
試験問題集でCIPP-US練習で無料最新のIAPP練習テスト
CIPP-US試験問題、リアルCIPP-US練習問題集
質問 74
Which statute is considered part of U.S. federal privacy law?
- A. SB 1386.
- B. The e-Privacy Directive.
- C. The Personal Information Protection and Electronic Documents Act.
- D. The Fair Credit Reporting Act.
正解: D
質問 75
Which act violates the Family Educational Rights and Privacy Act of 1974 (FERPA)?
- A. A newspaper prints the names, grade levels, and hometowns of students who made the quarterly honor roll
- B. University police provide an arrest report to a student's hometown police, who suspect him of a similar crime
- C. A K-12 assessment vendor obtains a student's signed essay about her hometown from her school to use as an exemplar for public release
- D. A university posts a public student directory that includes names, hometowns, e-mail addresses, and majors
正解: C
質問 76
What does the Massachusetts Personal Information Security Regulation require as it relates to encryption of personal information?
- A. The encryption of all personal information of Massachusetts residents when all equipment is located in Massachusetts.
- B. The encryption of all personal information stored in Massachusetts-based companies when all equipment is located in Massachusetts.
- C. The encryption of all personal information of Massachusetts residents when stored on portable devices.
- D. The encryption of personal information stored in Massachusetts-based companies when stored on portable devices.
正解: C
質問 77
Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?
- A. Attracting skepticism from auditors
- B. Having a security system failure
- C. Being more closely scrutinized for any breaches of policy
- D. Getting accused of discriminatory practices
正解: C
質問 78
According to FERPA, when can a school disclose records without a student's consent?
- A. If the disclosure is to practitioners who are involved in a student's health care
- B. If the disclosure is not to be conducted through email to the third party
- C. If the disclosure would not reveal a student's student identification number
- D. If the disclosure is to provide transcripts to a school where a student intends to enroll
正解: D
解説:
Explanation/Reference: https://www2.ed.gov/policy/gen/guid/fpco/ferpa/index.html
質問 79
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?
- A. USA Freedom Act
- B. ECPA
- C. CALEA
- D. SCA
正解: C
解説:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283
質問 80
What is the most important action an organization can take to comply with the FTC position on retroactive changes to a privacy policy?
- A. Reassuring customers of the security of their information.
- B. Describing the policy changes on its website.
- C. Publicizing the policy changes through social media.
- D. Obtaining affirmative consent from its customers.
正解: D
質問 81
Which federal act does NOT contain provisions for preempting stricter state laws?
- A. The Children's Online Privacy Protection Act (COPPA)
- B. The Fair and Accurate Credit Transactions Act (FACTA)
- C. The CAN-SPAM Act
- D. The Telemarketing Consumer Protection and Fraud Prevention Act
正解: D
解説:
Explanation
質問 82
More than half of U.S. states require telemarketers to?
- A. Provide written contracts for customer transactions
- B. Register with the state before conducting business
- C. Obtain written consent from potential customers
- D. Identify themselves at the beginning of a call
正解: A
質問 83
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?
- A. Uses the transferred data for limited purposes
- B. Notifies the organization if it can no longer meet its requirements for proper data handling
- C. Enters a contract with the organization that states the third party will process data according to the consent agreement
- D. Provides the same level of privacy protection as the organization
正解: C
質問 84
Most states with data breach notification laws indicate that notice to affected individuals must be sent in the
"most expeditious time possible without unreasonable delay." By contrast, which of the following states currently imposes a definite limit for notification to affected individuals?
- A. Florida
- B. New York
- C. California
- D. Maine
正解: A
解説:
Explanation/Reference: https://www.itgovernanceusa.com/data-breach-notification-laws
質問 85
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?
- A. An international court ruling on personal information held in the commercial sector.
- B. A code of responsibilities for medical establishments to uphold privacy laws.
- C. A bill of rights for individuals seeking access to their personal information.
- D. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.
正解: C
解説:
Explanation/Reference: http://documents1.worldbank.org/curated/en/751621525705087132/text/WPS8431.txt
質問 86
Which of the following best describes what a "private right of action" is?
- A. The right of individuals harmed by data processing to have their information deleted.
- B. The right of individuals harmed by a violation of a law to file a lawsuit against the violation.
- C. The right of individuals to submit a request to access their information.
- D. The right of individuals to keep their information private.
正解: B
質問 87
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?
- A. Understanding the laws that regulate a company's collection of information
- B. Facilitating participation across departments and levels
- C. Developing a process for review and update of privacy policies
- D. Deciding how aggressive to be in the use of personal information
正解: A
質問 88
Privacy Is Hiring Inc., a CA-based company, is an online specialty recruiting firm focusing on placing privacy professionals in roles at major companies. Job candidates create online profiles outlining their experience and credentials, and can pay $19.99/month via credit card to have their profiles promoted to potential employers. Privacy Is Hiring Inc. keeps all customer data at rest encrypted on its servers.
Under what circumstances would Privacy Is Hiring Inc., need to notify affected individuals in the event of a data breach?
- A. If law enforcement has completed its investigation and has authorized Privacy Is Hiring Inc. to provide the notification to clients and applicable regulators.
- B. If the job candidates' credit card information and the encryption keys were among the information taken.
- C. If the personal information stolen included the individuals' names and credit card pin numbers.
- D. If Privacy Is Hiring Inc., reasonably believes that job candidates will be harmed by the data breach.
正解: C
質問 89
In March 2012, the FTC released a privacy report that outlined three core principles for companies handling consumer dat a. Which was NOT one of these principles?
- A. Providing greater transparency.
- B. Enhancing security measures.
- C. Simplifying consumer choice.
- D. Practicing Privacy by Design.
正解: B
質問 90
What is the main purpose of the CAN-SPAM Act?
- A. To diminish the use of electronic messages to send sexually explicit materials
- B. To empower the FTC to create rules for messages containing sexually explicit content
- C. To ensure that organizations respect individual rights when using electronic advertising
- D. To authorize the states to enforce federal privacy laws for electronic marketing
正解: C
解説:
Explanation/Reference: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
質問 91
What was the original purpose of the Federal Trade Commission Act?
- A. To ensure privacy rights of U.S. citizens
- B. To protect consumers
- C. To enforce antitrust laws
- D. To negotiate consent decrees with companies violating personal privacy
正解: B
質問 92
Which of the following is commonly required for an entity to be subject to breach notification requirements under most state laws?
- A. The entity must have employees in the state
- B. The entity must be registered in the state
- C. The entity must conduct business in the state
- D. The entity must be an information broker
正解: C
質問 93
Global Manufacturing Co's Human Resources department recently purchased a new software tool. This tool helps evaluate future candidates for executive roles by scanning emails to see what those candidates say and what is said about them. This provides the HR department with an automated "360 review" that lets them know how the candidate thinks and operates, what their peers and direct reports say about them, and how well they interact with each other.
What is the most important step for the Human Resources Department to take when implementing this new software?
- A. Ensuring that the software contains a privacy notice explaining that employees have no right to privacy as long as they are running this software on organization systems to scan email systems.
- B. Confirming that employees have read and signed the employee handbook where they have been advised that they have no right to privacy as long as they are using the organization's systems, regardless of the protected group or laws enforced by EEOC.
- C. Providing notice to employees that their emails will be scanned by the software and creating automated profiles.
- D. Making sure that the software does not unintentionally discriminate against protected groups.
正解: D
解説:
Explanation/Reference: https://www.beckage.com/tag/artificial-intelligence/
質問 94
All of the following common law torts are relevant to employee privacy under US law EXCEPT?
- A. Defamation
- B. Intrusion upon seclusion.
- C. Conversion.
- D. Infliction of emotional distress.
正解: B
解説:
Explanation/Reference: https://en.wikipedia.org/wiki/Privacy_law
質問 95
......
IAPP CIPP-US 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
| トピック 5 |
|
| トピック 6 |
|
| トピック 7 |
|
確認済みCIPP-US試験問題集と解答で時間限定無料提供!CIPP-USには正解付き:https://jp.fast2test.com/CIPP-US-premium-file.html
あなたを合格させるCIPP-US無料問題集最新のIAPP練習テスト:https://drive.google.com/open?id=12wJPiYpH0lEutASuybTwD4XV5PykvDoQ