CIPM Exam Questions

As a Data Protection Officer (DPO), one of your roles entails monitoring changes in laws and regulations and updating policies accordingly. How would you most effectively execute t...

SCENARIO Please use the following to answer the next question: John is the new privacy officer at the prestigious international law firm - A&M LLP. A&M LLP is very proud of its rep...

SCENARIO Please use the following to answer the next question: John is the new privacy officer at the prestigious international law firm - A&M LLP. A&M LLP is very proud of its rep...

SCENARIO Please use the following to answer the next question: Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help...

SCENARIO Please use the following to answer the next question: Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help...

SCENARIO Please use the following to answer the next question: Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help...

What should be the first major goal of a company developing a new privacy program?

Which is TRUE about the scope and authority of data protection oversight authorities?

What should a privacy professional keep in mind when selecting which metrics to collect?

SCENARIO Please use the following to answer the next question: Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time...

SCENARIO Please use the following to answer the next question: Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time...

SCENARIO Please use the following to answer the next question: Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time...

SCENARIO Please use the following to answer the next question: Amira is thrilled about the sudden expansion of NatGen. As the joint Chief Executive Officer (CEO) with her long-time...

If an organization maintains a separate ethics office, to whom would its officer typically report to in order to retain the greatest degree of independence?

What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?

What United States federal law requires financial institutions to declare their personal data collection practices?

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

SCENARIO Please use the following to answer the next question: As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your accomp...

Which of the following indicates you have developed the right privacy framework for your organization?

Rationalizing requirements in order to comply with the various privacy requirements required by applicable law and regulation does NOT include which of the following?

What is the name for the privacy strategy model that describes delegated decision making?

Which of the following controls does the PCI DSS framework NOT require?

Which of the following privacy frameworks are legally binding?

Which of the following is an example of Privacy by Design (PbD)?

In regards to the collection of personal data conducted by an organization, what must the data subject be allowed to do?

SCENARIO Please use the following to answer the next question: It's just what you were afraid of. Without consulting you, the information technology director at your organization l...

SCENARIO Please use the following to answer the next question: It's just what you were afraid of. Without consulting you, the information technology director at your organization l...

SCENARIO Please use the following to answer the next question: It's just what you were afraid of. Without consulting you, the information technology director at your organization l...

SCENARIO Please use the following to answer the next question: It's just what you were afraid of. Without consulting you, the information technology director at your organization l...

Which is NOT an influence on the privacy environment external to an organization?

How are individual program needs and specific organizational goals identified in privacy framework development?

SCENARIO Please use the following to answer the next question: Natalia, the Chief Financial Officer (CFO) of the Nationwide Grill restaurant chain, had never seen her fellow execut...

SCENARIO Please use the following to answer the next question: Natalia, the Chief Financial Officer (CFO) of the Nationwide Grill restaurant chain, had never seen her fellow execut...

SCENARIO Please use the following to answer the next question: Natalia, the Chief Financial Officer (CFO) of the Nationwide Grill restaurant chain, had never seen her fellow execut...

SCENARIO Please use the following to answer the next question: Natalia, the Chief Financial Officer (CFO) of the Nationwide Grill restaurant chain, had never seen her fellow execut...

Formosa International operates in 20 different countries including the United States and France. What organizational approach would make complying with a number of different regula...

When implementing Privacy by Design (PbD), what would NOT be a key consideration?

For an organization that has just experienced a data breach, what might be the least relevant metric for a company's privacy and governance team?

In which situation would a Privacy Impact Assessment (PIA) be the least likely to be required?

Under the General Data Protection Regulation (GDPR), what must be included in a written agreement between the controller and processor in relation to processing conducted on the co...

SCENARIO Please use the following to answer the next question: Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handl...

SCENARIO Please use the following to answer the next question: Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handl...

SCENARIO Please use the following to answer the next question: Perhaps Jack Kelly should have stayed in the U.S. He enjoys a formidable reputation inside the company, Special Handl...

You would like your organization to be independently audited to demonstrate compliance with international privacy standards and to identify gaps for remediation. Which type of audi...

An organization's business continuity plan or disaster recovery plan does NOT typically include what?

SCENARIO Please use the following to answer the next question: Edufox has hosted an annual convention of users of its famous e-learning software platform, and over time, it has bec...