CIPP/US Certification Exam Prep Test

266 Questions | Total Attempts: 38

SettingsSettingsSettings
Certification Quizzes & Trivia

Questions and Answers
  • 1. 
    Which is the best description of the U.S. legal concept of "preemption"?
    • A. 

      States are prevented by federal law from passing any laws that regulate financial privacy.

    • B. 

      The superior government has the right to supersede the lesser government’s laws. The lesser government cannot pass a law that is inconsistent with the superior government’s law.

    • C. 

      State laws supersede federal law in certain areas such as marketing.

    • D. 

      The EU General Data Protection Regulation (GDPR) takes precedence over U.S. law, federal or state.

  • 2. 
    What is one reason consent decrees are posted publicly on the FTC website?
    • A. 

      To announce the amount of civil penalties the FTC levies

    • B. 

      To prove that companies have complied with FTC rulings

    • C. 

      To punish companies that violate FTC rulings

    • D. 

      To provide guidance about what practices the FTC finds inappropriate

  • 3. 
    Which of the following is considered an acceptable method for U.S.-based multinational transportation companies to achieve compliance with the EU General Data Protection Regulation?
    • A. 

      Global consent

    • B. 

      Transparency

    • C. 

      Binding corporate rules

    • D. 

      Disclosure

  • 4. 
    Which statement is true regarding transfers of personal information to locations outside of the U.S.?
    • A. 

      U.S. laws generally do not restrict geographic transfers of personal information.

    • B. 

      U.S. data exporters are not liable for any inappropriate uses of the personal information.

    • C. 

      U.S. data exports are immune from legal enforcement if handled by service providers.

    • D. 

      U.S. laws have "reciprocity" arrangements with most national data protection laws.

  • 5. 
    What is the primary basis of common law?
    • A. 

      Statutes enacted by legislative bodies.

    • B. 

      statutes enacted by legislative bodies.

    • C. 

      Laws guaranteed by the Constitution of the United States of America.

    • D. 

      Regulations that are promulgated by state and federal agencies.

  • 6. 
    What should a U.S.-based organization do before it shares personal information with a U.S.- based third party?
    • A. 

      Convert personal data from opt-out to opt-in

    • B. 

      Have a Standard Model Clause in place

    • C. 

      Assure appropriate privacy terms and conditions are included in a contract with the third party

    • D. 

      Perform a test of the vendor's disaster recovery / business contingency plan

  • 7. 
    What is the role of a U.S.-based software-as-a-service provider that stores employee personal data for a global company headquartered in the U.S. with subsidiaries in the EU?
    • A. 

      Data controller

    • B. 

      Data owner

    • C. 

      data processor

    • D. 

      Data subject

  • 8. 
    Which federal agency has specific statutory responsibility for issues such as children's privacy online and commercial email marketing?
    • A. 

      Securities and Exchange Commission

    • B. 

      Consumer Financial Protection Bureau

    • C. 

      Department of Justice

    • D. 

      Federal Trade Commission

  • 9. 
    Under the Children's Online Privacy Protection Act, which is an accepted means for an organization to validate parental consent when it intends to disclose a child's information to a third party?
    • A. 

      Email a consent form. The parent can provide consent by responding to the email.

    • B. 

      Email a consent form. The parent can provide consent by signing and mailing back the form.

    • C. 

      Request in an email that the parent consent by reply email and also provide email, phonenumber, or fax.

    • D. 

      Email a consent form to the parent allowing 30 days to object to the data disclosure.

  • 10. 
    In addition to the Security Rule, what other rule was promulgated by Health and Human Services and and mandated by the Health Insurance Portability and Accountability Act?
    • A. 

      Operations Rule

    • B. 

      Transaction Rule

    • C. 

      Privacy Rule

    • D. 

      Disclosure Rule

  • 11. 
    Which of the following examples best illustrates the concept of "consumer report" for preemployment screening as defined under the U.S. Fair Credit Reporting Act?
    • A. 

      Library records released by a municipal body

    • B. 

      Driving history obtained from an information aggregator

    • C. 

      Academic records obtained from an accredited university

    • D. 

      Purchase transactions obtained from an online retailer

  • 12. 
    Which of the statements about the requirements for privacy under the U.S. Gramm-Leach-Bliley Act (GLBA) is true?
    • A. 

      Financial institutions can share customer information with non-affiliated third-party companieswithout obtaining an opt-in from the customer.

    • B. 

      GLBA privacy rules are overseen by many regulatory organizations such as the Department of Commerce.

    • C. 

      GLBA retains the legislative power to preempt any financial services laws as currently enforced by U.S. states.

    • D. 

      U.S.-based financial institutions may not share any information with companies that are affiliated with financial institutions.

  • 13. 
    What does the "red flags rule" require of financial institutions?
    • A. 

      They must develop and implement methods of detecting identity theft.

    • B. 

      They must identify who might be a poor credit risk for new mortgages, such as sub-primelending.

    • C. 

      They must determine whether their corporate databases have been breached and reactaccording to data breach regulations.

    • D. 

      They must locate unencrypted transmissions of their customer's financial data.

  • 14. 
    The "Digital Telephony Bill" is another name for which legislation?
    • A. 

      Electronic Communications Privacy Act

    • B. 

      Stored Communications Act

    • C. 

      Telecommunications Act

    • D. 

      U.S. Communications Assistance to Law Enforcement Act

  • 15. 
    Which condition must be met to satisfy the Right to Financial Privacy Act requirements for disclosure of individual records by financial institutions?
    • A. 

      The customer authorizes access.

    • B. 

      There is a qualified search warrant.

    • C. 

      There is an appropriate judicial subpoena.

    • D. 

      The financial records are reasonably described.

  • 16. 
    Which U.S. state requires daily electronic notice in order for an employer to monitor or intercept electronic mail?
    • A. 

      New Hampshire

    • B. 

      Alaska

    • C. 

      Delaware

    • D. 

      Connecticut

  • 17. 
    Under the USA PATRIOT Act and its amendments, which statement is correct concerning National Security Letters (NSL)?
    • A. 

      NSL recipients must fulfill the request, even if compliance is oppressive.

    • B. 

      New restrictions reduced the number of NSLs issued.

    • C. 

      Issuance of an NSL requires judicial authorization.

    • D. 

      An organization receiving an NSL may disclose the request to an attorney for legal assistance.

  • 18. 
    Which investigative tactic requires a probable cause and other requirements, such as exhausting alternative means of acquiring the evidence?
    • A. 

      Telephone wiretap

    • B. 

      Access to store emails

    • C. 

      Pen register order

    • D. 

      traditional search warrant

  • 19. 
    Based on Aerospaciale v. S.D. of Iowa, which is NOT a factor American courts will use to reconcile a conflict between U.S. and foreign law regarding electronic discovery requests?
    • A. 

      Specificity of the request

    • B. 

      Whether the information originated in the U.S.

    • C. 

      Whether counsel for both parties are based in the U.S.

    • D. 

      Availability of alternative means of acquiring the information

  • 20. 
    What changes did the FISA Amendments Act of 2008 make to the original Foreign Intelligence Surveillance Act of 1978?
    • A. 

      Express authorization of foreign intelligence wiretaps

    • B. 

      Legal authorization of some new surveillance practices

    • C. 

      A series of checks and balances on the president and attorney general

    • D. 

      Access to stored communication records without judicial authorization

  • 21. 
    Which two actions are required under the Fair Credit Reporting Act in order for an employer to obtain a consumer report on a job applicant?
    • A. 

      Provide notice to applicant after taking adverse action and provide the applicant with a method to appeal the decision

    • B. 

      Obtain data only from a qualified credit reporting agency and certify that the agency has administrative, technical and physical safeguards in place

    • C. 

      Certify to the credit reporting agency that the employer has a permissible purpose and providea written consent from the employer

    • D. 

      Obtain applicant's written consent and provide applicant with a copy of the credit report before taking an adverse action

  • 22. 
    All of the following are considered acceptable reasons for sharing records of U.S. employees with third parties without obtaining the consent of the employees except:
    • A. 

      Test marketing the company's new products

    • B. 

      Determining legal standing or citizen status

    • C. 

      Retirement planning

    • D. 

      Group insurance underwriting

  • 23. 
    All of the following are considered acceptable lines of questioning by U.S. employers to applicants in the pre-employment process except:
    • A. 

      Questions about the applicant's duration of stay on the job or any anticipated absences

    • B. 

      Questions regarding any medical conditions or disabilities that would inhibit the performanceof the job function

    • C. 

      Questions on whether an applicant has applied for or received worker's compensation

    • D. 

      Questions about the applicant's height or weight as this relates to a specific job function

  • 24. 
    In terms of U.S. employees' workplace privacy rights, all of the following are acceptable monitoring techniques available to employers except:
    • A. 

      Internet access and usage

    • B. 

      Badge cards and ID readers

    • C. 

      Secret surveillance

    • D. 

      Closed-circuit television

  • 25. 
    All of the following are valid privacy protection procedures when terminating an employee who has access to sensitive personal information except:
    • A. 

      Removing the employee's access rights to sensitive personal information before escorting theemployee from the premises

    • B. 

      Reminding the employee of a non-disclosure agreement signed at the time of employment

    • C. 

      Demanding that the employee not remove paper and electronic files, and only remove personal effects under direct observation

    • D. 

      Asking the employee to sign the privacy policy immediately before conducting the exit interview

Back to Top Back to top