試験問題集でCIPP-US練習で無料最新のIAPP練習テスト [Q74-Q95]

Share

試験問題集でCIPP-US練習で無料最新のIAPP練習テスト

CIPP-US試験問題、リアルCIPP-US練習問題集

質問 74
Which statute is considered part of U.S. federal privacy law?

  • A. SB 1386.
  • B. The e-Privacy Directive.
  • C. The Personal Information Protection and Electronic Documents Act.
  • D. The Fair Credit Reporting Act.

正解: D

 

質問 75
Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?

  • A. A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll
  • B. University police provide an arrest report to a student's hometown police, who suspect him of a similar crime
  • C. A K-12 assessment vendor obtains a student's signed essay about her hometown from her school to use as an exemplar for public release
  • D. A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors

正解: C

 

質問 76
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?

  • A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
  • B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
  • C. The encryption of all personal information of Massachusetts residents when stored on portable devices.
  • D. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.

正解: C

 

質問 77
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?

  • A. Attracting skepticism from auditors
  • B. Having a security system failure
  • C. Being more closely scrutinized for any breaches of policy
  • D. Getting accused of discriminatory practices

正解: C

 

質問 78
According to FERPA, when can a school disclose records without a student's consent?

  • A. If the disclosure is to practitioners who are involved in a student's health care
  • B. If the disclosure is not to be conducted through email to the third party
  • C. If the disclosure would not reveal a student's student identification number
  • D. If the disclosure is to provide transcripts to a school where a student intends to enroll

正解: D

解説:
Explanation/Reference: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html

 

質問 79
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. USA Freedom Act
  • B. ECPA
  • C. CALEA
  • D. SCA

正解: C

解説:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283

 

質問 80
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?

  • A. Reassuring customers of the security of their information.
  • B. Describing the policy changes on its website.
  • C. Publicizing the policy changes through social media.
  • D. Obtaining affirmative consent from its customers.

正解: D

 

質問 81
Which federal act does NOT contain provisions for preempting stricter state laws?

  • A. The Children's Online Privacy Protection Act (COPPA)
  • B. The Fair and Accurate Credit Transactions Act (FACTA)
  • C. The CAN-SPAM Act
  • D. The Telemarketing Consumer Protection and Fraud Prevention Act

正解: D

解説:
Explanation

 

質問 82
More than half of U.S. states require telemarketers to?

  • A. Provide written contracts for customer transactions
  • B. Register with the state before conducting business
  • C. Obtain written consent from potential customers
  • D. Identify themselves at the beginning of a call

正解: A

 

質問 83
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  • A. Uses the transferred data for limited purposes
  • B. Notifies the organization if it can no longer meet its requirements for proper data handling
  • C. Enters a contract with the organization that states the third party will process data according to the consent agreement
  • D. Provides the same level of privacy protection as the organization

正解: C

 

質問 84
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
"most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?

  • A. Florida
  • B. New York
  • C. California
  • D. Maine

正解: A

解説:
Explanation/Reference: https://www.itgovernanceusa.com/data-breach-notification-laws

 

質問 85
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

  • A. An international court ruling on personal information held in the commercial sector.
  • B. A code of responsibilities for medical establishments to uphold privacy laws.
  • C. A bill of rights for individuals seeking access to their personal information.
  • D. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.

正解: C

解説:
Explanation/Reference: http://documents1.worldbank.org/curated/en/751621525705087132/text/WPS8431.txt

 

質問 86
Which of the following best describes what a "private right of action" is?

  • A. The right of individuals harmed by data processing to have their information deleted.
  • B. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.
  • C. The right of individuals to submit a request to access their information.
  • D. The right of individuals to keep their information private.

正解: B

 

質問 87
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?

  • A. Understanding the laws that regulate a company's collection of information
  • B. Facilitating participation across departments and levels
  • C. Developing a process for review and update of privacy policies
  • D. Deciding how aggressive to be in the use of personal information

正解: A

 

質問 88
Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?

  • A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
  • B. If the job candidates' credit card information and the encryption keys were among the information taken.
  • C. If the personal information stolen included the individuals' names and credit card pin numbers.
  • D. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.

正解: C

 

質問 89
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer dat a. Which was NOT one of these principles?

  • A. Providing greater transparency.
  • B. Enhancing security measures.
  • C. Simplifying consumer choice.
  • D. Practicing Privacy by Design.

正解: B

 

質問 90
What is the main purpose of the CAN-SPAM Act?

  • A. To diminish the use of electronic messages to send sexually explicit materials
  • B. To empower the FTC to create rules for messages containing sexually explicit content
  • C. To ensure that organizations respect individual rights when using electronic advertising
  • D. To authorize the states to enforce federal privacy laws for electronic marketing

正解: C

解説:
Explanation/Reference: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business

 

質問 91
What was the original purpose of the Federal Trade Commission Act?

  • A. To ensure privacy rights of U.S. citizens
  • B. To protect consumers
  • C. To enforce antitrust laws
  • D. To negotiate consent decrees with companies violating personal privacy

正解: B

 

質問 92
Which of the following is commonly required for an entity to be subject to breach notification requirements under most state laws?

  • A. The entity must have employees in the state
  • B. The entity must be registered in the state
  • C. The entity must conduct business in the state
  • D. The entity must be an information broker

正解: C

 

質問 93
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?

  • A. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.
  • B. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
  • C. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
  • D. Making sure that the software does not unintentionally discriminate against protected groups.

正解: D

解説:
Explanation/Reference: https://www.beckage.com/tag/artificial-intelligence/

 

質問 94
All of the following common law torts are relevant to employee privacy under US law EXCEPT?

  • A. Defamation
  • B. Intrusion upon seclusion.
  • C. Conversion.
  • D. Infliction of emotional distress.

正解: B

解説:
Explanation/Reference: https://en.wikipedia.org/wiki/Privacy_law

 

質問 95
......


IAPP CIPP-US 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 要素、州間の主な違い、最近の動向
  • 米国のプライバシー環境の紹介
トピック 2
  • 雇用前、雇用中、雇用後のプライバシー
  • 政府および裁判所による民間部門の情報へのアクセス
トピック 3
  • 国家安全保障とプライバシー
  • 法執行とプライバシー
  • 民事訴訟とプライバシー
トピック 4
  • 開発、ユーザー設定の管理、インシデント対応プログラム、労働力
  • 財務データへのアクセス、コミュニケーションへのアクセス、CALEA
トピック 5
  • 政府の支部、法源、法的定義、規制当局
  • 米国の観点からの情報管理
トピック 6
  • 米国のプライバシーおよびセキュリティ法の施行
  • 刑事責任と民事責任、法定責任の一般理論
トピック 7
  • 民間部門によるデータの収集と使用の制限
  • FCRA、FACT法、GLBA、レッドフラッグス規則、ドッドフランク、CFPB、オンラインバンキング

 

確認済みCIPP-US試験問題集と解答で時間限定無料提供!CIPP-USには正解付き:https://jp.fast2test.com/CIPP-US-premium-file.html

あなたを合格させるCIPP-US無料問題集最新のIAPP練習テスト:https://drive.google.com/open?id=12wJPiYpH0lEutASuybTwD4XV5PykvDoQ


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어