CIPP-US Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :Jun 28, 2026

IAPP CIPP-US Online Questions & Answers

  • Question 101:

    ABC Corp. is a consumer-facing business that uses a number of vendors to help operate its business, such as payment processors, cloud service providers, and an e-commerce platform.

    If ABC Corp. were subject to the California Consumer Privacy Act (CCPA), what would it have to do in order to avoid having its transfer of personal information to vendors be considered a "sale" of personal information?

    A. Register its transfer of personal information with the California Attorney General's office.
    B. Ensure that it does not receive any monetary consideration from the vendors for the personal information.
    C. Enter into a contract with the vendors containing restrictions on what they can do with the personal information.
    D. State in its privacy policy that it will only transfer the personal information to vendors who provide the business with certain services.

  • Question 102:

    Which was NOT one of the five priority areas listed by the Federal Trade Commission in its 2012 report, "Protecting Consumer Privacy in an Era of Rapid Change: Recommendations for Businesses and Policymakers"?

    A. International data transfers
    B. Large platform providers
    C. Promoting enforceable self-regulatory codes
    D. Do Not Track

  • Question 103:

    SCENARIO

    Please use the following to answer the next question:

    A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the

    letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.

    The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal data. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company."

    This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.

    As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.

    Under the GDPR, the complainant's request regarding her personal information is known as what?

    A. Right of Access
    B. Right of Removal
    C. Right of Rectification
    D. Right to Be Forgotten

  • Question 104:

    In what way is the Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act intended to help consumers?

    A. By providing consumers with free spam-filtering software.
    B. By requiring a company to receive an opt-in before sending any advertising e-mails.
    C. By prohibiting companies from sending objectionable content through unsolicited e-mails.
    D. By requiring companies to allow consumers to opt-out of future e-mails.

  • Question 105:

    What are the maximum statutory damages for violations of the Fair Credit Reporting Act (FCRA)?

    A. $500 per violation
    B. $1,000 per violation
    C. $2,000 per violation
    D. $5,000 per violation

  • Question 106:

    What is the main challenge financial institutions face when managing user preferences?

    A. Ensuring they are in compliance with numerous complex state and federal privacy laws
    B. Developing a mechanism for opting out that is easy for their consumers to navigate
    C. Ensuring that preferences are applied consistently across channels and platforms
    D. Determining the legal requirements for sharing preferences with their affiliates

  • Question 107:

    SCENARIO

    Please use the following to answer the next question:

    Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.

    "Doing your homework?" Matt asked hopefully.

    "No," the boy said. "I'm filling out a survey."

    Matt looked over his son's shoulder at his computer screen. "What kind of survey?"

    "It's asking questions about my opinions."

    "Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."

    Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and

    the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.

    To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his

    name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.

    Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and

    he decided it was time to report the incident to the proper authorities.

    Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

    A. Intruding upon the privacy of a family with young children.
    B. Collecting information from a child under the age of thirteen.
    C. Failing to notify of a breach of children's private information.
    D. Disregarding the privacy policy of the children's marketing industry.

  • Question 108:

    Which of these organizations would be required to provide its customers with an annual privacy notice?

    A. The Four Winds Tribal College.
    B. The Golden Gavel Auction House.
    C. The King County Savings and Loan.
    D. The Breezy City Housing Commission.

  • Question 109:

    SCENARIO

    Please use the following to answer the next question:

    You are the privacy manager at a privately-owned U.S. company that produces an increasingly popular tness app called GetFit. After users create an account with their contact information, the app uses a smartphone and a system of

    connected smartwatch sensors to track users when they exercise. It collects information on location when users walk or run outdoors, as well as general health information (such as heart rate) during all exercise sessions. The app also

    collects credit card information for payment of the monthly subscription fee.

    One Friday, the company's security team contacts you about the discovery of malware on their media server. The team assures you that there was no user data on this server and that, in any case, they found the malware before any damage

    could be done.

    However, on Monday morning the security team contacts you again, this time with the information that they have discovered the same malware on the company's payments server. They suspect it likely that users' credit card information was

    taken by the attacker. By Monday evening, the situation has gotten dramatically worse, as the security team has also discovered this malware on the company's database server, an in ltration that gives the attacker access to users' pro le,

    health and location information.

    After coordinating with the security team, you are asked to meet with senior management and advise them on the company's obligations in connection with the incident. The Chief Financial O cer asks, "If we decide to notify all our users of this

    incident, are we obligated to provide any of them with a free credit monitoring offer?" The General Counsel wants to know if providing this notice and offer will help the company avoid liability.

    What answer should be given to the Chief Financial O cer's question?

    A. "No, we do not have to provide a free credit monitoring offer since our breach noti cation obligations under HIPAA supersede state breach noti cation laws."
    B. "No. we do not have to provide a free credit monitoring offer since the impacted information did not include social security numbers."
    C. "Yes, we must include a free credit monitoring offer since this incident involves credit card information."
    D. ''Yes, all breach notices must include a free credit monitoring offer."

  • Question 110:

    Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?

    A. A local nonprofit charity's fundraiser
    B. An online merchant's free shipping offer
    C. A national bank's no-fee checking promotion
    D. A city bus system's frequent rider program

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.