1. Home
  2. IAPP
  3. CIPP-US

Certified Information Privacy Professional/United States (CIPP/US)

Exam Details

  • Exam Code
    :CIPP-US
  • Exam Name
    :Certified Information Privacy Professional/United States (CIPP/US)
  • Certification
    :IAPP Certifications
  • Vendor
    :IAPP
  • Total Questions
    :198 Q&As
  • Last Updated
    :May 09, 2025

IAPP IAPP Certifications CIPP-US Questions & Answers

  • Question 181:

    The "Consumer Privacy Bill of Rights" presented in a 2012 Obama administration report is generally based on?

    A. The 1974 Privacy Act

    B. Common law principles

    C. European Union Directive

    D. Traditional fair information practices

  • Question 182:

    What is a legal document approved by a judge that formalizes an agreement between a governmental agency and an adverse party called?

    A. A consent decree

    B. Stare decisis decree

    C. A judgment rider

    D. Common law judgment

  • Question 183:

    Read this notice:

    Our website uses cookies. Cookies allow us to identify the computer or device you're using to access the site, but they don't identify you personally. For instructions on setting your Web browser to refuse cookies, click here.

    What type of legal choice does not notice provide?

    A. Mandatory

    B. Implied consent

    C. Opt-in

    D. Opt-out

  • Question 184:

    Which authority supervises and enforces laws regarding advertising to children via the Internet?

    A. The Office for Civil Rights

    B. The Federal Trade Commission

    C. The Federal Communications Commission

    D. The Department of Homeland Security

  • Question 185:

    According to Section 5 of the FTC Act, self-regulation primarily involves a company's right to do what?

    A. Determine which bodies will be involved in adjudication

    B. Decide if any enforcement actions are justified

    C. Adhere to its industry's code of conduct

    D. Appeal decisions made against it

  • Question 186:

    Which jurisdiction must courts have in order to hear a particular case?

    A. Subject matter jurisdiction and regulatory jurisdiction

    B. Subject matter jurisdiction and professional jurisdiction

    C. Personal jurisdiction and subject matter jurisdiction

    D. Personal jurisdiction and professional jurisdiction

  • Question 187:

    Once a breach has been de nitively established, which task should be prioritized next?

    A. Involving law enforcement and state Attorneys General.

    B. Determining what was responsible for the breach and neutralizing the threat.

    C. Providing notice to the affected parties so they can take precautionary measures.

    D. Implementing remedial measures and evaluating how to prevent future breaches.

  • Question 188:

    Your company, which sells its products in the United States and the European Union, is seeking to purchase cloud storage from a multinational cloud storage provider. The engineering team at your company wants to set up cloud data centers from the storage provider in both the United States and Germany.

    Which of the following contractual provisions should be included in the contract to ensure the security of the personal data being stored in both data center locations?

    A. An audit provision that allows the cloud storage provider to restrict an independent auditor's access to the premises, documents and personnel involved in the cloud storage provider's processing of the data.

    B. A general authorization provision that allows the cloud storage provider to appoint subcontractors to help provide the cloud storage services.

    C. A purpose limitation provision that requires the data, including personal information, to only be used for the contracted purposes.

    D. A non-solicitation provision prohibiting both companies from seeking to hire employees of the other company.

  • Question 189:

    When designing contact tracing apps in relation to COVID-19 or any other diagnosed virus, all of the following privacy measures should be considered EXCEPT?

    A. Data retention.

    B. Use limitations.

    C. Opt-out choice.

    D. User con dentiality.

  • Question 190:

    Under HIPAA and the HITECH Act, business associates who receive Protected Health Information (PHI) from covered entities must execute Business Associate Agreements and also?

    A. Ensure there is a written agreement with the Department of Health and Human Services.

    B. Provide a SOC 2 audit to support the warranties in the agreements.

    C. Rea rm the terms of the agreements on an annual basis.

    D. Have any subcontractors enter into agreements.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only IAPP exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CIPP-US exam preparations and IAPP certification application, do not hesitate to visit our Vcedump.com to find your solutions here.