• Home
  • Articles
  • Best Quality CIPP-US Exam Questions IAPP Test To Gain Brilliante Result! [Q68-Q92]

Best Quality CIPP-US Exam Questions IAPP Test To Gain Brilliante Result! [Q68-Q92]

Share

Best Quality CIPP-US Exam Questions  IAPP Test To Gain Brilliante Result!

Preparations of CIPP-US Exam 2021 Certified Information Privacy Professional Unlimited 152 Questions

NEW QUESTION 68
In 2012, the White House and the FTC both issued reports advocating a new approach to privacy enforcement that can best be described as what?

  • A. Comprehensive.
  • B. Self-regulatory.
  • C. Harm-based.
  • D. Notice and choice.

Answer: B

 

NEW QUESTION 69
What practice do courts commonly require in order to protect certain personal information on documents, whether paper or electronic, that is involved in litigation?

  • A. Redaction
  • B. Hashing
  • C. Deletion
  • D. Encryption

Answer: A

 

NEW QUESTION 70
Why was the Privacy Protection Act of 1980 drafted?

  • A. To assist in the prosecution of white-collar crimes
  • B. To respond to police searches of newspaper facilities
  • C. To protect individuals from personal privacy invasion by the police
  • D. To assist prosecutors in civil litigation against newspaper companies

Answer: C

 

NEW QUESTION 71
A student has left high school and is attending a public postsecondary institution. Under what condition may a school legally disclose educational records to the parents of the student without consent?

  • A. If the student has applied to transfer to another institution
  • B. If the student is still a dependent for tax purposes
  • C. If the student is in danger of academic suspension
  • D. If the student has not yet turned 18 years of age

Answer: B

Explanation:
Explanation/Reference: https://www2.ed.gov/policy/gen/guid/fpco/pdf/ferpafaq.pdf

 

NEW QUESTION 72
What is the main purpose of the Global Privacy Enforcement Network?

  • A. To promote universal cooperation among privacy authorities
  • B. To arbitrate disputes between countries over jurisdiction for privacy laws
  • C. To protect the interests of privacy consumer groups worldwide
  • D. To investigate allegations of privacy violations internationally

Answer: A

 

NEW QUESTION 73
SCENARIO
Please use the following to answer the next question:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many questions, he was pleased about his new position.
How can the radiology department address Declan's concern about paper waste and still comply with the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. Confirm that patients are given the privacy notice on their first visit
  • B. Post the privacy notice in a prominent location instead
  • C. State the privacy policy to the patient verbally
  • D. Direct patients to the correct area of the hospital website

Answer: D

 

NEW QUESTION 74
SCENARIO
Please use the following to answer the next question:
Cheryl is the sole owner of Fitness Coach, Inc., a medium-sized company that helps individuals realize their physical fitness goals through classes, individual instruction, and access to an extensive indoor gym. She has owned the company for ten years and has always been concerned about protecting customer's privacy while maintaining the highest level of service. She is proud that she has built long-lasting customer relationships.
Although Cheryl and her staff have tried to make privacy protection a priority, the company has no formal privacy policy. So Cheryl hired Janice, a privacy professional, to help her develop one.
After an initial assessment, Janice created a first of a new policy. Cheryl read through the draft and was concerned about the many changes the policy would bring throughout the company. For example, the draft policy stipulates that a customer's personal information can only be held for one year after paying for a service such as a session with personal trainer. It also promises that customer information will not be shared with third parties without the written consent of the customer. The wording of these rules worry Cheryl since stored personal information often helps her company to serve her customers, even if there are long pauses between their visits. In addition, there are some third parties that provide crucial services, such as aerobics instructors who teach classes on a contract basis. Having access to customer files and understanding the fitness levels of their students helps instructors to organize their classes.
Janice understood Cheryl's concerns and was already formulating some ideas for revision. She tried to put Cheryl at ease by pointing out that customer data can still be kept, but that it should be classified according to levels of sensitivity. However, Cheryl was skeptical. It seemed that classifying data and treating each type differently would cause undue difficulties in the company's day-to-day operations. Cheryl wants one simple data storage and access system that any employee can access if needed.
Even though the privacy policy was only a draft, she was beginning to see that changes within her company were going to be necessary. She told Janice that she would be more comfortable with implementing the new policy gradually over a period of several months, one department at a time. She was also interested in a layered approach by creating documents listing applicable parts of the new policy for each department.
What is the best reason for Cheryl to follow Janice's suggestion about classifying customer data?

  • A. It will help the company meet a federal mandate
  • B. It will increase the security of customers' personal information (PI)
  • C. It will help employees stay better organized
  • D. It will prevent the company from collecting too much personal information (PI)

Answer: B

Explanation:
Explanation/Reference: https://eits.uga.edu/access_and_security/infosec/pols_regs/policies/dcps/

 

NEW QUESTION 75
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?

  • A. The Federal Trade Commission
  • B. State Attorneys General
  • C. The Department of Commerce
  • D. The Consumer Financial Protection Bureau

Answer: D

Explanation:
Explanation/Reference: https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003

 

NEW QUESTION 76
In 2014, Google was alleged to have violated the Family Educational Rights and Privacy Act (FERPA) through its Apps for Education suite of tools. For what specific practice did students sue the company?

  • A. Making student education records publicly available
  • B. Disclosing education records without obtaining required consent
  • C. Scanning emails sent to and received by students
  • D. Relying on verbal consent for a disclosure of education records

Answer: C

Explanation:
Explanation/Reference: https://www.edweek.org/ew/articles/2014/03/13/26google.h33.html

 

NEW QUESTION 77
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
"most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

  • A. New York
  • B. Maine
  • C. California
  • D. Florida

Answer: D

Explanation:
Explanation/Reference: https://www.itgovernanceusa.com/data-breach-notification-laws

 

NEW QUESTION 78
SCENARIO
Please use the following to answer the next QUESTION
Felicia has spent much of her adult life overseas, and has just recently returned to the U.S. to help her friend Celeste open a jewelry store in Californi a. Felicia, despite being excited at the prospect, has a number of security concerns, and has only grudgingly accepted the need to hire other employees. In order to guard against the loss of valuable merchandise, Felicia wants to carefully screen applicants. With their permission, Felicia would like to run credit checks, administer polygraph tests, and scrutinize videos of interviews. She intends to read applicants' postings on social media, ask Question:s about drug addiction, and solicit character references. Felicia believes that if potential employees are serious about becoming part of a dynamic new business, they will readily agree to these requirements.
Felicia is also in favor of strict employee oversight. In addition to protecting the inventory, she wants to prevent mistakes during transactions, which will require video monitoring. She also wants to regularly check the company vehicle's GPS for locations visited by employees. She also believes that employees who use their own devices for work-related purposes should agree to a certain amount of supervision.
Given her high standards, Felicia is skeptical about the proposed location of the store. She has been told that many types of background checks are not allowed under California law. Her friend Celeste thinks these worries are unfounded, as long as applicants verbally agree to the checks and are offered access to the results. Nor does Celeste share Felicia's concern about state breach notification laws, which, she claims, would be costly to implement even on a minor scale. Celeste believes that even if the business grows a customer database of a few thousand, it's unlikely that a state agency would hassle an honest business if an accidental security incident were to occur.
In any case, Celeste feels that all they need is common sense - like remembering to tear up sensitive documents before throwing them in the recycling bin. Felicia hopes that she's right, and that all of her concerns will be put to rest next month when their new business consultant (who is also a privacy professional) arrives from North Carolina.
Which law will be most relevant to Felicia's plan to ask applicants about drug addiction?

  • A. The Occupational Safety and Health Act (OSHA).
  • B. The Genetic Information Nondiscrimination Act of 2008.
  • C. The Health Insurance Portability and Accountability Act (HIPAA).
  • D. The Americans with Disabilities Act (ADA).

Answer: D

 

NEW QUESTION 79
SCENARIO
Please use the following to answer the next question:
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A. HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B. As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires CloudHealth to implement security measures, including industry standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract, and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals - ones that exposed the PHI of public figures including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI, and that he has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
What is the most significant reason that the U.S. Department of Health and Human Services (HHS) might impose a penalty on HealthCo?

  • A. Because HealthCo did not require CloudHealth to implement appropriate physical and administrative measures to safeguard the ePHI
  • B. Because HealthCo did not conduct due diligence to verify or monitor CloudHealth's security measures
  • C. Because HIPAA requires the imposition of a fine if a data breach of this magnitude has occurred
  • D. Because CloudHealth violated its contract with HealthCo by not encrypting the ePHI

Answer: B

 

NEW QUESTION 80
Under state breach notification laws, which is NOT typically included in the definition of personal information?

  • A. Medical Information
  • B. Social Security number
  • C. First and last name
  • D. State identification number

Answer: A

 

NEW QUESTION 81
Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?

  • A. A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll
  • B. A K-12 assessment vendor obtains a student's signed essay about her hometown from her school to use as an exemplar for public release
  • C. University police provide an arrest report to a student's hometown police, who suspect him of a similar crime
  • D. A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors

Answer: B

 

NEW QUESTION 82
Which of the following is an example of federal preemption?

  • A. The California Consumer Privacy Act (CCPA) regulating businesses that have no physical brick-and-mortal presence in California, but which do business there.
  • B. The U.S. Federal Trade Commission's (FTC) ability to enforce against unfair and deceptive trade practices across sectors and industries.
  • C. The Payment Card Industry's (PCI) ability to self-regulate and enforce data security standards for payment card data.
  • D. The U.S. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act prohibiting states from passing laws that impose greater obligations on senders of email marketing.

Answer: B

 

NEW QUESTION 83
How did the Fair and Accurate Credit Transactions Act (FACTA) amend the Fair Credit Reporting Act (FCRA)?

  • A. It increased the obligation of organizations to dispose of consumer data in ways that prevent unauthorized access
  • B. It required employers to get an employee's consent in advance of requesting a consumer report for internal investigation purposes Section: (none) Explanation
  • C. It stipulated the purpose of obtaining a consumer report can only be for a review of the employee's credit worthiness
  • D. It expanded the definition of "consumer reports" to include communications relating to employee investigations

Answer: A

 

NEW QUESTION 84
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills - all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?

  • A. The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).
  • B. The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).
  • C. The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).
  • D. The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).

Answer: B

 

NEW QUESTION 85
Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?

  • A. The consent must be in writing, must contain the number to which calls can be made and must be signed
  • B. The consent must be in writing, must have an end data and must state the times when calls can be made
  • C. The consent must be in writing, must contain the number to which calls can be made and must have an end date
  • D. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed

Answer: C

 

NEW QUESTION 86
What is the main purpose of requiring marketers to use the Wireless Domain Registry?

  • A. To access a current list of wireless domain names
  • B. To acquire authorization to send emails to mobile devices
  • C. To ensure their emails are sent to actual wireless subscribers
  • D. To prevent unauthorized emails to mobile devices

Answer: D

 

NEW QUESTION 87
Which action is prohibited under the Electronic Communications Privacy Act of 1986?

  • A. Accessing stored communications with the consent of the sender or recipient of the message
  • B. Monitoring employee telephone calls of a personal nature
  • C. Intercepting electronic communications and unauthorized access to stored communications
  • D. Monitoring all employee telephone calls

Answer: C

 

NEW QUESTION 88
Which authority supervises and enforces laws regarding advertising to children via the Internet?

  • A. The Office for Civil Rights
  • B. The Department of Homeland Security
  • C. The Federal Trade Commission
  • D. The Federal Communications Commission

Answer: C

 

NEW QUESTION 89
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. SCA
  • B. ECPA
  • C. CALEA
  • D. USA Freedom Act

Answer: C

Explanation:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283

 

NEW QUESTION 90
The FTC often negotiates consent decrees with companies found to be in violation of privacy principles. How does this benefit both parties involved?

  • A. It simplifies the audit requirements.
  • B. It avoids potentially harmful publicity.
  • C. It spares the expense of going to trial.
  • D. It standardizes the amount of fines.

Answer: B

 

NEW QUESTION 91
More than half of U.S. states require telemarketers to?

  • A. Register with the state before conducting business
  • B. Provide written contracts for customer transactions
  • C. Obtain written consent from potential customers
  • D. Identify themselves at the beginning of a call

Answer: B

 

NEW QUESTION 92
......

Focus on CIPP-US All-in-One Exam Guide For Quick Preparation: https://www.realvce.com/CIPP-US_free-dumps.html

CIPP-US All-in-One Exam Guide For Quick Preparation: https://drive.google.com/open?id=124PlGZrsioLqguvijbqaXg2bg8FZKBfq

Related Articles

more
IAPP CIPP-US Certification Practice Exam

Our premium VCE file helps you pass exam 100% for sure. We serve every customer heart and soul. We guarantee No Helpful Full Refund.

Latest Real Exam VCE

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 RealVCE NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy