• ホーム
  • ブログ
  • 最新の2022年01月23日試験エンジン練習問題CIPP-US最新の有効問題集を提供中です [Q36-Q59]

最新の2022年01月23日試験エンジン練習問題CIPP-US最新の有効問題集を提供中です [Q36-Q59]

Share

最新の2022年01月23日試験エンジン練習問題CIPP-US最新の有効問題集を提供中です

試験解答はCIPP-US最新版テストエンジンをタダで提供します

質問 36
Chanel Hair Studio is a busy high-end hair salon. In an effort to maximize efficiency of its operations and reduce wait times for appointments, Chanel decides to implement artificial intelligence software that will use client profiles and history to predict which clients will likely be late for their appointments. Information used to create the client profile included appointment history, distance from the salon, and any references to being tardy pulled from the client's social media accounts. If a client is predicted to be late, their appointment will be cancelled within 5 minutes.
Based on the details, what is the biggest potential privacy concern related to Chanel's use of this new software?

  • A. Scanning a client's social media accounts to use in a client profile without notice to the client.
  • B. Using client profile information for any purpose other than setting up an appointment.
  • C. Calculating client profile address distance from the salon to determine location from salon to help predict if the client will be late.
  • D. Assessing client tardiness history with the salon for predictive purposes.

正解: C

 

質問 37
SCENARIO
Please use the following to answer the next QUESTION
Noah is trying to get a new job involving the management of money. He has a poor personal credit rating, but he has made better financial decisions in the past two years.
One potential employer, Arnie's Emporium, recently called to tell Noah he did not get a position. As part of the application process, Noah signed a consent form allowing the employer to request his credit report from a consumer reporting agency (CRA). Noah thinks that the report hurt his chances, but believes that he may not ever know whether it was his credit that cost him the job. However, Noah is somewhat relieved that he was not offered this particular position. He noticed that the store where he interviewed was extremely disorganized. He imagines that his credit report could still be sitting in the office, unsecured.
Two days ago, Noah got another interview for a position at Sam's Market. The interviewer told Noah that his credit report would be a factor in the hiring decision. Noah was surprised because he had not seen anything on paper about this when he applied.
Regardless, the effect of Noah's credit on his employability troubles him, especially since he has tried so hard to improve it. Noah made his worst financial decisions fifteen years ago, and they led to bankruptcy. These were decisions he made as a young man, and most of his debt at the time consisted of student loans, credit card debt, and a few unpaid bills - all of which Noah is still working to pay off. He often laments that decisions he made fifteen years ago are still affecting him today.
In addition, Noah feels that an experience investing with a large bank may have contributed to his financial troubles. In 2007, in an effort to earn money to help pay off his debt, Noah talked to a customer service representative at a large investment company who urged him to purchase stocks. Without understanding the risks, Noah agreed. Unfortunately, Noah lost a great deal of money.
After losing the money, Noah was a customer of another financial institution that suffered a large security breach. Noah was one of millions of customers whose personal information was compromised. He wonders if he may have been a victim of identity theft and whether this may have negatively affected his credit.
Noah hopes that he will soon be able to put these challenges behind him, build excellent credit, and find the perfect job.
Based on the scenario, which legislation should ease Noah's worry about his credit report as a result of applying at Arnie's Emporium?

  • A. The Red Flags Rule under the Fair and Accurate Credit Transactions Act (FACTA).
  • B. The Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA).
  • C. The Privacy Rule under the Gramm-Leach-Bliley Act (GLBA).
  • D. The Disposal Rule under the Fair and Accurate Credit Transactions Act (FACTA).

正解: B

 

質問 38
Which of the following best describes the ASIA-Pacific Economic Cooperation (APEC) principles?

  • A. A baseline of marketers' minimum responsibilities for providing opt-out mechanisms.
  • B. A code of responsibilities for medical establishments to uphold privacy laws.
  • C. An international court ruling on personal information held in the commercial sector.
  • D. A bill of rights for individuals seeking access to their personal information.

正解: D

解説:
Explanation/Reference: http://documents1.worldbank.org/curated/en/751621525705087132/text/WPS8431.txt

 

質問 39
Which entity within the Department of Health and Human Services (HHS) is the primary enforcer of the Health Insurance Portability and Accountability Act (HIPAA) "Privacy Rule"?

  • A. Office of Inspector General.
  • B. Office for Civil Rights.
  • C. Office of Public Health and Safety.
  • D. Office of Social Services.

正解: B

 

質問 40
What is the main reason some supporters of the European approach to privacy are skeptical about self- regulation of privacy practices?

  • A. Human rights may be disregarded for the sake of privacy
  • B. A new business owner may not understand the regulations
  • C. Industries may not be strict enough in the creation and enforcement of rules
  • D. A large amount of money may have to be sent on improved technology and security

正解: C

 

質問 41
An organization self-certified under Privacy Shield must, upon request by an individual, do what?

  • A. Provide the identities of third and fourth parties that may potentially receive personal information.
  • B. Provide the identities of third parties with whom the organization shares personal information.
  • C. Identify all personal information disclosed during a criminal investigation.
  • D. Suspend the use of all personal information collected by the organization to fulfill its original purpose.

正解: B

 

質問 42
Which of the following accurately describes the purpose of a particular federal enforcement agency?

  • A. The Cybersecurity and Infrastructure Security Agency (CISA) is authorized to bring civil enforcement actions against organizations whose website or other online service fails to adequately secure personal information.
  • B. The Federal Communications Commission (FCC) regulates privacy practices on the internet and enforces violations relating to websites' posted privacy disclosures.
  • C. The Federal Trade Commission (FTC) is typically recognized as having the broadest authority under the FTC Act to address unfair or deceptive privacy practices.
  • D. The National Institute of Standards and Technology (NIST) has established mandatory privacy standards that can then be enforced against all for-profit organizations by the Department of Justice (DOJ).

正解: C

 

質問 43
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. CALEA
  • B. ECPA
  • C. SCA
  • D. USA Freedom Act

正解: A

解説:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283

 

質問 44
Which entities must comply with the Telemarketing Sales Rule?

  • A. For-profit and not-for-profit organizations when selling additional services to establish customers
  • B. For-profit organizations and for-profit telefunders regarding charitable solicitations
  • C. For-profit organizations calling businesses when a binding contract exists between them
  • D. Nonprofit organizations calling on their own behalf

正解: A

 

質問 45
All of the following common law torts are relevant to employee privacy under US law EXCEPT?

  • A. Conversion.
  • B. Intrusion upon seclusion.
  • C. Defamation
  • D. Infliction of emotional distress.

正解: B

解説:
Explanation/Reference: https://en.wikipedia.org/wiki/Privacy_law

 

質問 46
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

  • A. To follow the Red Flags Rule by mailing the reports to customers
  • B. To follow the Safeguards Rule by transferring the reports to a secure electronic file
  • C. To follow the Disposal Rule by having the reports shredded
  • D. To follow the Privacy Rule by notifying customers that the reports are being stored

正解: D

 

質問 47
What role does the U.S. Constitution play in the area of workplace privacy?

  • A. It provides contractual protections to members of labor unions, but not to employees at will
  • B. It provides enforcement resources to large employers, but not to small businesses
  • C. It provides legal precedent for physical information security, but not for electronic security
  • D. It provides significant protections to federal and state governments, but not to private-sector employment

正解: C

 

質問 48
SCENARIO
Please use the following to answer the next QUESTION:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop. "Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?" "It's asking Questions about my opinions."
"Let me see," Matt said, and began reading the list of Questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer Questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
How does Matt come to the decision to report the marketer's activities?

  • A. The marketer seems to have distributed his son's information without Matt's permission
  • B. The marketer failed to identify himself and indicate the purpose of the messages
  • C. The marketer failed to make an adequate attempt to provide Matt with information
  • D. The marketer did not provide evidence that the prize books were appropriate for children

正解: C

 

質問 49
Which of the following became the first state to pass a law specifically regulating the practices of data brokers?

  • A. California.
  • B. Vermont.
  • C. Washington.
  • D. New York.

正解: B

解説:
Explanation
Explanation/Reference: https://www.natlawreview.com/article/ringing-2019-new-state-privacy-and-data-security-laws- impacting-data-brokers-and

 

質問 50
What is an exception to the Electronic Communications Privacy Act of 1986 ban on interception of wire, oral and electronic communications?

  • A. Only if all parties have given consent
  • B. Where state law permits such interception
  • C. Where one of the parties has given consent
  • D. If an organization intercepts an employee's purely personal call

正解: D

 

質問 51
A company's employee wellness portal offers an app to track exercise activity via users' mobile devices. Which of the following design techniques would most effectively inform users of their data privacy rights and privileges when using the app?

  • A. Offer information about data collection and uses at key data entry points.
  • B. Present a privacy policy to users during the wellness program registration process.
  • C. Publish a privacy policy written in clear, concise, and understandable language.
  • D. Provide a link to the wellness program privacy policy at the bottom of each screen.

正解: B

 

質問 52
SCENARIO
Please use the following to answer the next question:
Matt went into his son's bedroom one evening and found him stretched out on his bed typing on his laptop.
"Doing your network?" Matt asked hopefully.
"No," the boy said. "I'm filling out a survey."
Matt looked over his son's shoulder at his computer screen. "What kind of survey?"
"It's asking questions about my opinions."
"Let me see," Matt said, and began reading the list of questions that his son had already answered. "It's asking your opinions about the government and citizenship. That's a little odd. You're only ten." Matt wondered how the web link to the survey had ended up in his son's email inbox. Thinking the message might have been sent to his son by mistake he opened it and read it. It had come from an entity called the Leadership Project, and the content and the graphics indicated that it was intended for children. As Matt read further he learned that kids who took the survey were automatically registered in a contest to win the first book in a series about famous leaders.
To Matt, this clearly seemed like a marketing ploy to solicit goods and services to children. He asked his son if he had been prompted to give information about himself in order to take the survey. His son told him he had been asked to give his name, address, telephone number, and date of birth, and to answer questions about his favorite games and toys.
Matt was concerned. He doubted if it was legal for the marketer to collect information from his son in the way that it was. Then he noticed several other commercial emails from marketers advertising products for children in his son's inbox, and he decided it was time to report the incident to the proper authorities.
Based on the incident, the FTC's enforcement actions against the marketer would most likely include what violation?

  • A. Disregarding the privacy policy of the children's marketing industry.
  • B. Failing to notify of a breach of children's private information.
  • C. Collecting information from a child under the age of thirteen.
  • D. Intruding upon the privacy of a family with young children.

正解: A

解説:
Explanation/Reference: https://www.ftc.gov/system/files/2012-31341.pdf

 

質問 53
Smith Memorial Healthcare (SMH) is a hospital network headquartered in New York and operating in 7 other states. SMH uses an electronic medical record to enter and track information about its patients. Recently, SMH suffered a data breach where a third-party hacker was able to gain access to the SMH internal network.
Because it is a HIPPA-covered entity, SMH made a notification to the Office of Civil Rights at the U.S. Department of Health and Human Services about the breach.
Which statement accurately describes SMH's notification responsibilities?

  • A. If SMH is compliant with HIPAA, it will not have to make a separate notification to individuals in the state of New York.
  • B. If SMH has more than 500 patients in the state of New York, it will need to make separate notifications to these patients.
  • C. If SMH makes credit monitoring available to individuals who inquire, it will not have to make a separate notification to individuals in the state of New York.
  • D. If SMH must make a notification in any other state in which it operates, it must also make a notification to individuals in New York.

正解: D

 

質問 54
The Video Privacy Protection Act of 1988 restricted which of the following?

  • A. When a user's viewing of online video content can be monitored
  • B. When downloading of copyrighted audio visual materials is allowed
  • C. Who advertisements for videos and video games may target
  • D. Which purchase records of audio visual materials may be disclosed

正解: D

解説:
Explanation/Reference: https://searchcompliance.techtarget.com/definition/Video-Privacy-Protection-Act-of-1988

 

質問 55
In what way does the "Red Flags Rule" under the Fair and Accurate Credit Transactions Act (FACTA) relate to the owner of a grocery store who uses a money wire service?

  • A. It mandates the use of updated technology for securing credit records
  • B. It requires the owner to implement an identity theft warning system
  • C. It does not apply because the owner is not a creditor
  • D. It is not usually enforced in the case of a small financial institution

正解: A

 

質問 56
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

  • A. Health plans
  • B. Healthcare information clearinghouses
  • C. Healthcare providers
  • D. Pharmaceutical companies

正解: D

 

質問 57
What is the main purpose of the Global Privacy Enforcement Network?

  • A. To protect the interests of privacy consumer groups worldwide
  • B. To investigate allegations of privacy violations internationally
  • C. To arbitrate disputes between countries over jurisdiction for privacy laws
  • D. To promote universal cooperation among privacy authorities

正解: D

解説:
Explanation/Reference: https://en.wikipedia.org/wiki/Global_Privacy_Enforcement_Network

 

質問 58
SCENARIO
Please use the following to answer the next QUESTION
When there was a data breach involving customer personal and financial information at a large retail store, the company's directors were shocked. However, Roberta, a privacy analyst at the company and a victim of identity theft herself, was not. Prior to the breach, she had been working on a privacy program report for the executives. How the company shared and handled data across its organization was a major concern. There were neither adequate rules about access to customer information nor procedures for purging and destroying outdated dat a. In her research, Roberta had discovered that even low- level employees had access to all of the company's customer data, including financial records, and that the company still had in its possession obsolete customer data going back to the 1980s.
Her report recommended three main reforms. First, permit access on an as-needs-to-know basis. This would mean restricting employees' access to customer information to data that was relevant to the work performed. Second, create a highly secure database for storing customers' financial information (e.g., credit card and bank account numbers) separate from less sensitive information. Third, identify outdated customer information and then develop a process for securely disposing of it.
When the breach occurred, the company's executives called Roberta to a meeting where she presented the recommendations in her report. She explained that the company having a national customer base meant it would have to ensure that it complied with all relevant state breach notification laws. Thanks to Roberta's guidance, the company was able to notify customers quickly and within the specific timeframes set by state breach notification laws.
Soon after, the executives approved the changes to the privacy program that Roberta recommended in her report. The privacy program is far more effective now because of these changes and, also, because privacy and security are now considered the responsibility of every employee.
Which principle of the Consumer Privacy Bill of Rights, if adopted, would best reform the company's privacy program?

  • A. Consumers have a right to reasonable limits on the personal data that a company retains.
  • B. Consumers have a right to easily accessible information about privacy and security practices.
  • C. Consumers have a right to exercise control over how companies use their personal data.
  • D. Consumers have a right to correct personal data in a manner that is appropriate to the sensitivity.

正解: A

 

質問 59
......


IAPP CIPP-US 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • 職場のプライバシーの概念、職場のプライバシーの問題を規制する米国の機関
  • データのインベントリと分類、データフローのマッピング、プライバシープログラム
トピック 2
  • 米国のプライバシーおよびセキュリティ法の施行
  • 刑事責任と民事責任、法定責任の一般理論
トピック 3
  • 民間部門によるデータの収集と使用の制限
  • FCRA、FACT法、GLBA、レッドフラッグス規則、ドッドフランク、CFPB、オンラインバンキング
トピック 4
  • 開発、ユーザー設定の管理、インシデント対応プログラム、労働力
  • 財務データへのアクセス、コミュニケーションへのアクセス、CALEA
トピック 5
  • 雇用前、雇用中、雇用後のプライバシー
  • 政府および裁判所による民間部門の情報へのアクセス
トピック 6
  • 要素、州間の主な違い、最近の動向
  • 米国のプライバシー環境の紹介

 

CIPP-US試験問題集で無料サンプルは365日更新されます:https://www.goshiken.com/IAPP/CIPP-US-mondaishu.html

合格させるCIPP-US試験問題と最新のCIPP-USテスト問題集PDF:https://drive.google.com/open?id=1X3jMmXOdysLwBEpzWRDXb-s_5vPBNuPy

関するブログ

もっと
CIPP-US無料問題集