Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. IAPP
  3. CIPP-US

IAPP CIPP-US Exam (page: 4)
IAPP Certified Information Privacy Professional/United States (CIPP/US)
Updated on: 15-Feb-2026

Viewing Page 4 of 33
CIPP-US PDF 251 Questions

A large online bookseller decides to contract with a vendor to manage personally identifiable information (PII).
What is the least important factor for the company to consider when selecting the vendor?

  1. The vendor's reputation
  2. The vendor's financial health
  3. The vendor's employee retention rates
  4. The vendor's employee training program

Answer(s): C



In which situation is a company operating under the assumption of implied consent?

  1. An employer contacts the professional references provided on an applicant's resume
  2. An online retailer subscribes new customers to an e-mail list by default
  3. A landlord uses the information on a completed rental application to run a credit report
  4. A retail clerk asks a customer to provide a zip code at the check-out counter

Answer(s): A


Reference:

https://en.wikipedia.org/wiki/Implied_consent



All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?

  1. Facilitating participation across departments and levels
  2. Developing a process for review and update of privacy policies
  3. Deciding how aggressive to be in the use of personal information
  4. Understanding the laws that regulate a company's collection of information

Answer(s): D



Which of the following describes the most likely risk for a company developing a privacy policy with standards that are much higher than its competitors?

  1. Being more closely scrutinized for any breaches of policy
  2. Getting accused of discriminatory practices
  3. Attracting skepticism from auditors
  4. Having a security system failure

Answer(s): A



If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  1. Uses the transferred data for limited purposes
  2. Provides the same level of privacy protection as the organization
  3. Notifies the organization if it can no longer meet its requirements for proper data handling
  4. Enters a contract with the organization that states the third party will process data according to the consent agreement

Answer(s): D


Reference:

https://www.privacyshield.gov/Key-New-Requirements



What was the original purpose of the Federal Trade Commission Act?

  1. To ensure privacy rights of U.S. citizens
  2. To protect consumers
  3. To enforce antitrust laws
  4. To negotiate consent decrees with companies violating personal privacy

Answer(s): C



SCENARIO
Please use the following to answer the next question:

Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.

"Doing your homework?" Matt asked hopefully.

"No," the boy said. "I'm filling out a survey."

Matt looked over his son's shoulder at his computer screen. "What kind of survey?"

"It's asking questions about my opinions."

"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."

Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.

To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.

Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

  1. Intruding upon the privacy of a family with young children.
  2. Collecting information from a child under the age of thirteen.
  3. Failing to notify of a breach of children's private information.
  4. Disregarding the privacy policy of the children's marketing industry.

Answer(s): B



SCENARIO
Please use the following to answer the next question:

Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.

"Doing your homework?" Matt asked hopefully.

"No," the boy said. "I'm filling out a survey."

Matt looked over his son's shoulder at his computer screen. "What kind of survey?"

"It's asking questions about my opinions."

"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten."

Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.

To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.

Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.

How does Matt come to the decision to report the marketer's activities?

  1. The marketer failed to make an adequate attempt to provide Matt with information
  2. The marketer did not provide evidence that the prize books were appropriate for children
  3. The marketer seems to have distributed his son's information without Matt's permission
  4. The marketer failed to identify himself and indicate the purpose of the messages

Answer(s): C



Viewing Page 4 of 33



Share your comments for IAPP CIPP-US exam with other users:

trying 7/28/2023 12:37:00 PM

thanks good stuff
UNITED STATES