• Home
  • Articles
  • [Q82-Q106] Real Exam Questions CIPP-US Dumps Exam Questions in here [Feb-2022]

[Q82-Q106] Real Exam Questions CIPP-US Dumps Exam Questions in here [Feb-2022]

Share

Real Exam Questions CIPP-US Dumps Exam Questions in here [Feb-2022]

Get Latest Feb-2022 Conduct effective penetration tests using  CIPP-US

NEW QUESTION 82
All of the following organizations are specified as covered entities under the Health Insurance Portability and Accountability Act (HIPAA) EXCEPT?

  • A. Healthcare providers
  • B. Healthcare information clearinghouses
  • C. Pharmaceutical companies
  • D. Health plans

Answer: C

 

NEW QUESTION 83
SCENARIO
Please use the following to answer the next QUESTION:
A US-based startup company is selling a new gaming application. One day, the CEO of the company receives an urgent letter from a prominent EU-based retail partner. Triggered by an unresolved complaint lodged by an EU resident, the letter describes an ongoing investigation by a supervisory authority into the retailer's data handling practices.
The complainant accuses the retailer of improperly disclosing her personal data, without consent, to parties in the United States. Further, the complainant accuses the EU-based retailer of failing to respond to her withdrawal of consent and request for erasure of her personal dat a. Your organization, the US-based startup company, was never informed of this request for erasure by the EU-based retail partner. The supervisory authority investigating the complaint has threatened the suspension of data flows if the parties involved do not cooperate with the investigation. The letter closes with an urgent request: "Please act immediately by identifying all personal data received from our company." This is an important partnership. Company executives know that its biggest fans come from Western Europe; and this retailer is primarily responsible for the startup's rapid market penetration.
As the Company's data privacy leader, you are sensitive to the criticality of the relationship with the retailer.
At this stage of the investigation, what should the data privacy leader review first?

  • A. The company's data privacy policies
  • B. Prevailing regulation on this subject
  • C. Available data flow diagrams
  • D. The text of the original complaint

Answer: B

 

NEW QUESTION 84
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. SCA
  • B. USA Freedom Act
  • C. CALEA
  • D. ECPA

Answer: C

 

NEW QUESTION 85
Within what time period must a commercial message sender remove a recipient's address once they have asked to stop receiving future e-mail?

  • A. 7 days
  • B. 21 days
  • C. 15 days
  • D. 10 days

Answer: D

 

NEW QUESTION 86
A covered entity suffers a ransomware attack that affects the personal health information (PHI) of more than
500 individuals. According to Federal law under HIPAA, which of the following would the covered entity NOT have to report the breach to?

  • A. The affected individuals
  • B. Medical providers
  • C. Department of Health and Human Services
  • D. The local media

Answer: B

Explanation:
Explanation/Reference: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf (page 6)

 

NEW QUESTION 87
John, a California resident, receives notification that a major corporation with $500 million in annual revenue has experienced a data breach. John's personal information in their possession has been stolen, including his full name and social security numb. John also learns that the corporation did not have reasonable cybersecurity measures in place to safeguard his personal information.
Which of the following answers most accurately reflects John's ability to pursue a legal claim against the corporation under the California Consumer Privacy Act (CCPA)?

  • A. John has no right to sue the corporation because the CCPA does not address any data breach rights.
  • B. John can sue the corporation for the data breach to recover monetary damages suffered as a result of the data breach, and in some circumstances seek statutory damages irrespective of whether he suffered any financial harm.
  • C. John can sue the corporation for the data breach but only to recover monetary damages he actually suffered as a result of the data breach.
  • D. John cannot sue the corporation for the data breach because only the state's Attoney General has authority to file suit under the CCPA.

Answer: C

 

NEW QUESTION 88
Which of the following is an example of federal preemption?

  • A. The Payment Card Industry's (PCI) ability to self-regulate and enforce data security standards for payment card data.
  • B. The U.S. Federal Trade Commission's (FTC) ability to enforce against unfair and deceptive trade practices across sectors and industries.
  • C. The California Consumer Privacy Act (CCPA) regulating businesses that have no physical brick-and-mortal presence in California, but which do business there.
  • D. The U.S. Controlling the Assault of Non-Solicited Pornography and Marketing (CAN-SPAM) Act prohibiting states from passing laws that impose greater obligations on senders of email marketing.

Answer: B

 

NEW QUESTION 89
What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

  • A. Keep electronic updates about the Health Insurance Portability and Accountability Act
  • B. Bill the majority of patients electronically for their health care
  • C. Make electronic health records (EHRs) part of regular care
  • D. Send health information and appointment reminders to patients electronically

Answer: C

 

NEW QUESTION 90
In a case of civil litigation, what might a defendant who is being sued for distributing an employee's private information face?

  • A. A jail sentence.
  • B. An injunction.
  • C. Probation.
  • D. Criminal fines.

Answer: B

 

NEW QUESTION 91
If an organization certified under Privacy Shield wants to transfer personal data to a third party acting as an agent, the organization must ensure the third party does all of the following EXCEPT?

  • A. Uses the transferred data for limited purposes
  • B. Notifies the organization if it can no longer meet its requirements for proper data handling
  • C. Enters a contract with the organization that states the third party will process data according to the consent agreement
  • D. Provides the same level of privacy protection as the organization

Answer: C

 

NEW QUESTION 92
The Video Privacy Protection Act of 1988 restricted which of the following?

  • A. When downloading of copyrighted audio visual materials is allowed
  • B. Who advertisements for videos and video games may target
  • C. When a user's viewing of online video content can be monitored
  • D. Which purchase records of audio visual materials may be disclosed

Answer: D

 

NEW QUESTION 93
What consumer service was the Fair Credit Reporting Act (FCRA) originally intended to provide?

  • A. The ability to appeal negative credit-based decisions.
  • B. The ability to correct inaccurate credit information.
  • C. The ability to receive reports from multiple credit reporting agencies.
  • D. The ability to investigate incidents of identity theft.

Answer: D

 

NEW QUESTION 94
Under the Telemarketing Sales Rule, what characteristics of consent must be in place for an organization to acquire an exception to the Do-Not-Call rules for a particular consumer?

  • A. The consent must be in writing, must have an end data and must state the times when calls can be made
  • B. The consent must be in writing, must contain the number to which calls can be made and must have an end date
  • C. The consent must be in writing, must state the times when calls can be made to the consumer and must be signed
  • D. The consent must be in writing, must contain the number to which calls can be made and must be signed

Answer: B

 

NEW QUESTION 95
In which situation would a policy of "no consumer choice" or "no option" be expected?

  • A. When a job applicant's credit report is provided to an employer
  • B. When a patient's health record is made available to a pharmaceutical company
  • C. When a customer's financial information is requested by the government
  • D. When a customer's street address is shared with a shipping company

Answer: D

 

NEW QUESTION 96
Which of the following would NOT constitute an exception to the authorization requirement under the HIPAA Privacy Rule?

  • A. Disclosing health information for public health activities.
  • B. Disclosing health information to file a child abuse report.
  • C. Disclosing health information needed to pay a third party billing administrator.
  • D. Disclosing health information needed to treat a medical emergency.

Answer: D

Explanation:
Section: (none)
Explanation

 

NEW QUESTION 97
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to." Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social medi a. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
In regard to telemarketing practices, Evan the supervisor has a misconception regarding?

  • A. The right to monitor calls for quality assurance
  • B. The wishes of recipients who request callbacks
  • C. The conditions under which recipients can opt out
  • D. The relationship of state law to federal law

Answer: B

 

NEW QUESTION 98
SCENARIO
Please use the following to answer the next QUESTION:
Declan has just started a job as a nursing assistant in a radiology department at Woodland Hospital. He has also started a program to become a registered nurse.
Before taking this career path, Declan was vaguely familiar with the Health Insurance Portability and Accountability Act (HIPAA). He now knows that he must help ensure the security of his patients' Protected Health Information (PHI). Therefore, he is thinking carefully about privacy issues.
On the morning of his first day, Declan noticed that the newly hired receptionist handed each patient a HIPAA privacy notice. He wondered if it was necessary to give these privacy notices to returning patients, and if the radiology department could reduce paper waste through a system of one-time distribution.
He was also curious about the hospital's use of a billing company. He questioned whether the hospital was doing all it could to protect the privacy of its patients if the billing company had details about patients' care.
On his first day Declan became familiar with all areas of the hospital's large radiology department. As he was organizing equipment left in the halfway, he overheard a conversation between two hospital administrators. He was surprised to hear that a portable hard drive containing non-encrypted patient information was missing. The administrators expressed relief that the hospital would be able to avoid liability. Declan was surprised, and wondered whether the hospital had plans to properly report what had happened.
Despite Declan's concern about this issue, he was amazed by the hospital's effort to integrate Electronic Health Records (EHRs) into the everyday care of patients. He thought about the potential for streamlining care even more if they were accessible to all medical facilities nationwide.
Declan had many positive interactions with patients. At the end of his first day, he spoke to one patient, John, whose father had just been diagnosed with a degenerative muscular disease. John was about to get blood work done, and he feared that the blood work could reveal a genetic predisposition to the disease that could affect his ability to obtain insurance coverage. Declan told John that he did not think that was possible, but the patient was wheeled away before he could explain why. John plans to ask a colleague about this.
In one month, Declan has a paper due for one his classes on a health topic of his choice. By then, he will have had many interactions with patients he can use as examples. He will be pleased to give credit to John by name for inspiring him to think more carefully about genetic testing.
Although Declan's day ended with many Questions, he was pleased about his new position.
What is the most likely way that Declan might directly violate the Health Insurance Portability and Accountability Act (HIPAA)?

  • A. By being present when patients are checking in
  • B. By ignoring the conversation about a potential breach
  • C. By speaking to a patient without prior authorization
  • D. By following through with his plans for his upcoming paper

Answer: B

 

NEW QUESTION 99
Which is an exception to the general prohibitions on telephone monitoring that exist under the U.S. Wiretap Act?

  • A. Call center exception
  • B. Ordinary course of business exception
  • C. Internet calls exception
  • D. Inter-company communications exception

Answer: B

 

NEW QUESTION 100
What important action should a health care provider take if the she wants to qualify for funds under the Health Information Technology for Economic and Clinical Health Act (HITECH)?

  • A. Keep electronic updates about the Health Insurance Portability and Accountability Act
  • B. Bill the majority of patients electronically for their health care
  • C. Make electronic health records (EHRs) part of regular care
  • D. Send health information and appointment reminders to patients electronically

Answer: C

Explanation:
Explanation/Reference: https://www.healthaffairs.org/do/10.1377/hblog20150304.045199/full/

 

NEW QUESTION 101
Under the Fair and Accurate Credit Transactions Act (FACTA), what is the most appropriate action for a car dealer holding a paper folder of customer credit reports?

  • A. To follow the Safeguards Rule by transferring the reports to a secure electronic file
  • B. To follow the Red Flags Rule by mailing the reports to customers
  • C. To follow the Disposal Rule by having the reports shredded
  • D. To follow the Privacy Rule by notifying customers that the reports are being stored

Answer: D

 

NEW QUESTION 102
SCENARIO
Please use the following to answer the next QUESTION:
Larry has become increasingly dissatisfied with his telemarketing position at SunriseLynx, and particularly with his supervisor, Evan. Just last week, he overheard Evan mocking the state's Do Not Call list, as well as the people on it. "If they were really serious about not being bothered," Evan said, "They'd be on the national DNC list. That's the only one we're required to follow. At SunriseLynx, we call until they ask us not to." Bizarrely, Evan requires telemarketers to keep records of recipients who ask them to call "another time." This, to Larry, is a clear indication that they don't want to be called at all. Evan doesn't see it that way.
Larry believes that Evan's arrogance also affects the way he treats employees. The U.S. Constitution protects American workers, and Larry believes that the rights of those at SunriseLynx are violated regularly. At first Evan seemed friendly, even connecting with employees on social medi a. However, following Evan's political posts, it became clear to Larry that employees with similar affiliations were the only ones offered promotions.
Further, Larry occasionally has packages containing personal-use items mailed to work. Several times, these have come to him already opened, even though this name was clearly marked. Larry thinks the opening of personal mail is common at SunriseLynx, and that Fourth Amendment rights are being trampled under Evan's leadership.
Larry has also been dismayed to overhear discussions about his coworker, Sadie. Telemarketing calls are regularly recorded for quality assurance, and although Sadie is always professional during business, her personal conversations sometimes contain sexual comments. This too is something Larry has heard Evan laughing about. When he mentioned this to a coworker, his concern was met with a shrug. It was the coworker's belief that employees agreed to be monitored when they signed on. Although personal devices are left alone, phone calls, emails and browsing histories are all subject to surveillance. In fact, Larry knows of one case in which an employee was fired after an undercover investigation by an outside firm turned up evidence of misconduct. Although the employee may have stolen from the company, Evan could have simply contacted the authorities when he first suspected something amiss.
Larry wants to take action, but is uncertain how to proceed.
Which act would authorize Evan's undercover investigation?

  • A. The Stored Communications Act (SCA)
  • B. The Fair and Accurate Credit Transactions Act (FACTA)
  • C. The National Labor Relations Act (NLRA)
  • D. The Whistleblower Protection Act

Answer: C

 

NEW QUESTION 103
A law enforcement subpoenas the ACME telecommunications company for access to text message records of a person suspected of planning a terrorist attack. The company had previously encrypted its text message records so that only the suspect could access this data.
What law did ACME violate by designing the service to prevent access to the information by a law enforcement agency?

  • A. SCA
  • B. USA Freedom Act
  • C. CALEA
  • D. ECPA

Answer: C

Explanation:
Explanation
Explanation/Reference: https://www.nap.edu/read/11896/chapter/11#283

 

NEW QUESTION 104
All of the following are tasks in the "Discover" phase of building an information management program EXCEPT?

  • A. Understanding the laws that regulate a company's collection of information
  • B. Developing a process for review and update of privacy policies
  • C. Facilitating participation across departments and levels
  • D. Deciding how aggressive to be in the use of personal information

Answer: A

 

NEW QUESTION 105
Which action is prohibited under the Electronic Communications Privacy Act of 1986?

  • A. Accessing stored communications with the consent of the sender or recipient of the message
  • B. Monitoring employee telephone calls of a personal nature
  • C. Intercepting electronic communications and unauthorized access to stored communications
  • D. Monitoring all employee telephone calls

Answer: C

 

NEW QUESTION 106
......

Authentic Best resources for CIPP-US Online Practice Exam: https://prep4sure.examtorrent.com/CIPP-US-exam-papers.html

Related Articles

more
IAPP CIPP-US Certification Practice Exam

Best latest exam preparation and exam torrent guarantee candidates pass for sure. All in all we promise all our on-sale materials are the latest & valid test prep & exam preparation and exam torrent. We promise "money back guarantee".

Latest Dump pass for sure

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 ExamTorrent NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy