureau (CFPB).

  • Question 8:

    Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

    A. A bill of rights for individuals seeking access to their personal information.
    B. A code of responsibilities for medical establishments to uphold privacy laws.
    C. An international court ruling on personal information held in the commercial sector.
    D. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.

  • Question 9:

    Which of the following became the first state to pass a law specifically regulating the collection of biometric data?

    A. California.
    B. Texas.
    C. Illinois.
    D. Washington.

  • Question 10:

    SCENARIO

    Please use the following to answer the next question:

    You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also collects credit card information for payment of the monthly subscription fee.

    One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage could be done.

    However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le, health and location information.

    After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.

    Based on the information the security team provides on Monday morning, what is the company's noti cation obligation?

    A. The company does not need to notify anyone since secure credit card information is not subject to breach noti cation laws.
    B. The company does not need to notify anyone since the security team is not completely certain the attacker actually took the credit card information.
    C. The company must notify its bank and the card brands under its PCI obligations, and potentially provide notice to individuals and state authorities. depending on state law.
    D. The company must report the incident to the U.S. Secret Service since the incident involves nancial information, followed by notice to individuals and some state authorities.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.