1. Home
  2. IAPP
  3. CIPP-US

IAPP CIPP-US Online Practice Questions and Exam Preparation

CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :Jan 14, 2026

IAPP CIPP-US Online Questions & Answers

  • Question 1:

    The California Privacy Rights Act (CPRA) expands upon a number of topics previously introduced in the California Consumer Privacy Act (CCPA).

    Which of the following was already part of the CCPA?

    A. Risk assessments.
    B. Cybersecurity audits.
    C. Private right of action.
    D. Automated decision-making.

  • Question 2:

    Which of the following privacy rights is NOT available under the Colorado Privacy Act?

    A. The right to access sensitive data.
    B. The right to correct sensitive data.
    C. The right to delete sensitive data.
    D. The right to limit the use of sensitive data.

  • Question 3:

    SuperMart is a large Nevada-based business that has recently determined it sells what constitutes "covered information" under Nevada's privacy law, Senate Bill 260. Which of the following privacy compliance steps would best help SuperMart comply with the law?

    A. Providing a mechanism for consumers to opt out of sales.
    B. Implementing internal protocols for handling access and deletion requests.
    C. Preparing a notice of nancial incentive for any loyalty programs offered to its customers.
    D. Reviewing its vendor contracts to ensure that the vendors are subject to service provider restrictions.

  • Question 4:

    Which of the following conditions would NOT be su cient to excuse an entity from providing breach noti cation under state law?

    A. If the data involved was encrypted.
    B. If the data involved was accessed but not exported.
    C. If the entity was subject to the GLBA Safeguards Rule.
    D. If the entity followed internal noti cation procedures compatible with state law.

  • Question 5:

    The CFO of a pharmaceutical company is duped by a phishing email and discloses many of the company's employee personnel les to an online predator. The les include employee contact information, job applications, performance reviews, discipline records, and job descriptions.

    Which of the following state laws would be an affected employee's best recourse against the employer?

    A. The state social security number con dentiality statute.
    B. The state personnel record review statute.
    C. The state data destruction statute.
    D. The state UDAP statute.

  • Question 6:

    As a result of the Schrems II decision and CJEU opinion, what would the preferred course of action be if a Section 702 disclosure related to a foreign entity is required?

    A. Ensure that the most recent SCC from the European Commission is being executed as a valid method of adequacy.
    B. Provide 30 days notice to affected parties to allow the opportunity for ling a motion to quash with the court.
    C. Seek redress from the court pursuing a protective order, since the consumer is unable to le a motion to quash.
    D. Seek the advice of outside counsel and conduct a transfer impact assessment.

  • Question 7:

    Under the Driver's Privacy Protection Act (DPPA), which of the following parties would require consent of an individual in order to obtain his or her Department of Motor Vehicle information?

    A. Law enforcement agencies performing investigations.
    B. Insurance companies needing to investigate claims.
    C. Attorneys gathering information related to lawsuits.
    D. Marketers wishing to distribute bulk materials.

  • Question 8:

    Which of the following practices is NOT a key component of a data ethics framework?

    A. Automated decision-making.
    B. Preferability testing.
    C. Data governance.
    D. Auditing.

  • Question 9:

    Under HIPAA and the HITECH Act, business associates who receive Protected Health Information (PHI) from covered entities must execute Business Associate Agreements and also?

    A. Ensure there is a written agreement with the Department of Health and Human Services.
    B. Provide a SOC 2 audit to support the warranties in the agreements.
    C. Rea rm the terms of the agreements on an annual basis.
    D. Have any subcontractors enter into agreements.

  • Question 10:

    When designing contact tracing apps in relation to COVID-19 or any other diagnosed virus, all of the following privacy measures should be considered EXCEPT?

    A. Data retention.
    B. Use limitations.
    C. Opt-out choice.
    D. User con dentiality.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.