Free IAPP CIPM Exam Questions

Question 1

Why were the nongovernmental privacy organizations, Electronic Frontier Foundation (EFF) and Electronic

Privacy Information Center (EPIC), established?

A : To promote consumer confidence in the Internet industry

B : To improve the user experience during online shopping

C : To protect civil liberties and raise consumer awareness.

D : To promote security on the Internet through strong encryption

Answer: C

Question 2

SCENARIO

Please use the following to answer the next question:

It's just what you were afraid of. Without consulting you, the information technology director at your organization

launched a new initiative to encourage employees to use personal devices for conducting business. The

initiative made purchasing a new, high-specification laptop computer an attractive option, with discounted

laptops paid for as a payroll deduction spread over a year of paychecks. The organization is also paying the

sales taxes. It's a great deal, and after a month, more than half the organization's employees have signed on

and acquired new laptops. Walking through the facility, you see them happily customizing and comparing notes

on their new computers, and at the end of the day, most take their laptops with them, potentially carrying

personal data to their homes or other unknown locations. It's enough to give you data-protection nightmares,

and you've pointed out to the information technology Director and many others in the organization the potential

hazards of this new practice, including the inevitability of eventual data loss or theft.

Today you have in your office a representative of the organization's marketing department who shares with you,

reluctantly, a story with potentially serious consequences. The night before, straight from work, with laptop in

hand, he went to the Bull and Horn Pub to play billiards with his friends. A fine night of sport and socializing

began, with the laptop "safely" tucked on a bench, beneath his jacket. Later that night, when it was time to

depart, he retrieved the jacket, but the laptop was gone. It was not beneath the bench or on another bench

nearby. The waitstaff had not seen it. His friends were not playing a joke on him. After a sleepless night, he

confirmed it this morning, stopping by the pub to talk to the cleanup crew. They had not found it. The laptop was

missing. Stolen, it seems. He looks at you, embarrassed and upset.

You ask him if the laptop contains any personal data from clients, and, sadly, he nods his head, yes. He

believes it contains files on about 100 clients, including names, addresses and governmental identification

numbers. He sighs and places his head in his hands in despair.

What should you do first to ascertain additional information about the loss of data?

A : terview the person reporting the incident following a standard protocol

B : ll the police to investigate even if you are unsure a crime occurred

C : vestigate the background of the person reporting the incident

D : eck company records of the latest backups to see what data may be recoverable

Answer: A

Question 3

What is the key factor that lays the foundation for all other elements of a privacy program?

A : The applicable privacy regulations

B : The structure of a privacy team

C : A privacy mission statement

D : A responsible internal stakeholder

Answer: C

Question 4

Which of the following controls does the PCI DSS framework NOT require?

A : plement strong asset control protocols

B : plement strong access control measures

C : intain an information security policy

D : intain a vulnerability management program

Answer: A

Question 5

SCENARIO -

Please use the following to answer the next question:

Today is your first day at a fast growing international real estate firm headquartered in New York, with offices in Canada and Germany. You are the firm's first ever privacy officer.

While touring the office to meet your new colleagues and learn the layout of the office, you notice piles of printing jobs left on the printer in the copy room. You also note a recycle bin and garbage can near the printers. With a quick glance, you see a completed loan application form print out with applicant name, social security number and home address lying in the recycle bin. You make a note to follow up immediately.

You are then introduced to the head of IT who gives you a warm welcome and explains his star project this year - enterprise CRM (Customer Relationship Management) mobility. He is very proud that he is leading this innovation that allows firm-wide employees to access the existing CRM database remotely from anywhere on the Internet. The business value of this mobility initiative is significant. Since he doesn't have internal web development expertise, he outsourced the development work to a small IT firm in New York that has just successfully delivered another IT initiative for the company.

After the tour you start working on a plan based on your observations. One immediate action is to schedule a meeting with the head of IT to discuss the CRM mobility project.

While reviewing the contract with the firm the CRM mobility project was outsourced to, all of the following should be mandatory EXCEPT?

A : Right to audit.

B : Breach notification.

C : Security Commitment.

D : Service level agreements.

Answer: D