Free Access IAPP.CIPP-C.v2022-08-02.q111 Practice Test (Page 2)

Question 1

Company X has entrusted the processing of their payroll data to Provider Y. Provider Y stores this encrypted data on its server. The IT department of Provider Y finds out that someone managed to hack into the system and take a copy of the data from its server. In this scenario, whom does Provider Y have the obligation to notify?

A.The supervisory authority

B.The public

C.Law enforcement

D.Company X

Question 2

Which venture would be subject to the requirements of Section 5 of the Federal Trade Commission Act?

A.A national bank's no-fee checking promotion

B.An online merchant's free shipping offer

C.A local nonprofit charity's fundraiser

D.A city bus system's frequent rider program

Question 3

California's SB 1386 was the first law of its type in the United States to do what?

A.Require state attorney general enforcement of federal regulations against unfair and deceptive trade practices

B.Require encryption of sensitive information stored on servers that are Internet connected

C.Require notification of non-California residents of a breach that occurred in California

D.Require commercial entities to disclose a security data breach concerning personal information about the state's residents

Question 4

Federal laws establish which of the following requirements for collecting personal information of minors under the age of 13?

A.Affirmative consent from a minor's parent or guardian before collecting the minor's personal information online.

B.Implied consent from a minor's parent or guardian before collecting a minor's personal information online, such as when they permit the minor to use the internet.

C.Implied consent from a minor's parent or guardian, or affirmative consent from the minor.

D.Affirmative consent of a parent or guardian before collecting personal information of a minor offline (e.g., in person), which also satisfies any requirements for online consent.

Question 5

An employee of company ABCD has just noticed a memory stick containing records of client data, including their names, addresses and full contact details has disappeared. The data on the stick is unencrypted and in clear text. It is uncertain what has happened to the stick at this stage, but it likely was lost during the travel of an employee. What should the company do?

A.Notify as soon as possible the data protection supervisory authority that a data breach may have taken place.

B.Immediately notify all the customers of the company that their information has been accessed by an unauthorized person.

C.Invoke the "disproportionate effort" exception under Article 33 to postpone notifying data subjects until more information can be gathered.

D.Launch an investigation and if nothing is found within one month, notify the data protection supervisory authority.

Other Version: 748IAPP.CIPP-C.v2024-06-06.q79; 1258IAPP.CIPP-C.v2022-05-06.q52; 1406IAPP.CIPP-C.v2022-04-09.q60; 71IAPP.Fast2test.CIPP-C.v2021-09-28.by.herman.65q.pdf

Latest Upload: 110GAQM.CDCS-001.v2025-09-17.q15; 116Huawei.H19-301_V4.0.v2025-09-17.q37; 105VMware.5V0-33.23.v2025-09-17.q24; 115Oracle.1Z0-1078-23.v2025-09-17.q30; 152IAPP.CIPP-US.v2025-09-17.q217; 158Salesforce.ADM-201.v2025-09-16.q192; 138SAP.C-HRHPC-2505.v2025-09-15.q26; 349AmericanSocietyofMicrobiology.ABMM.v2025-09-15.q66; 172Microsoft.DP-900.v2025-09-15.q248; 123Oracle.1z0-1108-2.v2025-09-15.q15

Question 1

Question 2

Question 3

Question 4

Question 5

Download PDF File