• Home
  • Articles
  • Easy To Download IAPP CIPP-US Exam Dumps Updated 152 Questions [Q17-Q32]

Easy To Download IAPP CIPP-US Exam Dumps Updated 152 Questions [Q17-Q32]

Share

Easy To Download IAPP CIPP-US Exam Dumps Updated 152 Questions

New Updated CIPP-US Exam Questions 2022

NEW QUESTION 17
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills - all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Consumers today are most likely protected from situations like the one Noah had buying stock because of which federal action or legislation?

  • A. Federal Trade Commission investigations into "unfair and deceptive" acts or practices.
  • B. The rules under the Fair Debt Collection Practices Act.
  • C. Investigations of "abusive" acts and practices under the Dodd-Frank Wall Street Reform and Consumer Protection Act.
  • D. The creation of the Consumer Financial Protection Bureau.

Answer: C

 

NEW QUESTION 18
Which of the following accurately describes the purpose of a particular federal enforcement agency?

  • A. The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information.
  • B. The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.
  • C. The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites' posted privacy disclosures.
  • D. The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ).

Answer: B

 

NEW QUESTION 19
In what way does the "Red Flags Rule" under the Fair and Accurate Credit Transactions Act (FACTA) relate to the owner of a grocery store who uses a money wire service?

  • A. It does not apply because the owner is not a creditor
  • B. It requires the owner to implement an identity theft warning system
  • C. It mandates the use of updated technology for securing credit records
  • D. It is not usually enforced in the case of a small financial institution

Answer: C

 

NEW QUESTION 20
Which statute is considered part of U.S. federal privacy law?

  • A. The e-Privacy Directive.
  • B. The Fair Credit Reporting Act.
  • C. The Personal Information Protection and Electronic Documents Act.
  • D. SB 1386.

Answer: B

 

NEW QUESTION 21
The rules for "e-discovery" mainly prevent which of the following?

  • A. A conflict between business practice and technological safeguards
  • B. The loss of information due to poor data retention practices
  • C. A breach of an organization's data retention program
  • D. The practice of employees using personal devices for work

Answer: B

 

NEW QUESTION 22
Who has rulemaking authority for the Fair Credit Reporting Act (FCRA) and the Fair and Accurate Credit Transactions Act (FACTA)?

  • A. The Consumer Financial Protection Bureau
  • B. The Department of Commerce
  • C. State Attorneys General
  • D. The Federal Trade Commission

Answer: A

Explanation:
Explanation/Reference: https://www.ftc.gov/enforcement/statutes/fair-accurate-credit-transactions-act-2003

 

NEW QUESTION 23
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  • A. Enters a contract with the organization that states the third party will process data according to the consent agreement
  • B. Uses the transferred data for limited purposes
  • C. Provides the same level of privacy protection as the organization
  • D. Notifies the organization if it can no longer meet its requirements for proper data handling

Answer: A

 

NEW QUESTION 24
Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?

  • A. Call center exception
  • B. Ordinary course of business exception
  • C. Inter-company communications exception
  • D. Internet calls exception

Answer: B

 

NEW QUESTION 25
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
What could the company have done differently prior to the breach to reduce their risk?

  • A. Honored the promise of its privacy policy to acquire information by using an opt-in method.
  • B. Implemented a comprehensive policy for accessing customer information.
  • C. Communicated requests for changes to users' preferences across the organization and with third parties.
  • D. Looked for any persistent threats to security that could compromise the company's network.

Answer: D

 

NEW QUESTION 26
If an organization maintains data classified as high sensitivity in the same system as data classified as low sensitivity, which of the following is the most likely outcome?

  • A. Temporary employees will be able to find the data necessary to fulfill their responsibilities.
  • B. The impact of an organizational data breach will be more severe than if the data had been segregated.
  • C. The organization will be able to address legal discovery requests efficiently without producing more information than necessary.
  • D. The organization will still be in compliance with most sector-specific privacy and security laws.

Answer: C

 

NEW QUESTION 27
Which statement is FALSE regarding the provisions of the Employee Polygraph Protection Act of 1988 (EPPA)?

  • A. The EPPA includes an exception that allows polygraph tests in professions in which employee honesty is necessary for public safety.
  • B. Employers are prohibited from administering psychological testing based on personality traits such as honesty, preferences or habits.
  • C. Employers involved in the manufacture of controlled substances may terminate employees based on polygraph results if other evidence exists.
  • D. The EPPA requires that employers post essential information about the Act in a conspicuous location.

Answer: B

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 28
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?

  • A. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
  • B. Making sure that the software does not unintentionally discriminate against protected groups.
  • C. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
  • D. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.

Answer: B

Explanation:
Explanation/Reference: https://www.beckage.com/tag/artificial-intelligence/

 

NEW QUESTION 29
SCENARIO
Please use the following to answer the next QUESTION:
You are the chief privacy officer at HealthCo, a major hospital in a large U.S. city in state A.
HealthCo is a HIPAA-covered entity that provides healthcare services to more than 100,000 patients. A third-party cloud computing service provider, CloudHealth, stores and manages the electronic protected health information (ePHI) of these individuals on behalf of HealthCo. CloudHealth stores the data in state B.
As part of HealthCo's business associate agreement (BAA) with CloudHealth, HealthCo requires CloudHealth to implement security measures, including industry standard encryption practices, to adequately protect the data. However, HealthCo did not perform due diligence on CloudHealth before entering the contract, and has not conducted audits of CloudHealth's security measures.
A CloudHealth employee has recently become the victim of a phishing attack. When the employee unintentionally clicked on a link from a suspicious email, the PHI of more than 10,000 HealthCo patients was compromised. It has since been published online. The HealthCo cybersecurity team quickly identifies the perpetrator as a known hacker who has launched similar attacks on other hospitals - ones that exposed the PHI of public figures including celebrities and politicians.
During the course of its investigation, HealthCo discovers that CloudHealth has not encrypted the PHI in accordance with the terms of its contract. In addition, CloudHealth has not provided privacy or security training to its employees. Law enforcement has requested that HealthCo provide its investigative report of the breach and a copy of the PHI of the individuals affected.
A patient affected by the breach then sues HealthCo, claiming that the company did not adequately protect the individual's ePHI, and that he has suffered substantial harm as a result of the exposed data. The patient's attorney has submitted a discovery request for the ePHI exposed in the breach.
Of the safeguards required by the HIPAA Security Rule, which of the following is NOT at issue due to HealthCo's actions?

  • A. Physical Safeguards
  • B. Administrative Safeguards
  • C. Security Safeguards
  • D. Technical Safeguards

Answer: C

 

NEW QUESTION 30
Why was the Privacy Protection Act of 1980 drafted?

  • A. To respond to police searches of newspaper facilities
  • B. To assist prosecutors in civil litigation against newspaper companies
  • C. To protect individuals from personal privacy invasion by the police
  • D. To assist in the prosecution of white-collar crimes

Answer: C

 

NEW QUESTION 31
SCENARIO
Please use the following to answer the next QUESTION
Otto is preparing a report to his Board of Directors at Filtration Station, where he is responsible for the privacy program. Filtration Station is a U.S. company that sells filters and tubing products to pharmaceutical companies for research use. The company is based in Seattle, Washington, with offices throughout the U.S. and Asi a. It sells to business customers across both the U.S. and the Asia-Pacific region. Filtration Station participates in the Cross-Border Privacy Rules system of the APEC Privacy Framework.
Unfortunately, Filtration Station suffered a data breach in the previous quarter. An unknown third party was able to gain access to Filtration Station's network and was able to steal data relating to employees in the company's Human Resources database, which is hosted by a third-party cloud provider based in the U.S. The HR data is encrypted. Filtration Station also uses the third-party cloud provider to host its business marketing contact database. The marketing database was not affected by the data breach. It appears that the data breach was caused when a system administrator at the cloud provider stored the encryption keys with the data itself.
The Board has asked Otto to provide information about the data breach and how updates on new developments in privacy laws and regulations apply to Filtration Station. They are particularly concerned about staying up to date on the various U.S. state laws and regulations that have been in the news, especially the California Consumer Privacy Act (CCPA) and breach notification requirements.
The Board has asked Otto whether the company will need to comply with the new California Consumer Privacy Law (CCPA). What should Otto tell the Board?

  • A. That the company is governed by CCPA, but does not need to take any additional steps because it follows CPBR.
  • B. That business contact information could be considered personal information governed by CCPA.
  • C. That CCPA only applies to companies based in California, which exempts the company from compliance.
  • D. That CCPA will apply to the company only after the California Attorney General determines that it will enforce the statute.

Answer: D

 

NEW QUESTION 32
......


Training Course for Actual Testing

The IAPP CIPP-US exam training course, known as ‘Learn to Navigate the Details of US Privacy Law with Skill and Confidence’, helps the candidate know the navigation techniques of the Privacy Law in the US, and is globally recognized. US privacy law as a whole is comprised of federal, state, as well as local laws. Thus, such a course educates the privacy specialists on how to be aligned with all these laws in their practice. It also enables them to avoid fines and damages to their brands. A class like this is ideal for specialists in data privacy who need deep training on the US data privacy laws. It is also ideal for individuals aiming at getting the CIPP-US designation. After all, such training leads the candidate to a deep study of the US data privacy laws on the national, state, and local levels. Plus, it analyses sectoral regulations, the enforcement of the laws in both criminal and civil spheres, as well as a look into the EU General Data Protection Regulation. Then, the course also delves into the California Consumer Private Act. Some of the domains covered when one is learning are:

  • Privacy at the workplace.
  • Accessibility of data to the government and judiciary;
  • The privacy environment in the US;
  • Private sector data collection, usage, and limits;

All in all, a candidate can take the course through online classes, virtual classes, in-person learning sessions, or group lessons.

 

Updated Free IAPP CIPP-US Test Engine Questions with 152 Q&As: https://www.dumpsquestion.com/CIPP-US-exam-dumps-collection.html

The Best Certified Information Privacy Professional CIPP-US Professional Exam Questions: https://drive.google.com/open?id=1imwbnWXDmobdSFNVZj1PjLUEkf4Jtzhc

Related Articles

more
IAPP CIPP-US Certification Practice Exam

Copyright © 2026 DumpsQuestion NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy