Leads4pass > IAPP > IAPP Certifications > CIPP-US > CIPP-US Online Practice Questions and Answers

CIPP-US Online Practice Questions and Answers

Questions 4

Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?

A. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed

B. The consent must be in writing, must contain the number to which calls can be made and must have an end date

C. The consent must be in writing, must contain the number to which calls can be made and must be signed

D. The consent must be in writing, must have an end date and must state the times when calls can be made

Buy Now
Questions 5

Acme Student Loan Company has developed an artificial intelligence algorithm that determines whether an individual is likely to pay their bill or default. A person who is determined by the algorithm to be more likely to default will receive frequent payment reminder calls, while those who are less likely to default will not receive payment reminders.

Which of the following most accurately reflects the privacy concerns with Acme Student Loan Company using artificial intelligence in this manner?

A. If the algorithm uses risk factors that impact the automatic decision engine. Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.

B. If the algorithm makes automated decisions based on risk factors and public information, Acme need not determine if the algorithm has a disparate impact on protected classes.

C. If the algorithm's methodology is disclosed to consumers, then it is acceptable for Acme to have a disparate impact on protected classes.

D. If the algorithm uses information about protected classes to make automated decisions, Acme must ensure that the algorithm does not have a disparate impact on protected classes in the output.

Buy Now
Questions 6

Which of the following statements is most accurate in regard to data breach notifications under federal and state laws:

A. You must notify the Federal Trade Commission (FTC) in addition to affected individuals if over 500 individuals are receiving notice.

B. When providing an individual with required notice of a data breach, you must identify what personal information was actually or likely compromised.

C. When you are required to provide an individual with notice of a data breach under any state's law, you must provide the individual with an offer for free credit monitoring.

D. The only obligations to provide data breach notification are under state law because currently there is no federal law or regulation requiring notice for the breach of personal information.

Buy Now
Questions 7

What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?

A. The ability to receive reports from multiple credit reporting agencies.

B. The ability to appeal negative credit-based decisions.

C. The ability to correct inaccurate credit information.

D. The ability to investigate incidents of identity theft.

Buy Now
Questions 8

Which of the following is a U.S. surveillance program authorized under Section 702 of the Foreign Intelligence Surveillance Act Amendments Act?

A. Upstream

B. NATGRID

C. Project 6

D. SORM

Buy Now
Questions 9

In a data sharing arrangement, which of the following organizations would determine the rules that apply to the processing of the data being shared?

A. The business associate.

B. The hosting provider.

C. The data processor.

D. The data controller.

Buy Now
Questions 10

SCENARIO

Please use the following to answer the next question:

Jane is a U.S. citizen and a senior software engineer at California-based Jones Labs, a major software supplier to the U.S. Department of Defense and other U.S. federal agencies. Jane's manager, Patrick, is a French citizen who has been living in California for over a decade. Patrick has recently begun to suspect that Jane is an insider secretly transmitting trade secrets to foreign intelligence. Unbeknownst to Patrick, the FBI has already received a hint from anonymous whistleblower, and jointly with the National Security Agency is investigating Jane's possible implication in a sophisticated foreign espionage campaign.

Ever since the pandemic, Jane has been working from home. To complete her daily tasks she uses her corporate laptop, which after each login conspicuously provides notice that the equipment belongs to Jones Labs and may be monitored according to the enacted privacy policy and employment handbook. Jane also has a corporate mobile phone that she uses strictly for business, the terms of which are de ned in her employment contract and elaborated upon in her employee handbook. Both the privacy policy and the employee handbook are revised annually by a reputable California law rm specializing in privacy law. Jane also has a personal iPhone that she uses for private purposes only.

Jones Labs has its primary data center in San Francisco, which is managed internally by Jones Labs engineers. The secondary data center, managed by Amazon AWS, is physically located in the UK for disaster recovery purposes. Jones Labs' mobile devices backup is managed by a mid-sized mobile defense company located in Denver, which physically stores the data in Canada to reduce costs. Jones Labs MS O ce documents are securely stored in a Microsoft O ce 365 data center based in Ireland. Manufacturing data of Jones Labs is stored in Taiwan and managed by a local supplier that has no presence in the U.S.

When storing Jane's ngerprint for remote authentication. Jones Labs should consider legality issues under which of the following?

A. The Privacy Rule of the HITECH Act.

B. The California IoT Security Law (SB 327).

C. The applicable state law such as Illinois BIPA.

D. The federal Genetic Information Nondiscrimination Act (GINA).

Buy Now
Questions 11

One of the most signi cant elements of Senate Bill No. 260 relating to Internet privacy is the introduction of what term into Nevada law?

A. Data Ethics.

B. Data Brokers.

C. Arti cial Intelligence.

D. Transfer Mechanism.

Buy Now
Questions 12

A California resident has created an account on your company's online food delivery platform and placed several orders in the past month. Later she submits a data subject request to access her personal information under the California Privacy Rights Act.

Assuming that the CPRA is in force, which of the following data elements would your company NOT have to provide to the requester once her identity has been veri ed?

A. Inferences made about the individual for the company's internal purposes.

B. The loyalty account number assigned through the individual's use of the services.

C. The time stamp for the creation of the individual's account in the platform's database.

D. The email address submitted by the individual as part of the account registration process.

Buy Now
Questions 13

Nearly every state has a data breach noti cation law with a "compromise standard" for determining when notice is required. Which of the following is the best explanation of what a "compromise" is under this framework?

A. Compromise is de ned by the degree to which the affected individuals suffered actual harm or had substantial risk of actual harm.

B. Compromise is de ned by the case law in the jurisdiction and is typically based on the totality of the circumstances.

C. Compromise means that personally identi able information was wrongfully accessed by third parties.

D. Compromise means that the con dentiality, security, or integrity of the information was violated.

Buy Now
Exam Code: CIPP-US
Exam Name: Certified Information Privacy Professional/United States (CIPP/US)
Last Update: Jul 07, 2026
Questions: 198
10%OFF Coupon Code: SAVE10

PDF (Q&A)

$49.99

VCE

$55.99

PDF + VCE

$65.99