CIPP Guide

Your Guide to the CIPP

CIPP Prep Materials

CBK Tests

Revision 2.0.37
CIPP Guide's CIPP Prep Materials

Published by Jon-Michael Brook, Clearwater, FL.

Copyright 2007 - 2010 Jon-Michael Brook and the CIPP Guide

No part of this publication may be reproduced, stored in a retrieval system or transmitted in

any form or by any means, electronic, mechanical, photocopying, recording, scanning or
otherwise, except as permitted under Sections 107 or 108 of the 1976 United States
Copyright Act, without either the prior written permission of the Publisher. Requests to the
Publisher for permission should be addressed to the Permissions Department, 2541
Estancia Blvd, Clearwater, FL 33761, (727) 564-9101, fax (440) 445-7338, or by email at
publisher@cippguide.org.
Trademarks: The CIPPGuide Sleuth Logo, Your Guide to the CIPP, cippguide.org,
cippguide.com,and related trade dress are trademarks or registered trademarks of Jon-
Michael C. Brook, the CIPPguide and/or its affiliates in the United States and other
countries, and may not be used without written permission. All other trademarks are the
property of their respective owners. Jon-Michael C. Brook is not associated with any
product or vendor outside of the CIPP Guide mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND

THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH
RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF
THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING
WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR
PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED
HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS
SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT
ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER
PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED,
THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE
SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE
FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION
OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A
POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE
ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET
WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED
BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

CIPP__CBK_Tests Page 1
 Table
of
Contents

CIPP Prep Materials:

CBK Tests
The CIPP Exam
The CIPP Exam..................................................................................................................i
Introduction......................................................................................................................1
CIPP CBK Tests 1...............................................................................................................3
CIPP CBK Tests 2...............................................................................................................9
CIPP CBK Tests 3.............................................................................................................15
CIPP CBK Tests 4.............................................................................................................21
CIPP CBK Tests 5.............................................................................................................27
CIPP CBK Tests 6.............................................................................................................33
CIPP CBK Tests 7.............................................................................................................39
CIPP CBK Tests 8.............................................................................................................45
CIPP CBK Tests 9.............................................................................................................51

i v. 2.0.37
 Introduction

CIPP Prep Materials

CBK Tests
Introduction

This booklet consolidates all of the tests from the CIPPguide website as of its date of
publication. Each chapter corresponds to a roughly 25 question test on site. At the end of
each chapter includes the answers. Explanations may be found on the website in the
interactive test engine. Best of luck on the exam!

1 v2.0.37
CIPP__CBK_Tests 2
 CIPP
CBK Tests
1

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 1
Questions
1. The branches of government in the United States:

A. are divided into three sections: Executive, Legislative, and Judicial

B. establish a system of checks and balances
C. are voluntary
D. may be vetoed by the President

2. What is a power of the Legislative branch of the U.S. government?

A. declaration of war
B. treaty ratification
C. vetoes of law
D. deem laws unconstitutional

3. What person or group is a part of the Executive branch of the U.S. government?

A. The President
B. Senate
C. Supreme Court
D. House of Representatives

4. The Judicial branch of the U.S. government:

A. has members appointed by the President

B. has members approved by the Senate
C. includes the Supreme Court
D. may formally declare war

3 v2.0.37
5. A contract is a legally binding agreement that may be made:

A. orally
B. in writing
C. unofficially
D. with intention of breach

6. What legal term can grant a politician the authority to weigh in on legal
matters within certain areas?

A. contract
B. jurisdiction
C. preemption
D. Person

7. A legal person is:

A. an individual who can have a separate legal identity

B. a group of persons allowed to represent themselves as a single legal body
C. commonly used in lawsuits
D. synonymous with limited liability corporations

8. In preemption, a lower jurisdiction's ruling is:

A. deemed infallible
B. overthrown by a higher jurisdiction by whim
C. displaced by a higher jurisdiction's ruling, with which it is in conflict
D. instituted as law

9. This legal term refers to situations where a court decides that a rights
creation law is also open to lawsuits.

A. contract
B. jurisdiction
C. private right of action
D. person

10. The Federal Trade Commission protects the rights of:

A. consumers
B. businesses
C. Congress
D. trusts

11. What Bureau is part of the Federal Trade Commission?

A. Bureau of Consumer Protection

B. Bureau of Competition

CIPP__CBK_Tests 4
C. Bureau of Economics
D. Bureau of Health and Human Services

12. The Wireless Telecommunications Services is part of what government agency?

A. Federal Trade Commission

B. Federal Communications Commission
C. Department of Health and Human Services
D. Department of Commerce

13. The FCC regulates:

A. consumers
B. banks
C. Congress
D. telecommunications

14. What is a responsibility of the Department of Commerce?

A. trademarks
B. economic growth promotion
C. demographic research
D. telecommunications

15. What is an operating unit of the Department of Commerce?

A. Bureau of Industry and Security

B. Economics and Statistics Administration
C. Economic Development Administration
D. Bureau of Consumer Protection

16. The Department of Health and Human Services is part of which branch of the
United States government?

A. Legislative
B. Executive
C. Judicial
D. Congress

17. The Centers for Disease Control and Prevention is part of which Cabinet
department?

A. Department of Commerce
B. Department of Health and Human Services
C. Federal Trade Commission
D. Federal Communications Commission

5 v2.0.37
18. Who appoints the Chairman and Vice Chairman of the Federal Reserve Board of
Governors?

A. President
B. Congress
C. citizens
D. Treasury Secretary

19. The Federal Reserve Board of Governors must make an annual report to what
person?

A. President
B. Speaker of the House
C. Vice President
D. Treasury Secretary

20. The Federal Reserve Board of Governors oversees how many District Reserve
Banks?

A. 7
B. 12
C. 25
D. 120

21. What is the central bank of the United States?

A. Treasury
B. Federal Reserve
C. Department of Commerce
D. IRS

22. What role does the Office of the Comptroller of Currency have in national
banks?

A. charters the banks

B. regulates the banks
C. supervises the banks
D. insures the deposits of the banks

23. This person is a state's lead law enforcement authority.

A. comptroller
B. General
C. state attorney general
D. Senator

24. How many Articles does the U.S. Constitution have?

CIPP__CBK_Tests 6
A. 7
B. 15
C. 50
D. 100

25. These are the first ten amendments to the Constitution.

A. Bill of Rights
B. unratified amendments
C. Emancipation Proclamation
D. articles

7 v2.0.37
Answers
1. A, B
2. A, B
3. A
4. A, B, C
5. A, B
6. B
7. A, B, C
8. C
9. C
10. A
11. A, B, C
12. B
13. D
14. A, B, C
15. A, B, C
16. B
17. B
18. A
19. B
20. B
21. B
22. A, B, C
23. C
24. A
25. A

CIPP__CBK_Tests 8
 CIPP CBK Tests
2

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 2
Questions
1. What is a purpose of legislation?

A. Regulation
B. Authorization
C. Restriction
D. Sanctioning

2. Where is legislation created in the United States?

A. Congress
B. Cabinet
C. Parliament
D. Supreme Court

3. The Office of Information and Regulatory Affairs belongs to which branch of U.S.
government?

A. Legislative
B. Executive
C. Judicial
D. Parliament

4. What does the Fair Credit Reporting Act regulate, regarding consumer
information?

A. information collection
B. information disclosure
C. information use
D. information creation

5. Under the Fair Credit Reporting Act, how many free credit reports may U.S.

9 v2.0.37
citizens request per year?

A. 1
B. 5
C. 6
D. 12

6. Under the Fair Credit Reporting Act, delinquent information may remain on a
consumer's credit report for how many years?

A. 1
B. 5
C. 7
D. 12

7. What does the Fair and Accurate Credit Transactions Act of 2003 amend?

A. First Amendment
B. HIPAA
C. Fair Credit Reporting Act
D. Telephone Consumer Protection Act

8. What is a primary concern of the Fair and Accurate Credit Transactions Act of
2003?

A. telecommunications fraud
B. medical records privacy
C. identity fraud
D. patient privacy

9. The privacy portion of the Health Insurance Portability and Accountability Act
applies to what entity?

A. insurance companies
B. doctors
C. pharmacies
D. telecommunications companies

10. What entity does not have to adhere to the privacy rules set forth in the
Health Insurance Portability and Accountability Act?

A. employers
B. schools
C. life Insurance Companies
D. doctors

11. What information is covered by the privacy rules set forth in HIPAA?

CIPP__CBK_Tests 10
A. medical record information inputted by doctors and support staff
B. medical billing information
C. credit report requests
D. credit score

12. What rights do consumers have to their own records, according to the privacy
rule of HIPAA?

A. free credit report yearly

B. access to copies of medical records
C. receive notice if private information is to be shared
D. request addition of corrections to records

13. What is the more common name for the American Recovery and Reinvestment Act of
2009?

A. HIPAA
B. stimulus bill
C. FACT
D. Constitution

14. The Financial Services Modernization Act repealed some aspects of what Act?

A. Health Insurance Portability and Accountability Act

B. Fair Credit Reporting Act
C. Glass-Steagall Act
D. Junk Fax Prevention Act

15. According to the Gramm-Leach-Bliley Act, financial institutions must give

customers a privacy notice that:

A. details what information the institution will collect about the customer
B. details how information collected about the customer will be shared with outside
parties
C. details how the institution will protect the information it collects about the
customer
D. offers a free copy of the customer's credit report

16. Under the GLBA, when must a financial institution give a potential customer the
required privacy notice?

A. before a business arrangement is agreed upon

B. after a business arrangement is agreed upon
C. within 2 weeks of business agreement
D. quarterly

17. The financial institution privacy notice required under the GLBA must include

11 v2.0.37
an opportunity for the potential customer to:

A. haggle on prices
B. opt out
C. waive all civil rights
D. run

18. The Children's Online Privacy Protection Act protects the privacy of children
under what age?

A. 5
B. 13
C. 15
D. 18

19. What law does the Junk Fax Prevention Act amend?

A. Communications Act of 1934

B. Glass-Steagall Act of 1933
C. Fair Credit Reporting Act of 1970
D. Children's Online Privacy Protection Act of 2000

20. What is the minimum per page fine for an unsolicited advertisement sent by fax,
according to the Junk Fax Prevention Act?

A. 100
B. 200
C. 500
D. 1000

21. The Telephone Consumer Protection Act governs the behavior of:

A. consumers
B. telemarketers
C. telecommunications companies
D. cellular phone manufacturers

22. What persons or groups may still make unsolicited calls to those on the
National Do Not Call Registry?

A. political groups
B. charities
C. conductors of surveys
D. bill collectors

23. The California law SB-1386 requires businesses that hold computerized personal
information to inform consumers if:

CIPP__CBK_Tests 12
A. they go out of business
B. there is a security breach
C. the business has a sale
D. the personal information has not changed

24. As of December 2009, how many states in the U.S. have security breach
notification laws?

A. 20
B. 30
C. 45
D. 50

25. To what areas does the Americans with Disabilities Act apply?

A. employment
B. public transportation
C. public accommodations
D. telecommunications

13 v2.0.37
Answers

1. A, B, C, D
2. A
3. B
4. A, B, C
5. A
6. C
7. C
8. C
9. A, B, C
10. A, B, C
11. A, B
12. B, C, D
13. B
14. C
15. A, B, C
16. B
17. B
18. B
19. A
20. C
21. B
22. A, B, C, D
23. B
24. C
25. A, B, C, D

CIPP__CBK_Tests 14
 CIPP CBK Tests
3

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 3

Questions
1. The branches of government in the United States:

A. are divided into three sections: Executive, Legislative, and Judicial

B. establish a system of checks and balances
C. are voluntary
D. may be vetoed by the President

2. What is a power of the Legislative branch of the U.S. government?

A. declaration of war
B. treaty ratification
C. vetoes of law
D. deem laws unconstitutional

3. What person or group is a part of the Executive branch of the U.S. government?

A. The President
B. Senate
C. Supreme Court
D. House of Representatives

4. The Judicial branch of the U.S. government:

A. has members appointed by the President

B. has members approved by the Senate
C. includes the Supreme Court
D. may formally declare war

5. A contract is a legally binding agreement that may be made:

15 v2.0.37
A. orally
B. in writing
C. unofficially
D. with intention of breach

6. What legal term can grant a politician the authority to weigh in on legal
matters within certain areas?

A. contract
B. jurisdiction
C. preemption
D. Person

7. A legal person is:

A. an individual who can have a separate legal identity

B. a group of persons allowed to represent themselves as a single legal body
C. commonly used in lawsuits
D. synonymous with limited liability corporations

8. In preemption, a lower jurisdiction's ruling is:

A. deemed infallible
B. overthrown by a higher jurisdiction by whim
C. displaced by a higher jurisdiction's ruling, with which it is in conflict
D. instituted as law

9. This legal term refers to situations where a court decides that a rights
creation law is also open to lawsuits.

A. contract
B. jurisdiction
C. private right of action
D. person

10. The Federal Trade Commission protects the rights of:

A. consumers
B. businesses
C. Congress
D. trusts

11. What Bureau is part of the Federal Trade Commission?

A. Bureau of Consumer Protection

B. Bureau of Competition
C. Bureau of Economics
D. Bureau of Health and Human Services

CIPP__CBK_Tests 16
12. The Wireless Telecommunications Services is part of what government agency?

A. Federal Trade Commission

B. Federal Communications Commission
C. Department of Health and Human Services
D. Department of Commerce

13. The FCC regulates:

A. consumers
B. banks
C. Congress
D. telecommunications

14. What is a responsibility of the Department of Commerce?

A. trademarks
B. economic growth promotion
C. demographic research
D. telecommunications

15. What is an operating unit of the Department of Commerce?

A. Bureau of Industry and Security

B. Economics and Statistics Administration
C. Economic Development Administration
D. Bureau of Consumer Protection

16. The Department of Health and Human Services is part of which branch of the
United States government?

A. Legislative
B. Executive
C. Judicial
D. Congress

17. The Centers for Disease Control and Prevention is part of which Cabinet
department?

A. Department of Commerce
B. Department of Health and Human Services
C. Federal Trade Commission
D. Federal Communications Commission

18. Who appoints the Chairman and Vice Chairman of the Federal Reserve Board of

17 v2.0.37
Governors?

A. President
B. Congress
C. citizens
D. Treasury Secretary

19. The Federal Reserve Board of Governors must make an annual report to what
person?

A. President
B. Speaker of the House
C. Vice President
D. Treasury Secretary

20. The Federal Reserve Board of Governors oversees how many District Reserve
Banks?

A. 7
B. 12
C. 25
D. 120

21. What is the central bank of the United States?

A. Treasury
B. Federal Reserve
C. Department of Commerce
D. IRS

22. What role does the Office of the Comptroller of Currency have in national
banks?

A. charters the banks

B. regulates the banks
C. supervises the banks
D. insures the deposits of the banks

23. This person is a state's lead law enforcement authority.

A. comptroller
B. General
C. state attorney general
D. Senator

24. How many Articles does the U.S. Constitution have?

A. 7

CIPP__CBK_Tests 18
B. 15
C. 50
D. 100

25. These are the first ten amendments to the Constitution.

A. Bill of Rights
B. unratified amendments
C. Emancipation Proclamation
D. articles

19 v2.0.37
Answers

1. A, B, C
2. C
3. B
4. A
5. A, B
6. A, B, C
7. A, B, C, D
8. A, B
9. A, B
10. A
11. A, B, C
12. A
13. A, B
14. B
15. A, B, C
16. A, B, C
17. A, B, C
18. A, B, D
19. A, B, C
20. A
21. D
22. A, B
23. A, B
24. D
25. A, B, C, D

CIPP__CBK_Tests 20
 CIPP CBK Tests
4

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 4

Questions
1. What role can labor unions play in workplace monitoring?

A. According to the NLRB, labor unions must agree to any workplace monitoring
conducted on its members
B. Labor unions can argue only against video surveillance
C. Labor unions can argue only against audio surveillance
D. Labor unions play no role in workplace monitoring

2. Under what situation may postal mail addressed to an employee not be opened by
other employees or the employer?

A. if the mail is marked "Personal" or "Confidential"

B. if the employee requests his mail not be opened
C. employee mail can always be opened by other employees or the employer
D. employee mail can never be opened by other employees or the employer

3. How may employers track employees using GPS?

A. through GPS chips in company cell phones

B. through GPS in company cars
C. through GPS chips implanted in the employee's skin
D. employers are not allowed to track employees with GPS

4. What information may employers track using GPS?

A. length of breaks
B. employee movements
C. speed at which employee is driving company car
D. employers are not allowed to track employees with GPS

21 v2.0.37
5. If an employee feels that an employer has violated his privacy rights, what
should the employee do?

A. contact the state department of labor

B. contact an employment attorney
C. stay quiet
D. 1uit the job

6. What is true of criminal liability?

A. A person is legally, and often financially, held responsible for a criminal act,
as defined by criminal law.
B. A person is legally, and often financially, held responsible for a criminal act,
as defined by civil law.
C. A person is legally, and often financially, held responsible for a civil act, as
defined by civil law.
D. A person is sentenced to capital punishment.

7. What is a criminal act for which a person might be found criminally liable?

A. murder
B. assault
C. battery
D. sexual abuse

8. What is true of civil liability?

A. A person is legally, and often financially, held responsible for a criminal act,
as defined by criminal law.
B. A person is legally, and often financially, held responsible for a criminal act,
as defined by civil law.
C. A person is legally, and often financially, held responsible for a civil act, as
defined by civil law.
D. A person is free from punishment.

9. What is a civil act for which a person might be found liable?

A. car accident
B. libel
C. property matters
D. murder

10. Under this type of contract breach, the non-breaching party may collect only
the monetary amount of damages.

A. minor breach
B. partial breach
C. immaterial breach
D. material breach

CIPP__CBK_Tests 22
11. Under this type of contract breach, a failure to perform allows the non-
breaching party to force the performance or collect the amount of damages.

A. minor breach
B. partial breach
C. immaterial breach
D. material breach

12. This type of serious contract breach allows the non-breaching party to
terminate the contract and sue for damages.

A. minor breach
B. material breach
C. partial breach
D. fundamental breach

13. Tort law applies to what type of situation?

A. a civil liability not related to contracts

B. a criminal liability not related to contracts
C. a criminal liability resulting in jail time
D. a criminal liability punishable by death

14. In tort law, what must be proved before the grieved party may be compensated?

A. cause of death
B. validity of written contract
C. negligence
D. credit worthiness

15. What is a civil law equivalent of torts?

A. liabilities
B. delicts
C. defects
D. contracts

16. What is a category of tort?

A. statutory
B. defamation
C. intentional
D. economic

17. What is an element of negligence claims?

23 v2.0.37
A. duty of care
B. breach of duty
C. direct cause
D. harm

18. What U.S. Statute originally established the rules of unfair and deceptive
trade practices?

A. Federal Trade Commission Act

B. Civil Rights Act
C. Americans with Disabilities Act
D. Fair Credit Reporting Act

19. What privacy rules did the FTC accuse Gateway Learning of violating?

A. sharing customer information with third parties, as explained in its privacy

policies
B. sharing customer information with third parties, against its privacy policies
C. sharing customer information without customer permission
D. videotaping customers in private areas

20. In a settlement with the FTC, Gateway Learning was required to:

A. cease misrepresenting how it will use consumer information

B. pay back the money earned by renting consumer information
C. stop applying changes to its privacy policy retroactively
D. close down for business

21. To what does the human rights management concept of "best fit" refer?

A. correlating the human rights management strategy to the company's overall

strategy
B. trying out various strategies until finding one that fits
C. replacing the company's overall strategy with the human rights management
strategy if it is a better plan
D. hiring employees that are the best fit for the company

22. What company task is commonly the responsibility of human rights management?

A. recruitment
B. payroll
C. training
D. performance evaluation

23. If a business operates in the United States, what data laws should it consult
before determining data classification?

CIPP__CBK_Tests 24
A. HIPAA
B. Sarbanes-Oxley Act
C. Gramm-Leach-Bliley Act
D. Basel II

24. If a business is operating internationally, what data laws should it consult

before determining data classification?

A. HIPAA
B. Sarbanes-Oxley Act
C. Gramm-Leach-Bliley Act
D. Basel II

25. What do you need to know about computerized data before it can be classified?

A. file type
B. accessing users
C. keywords
D. size

25 v2.0.37
Answers

1. A
2. A
3. A, B
4. A, B, C
5. A, B
6. A
7. A, B, C, D
8. C
9. A, B, C
10. A, B, C
11. D
12. D
13. A
14. C
15. B
16. A, B, C, D
17. A, B, C, D
18. A
19. B, C
20. A, B, C
21. A
22. A, B, C, D
23. A, B, C
24. D
25. A, B, C

CIPP__CBK_Tests 26
 CIPP CBK Tests
5

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 5

Questions
1. Data classification assigns sensitivity levels to data at what stage?

A. creation
B. amendment
C. storage
D. transmission

2. This level of data is highly valuable and must be protected at all times.

A. top secret
B. proprietary
C. internal use only
D. public documents

3. This type of data shouldn't be shared around the business, but contains
information necessary for the business' operations.

A. top secret
B. highly confidential
C. internal use only
D. public documents

4. This type of data is proprietary in nature.

A. top secret
B. proprietary
C. internal use only
D. public documents

5. This type of data is not appropriate for public release, but can be circulated

27 v2.0.37
within the company.

A. top secret
B. proprietary
C. internal use only
D. public documents

6. This type of data can be freely shared with the public.

A. top secret
B. proprietary
C. internal use only
D. public documents

7. An incident response program should blend with what aspect of the business?

A. technology
B. administration
C. organization
D. taxes

8. This letter, authored by the FTC, suggested that the FCRA regulated third-party
led misconduct investigations.

A. white letter
B. black letter
C. Vail letter
D. Taft letter

9. Amendments to what act occurred, in part, due to the Vail letter composed by the
FTC?

A. FACT
B. FCRA
C. HIPAA
D. AARP

10. Employers conducting a misconduct investigation involving the employee's credit

report do not have to:

A. inform the employee that his credit report will be accessed

B. receive the employee's consent for the credit report
C. provide the employee with a copy of the credit report
D. alter evidence

11. If an employee is punished because of something found on his credit report

during a misconduct investigation, the employee must receive:

CIPP__CBK_Tests 28
A. a full copy of the credit report and a list of note on the punishment basis
B. a full copy of the credit report
C. a summary report
D. nothing

12. According to FACT, an employee misconduct investigation must be:

A. related to theft
B. computer related
C. related to employment
D. a security breach

13. Employee misconduct investigations are limited to:

A. current employees
B. former employees
C. middle management
D. current and former employee

14. The Data Protection Directive regulates personal data processing in what
region?

A. Southern U.S.
B. United States
C. United Kingdom
D. European Union

15. What does the Data Protection Directive consider "personal data"?

A. address
B. bank information
C. criminal record
D. credit card information

16. According to the Data Protection Directive, when should personal data be
processed?

A. only when required by law

B. when the person the data belongs to approves
C. when necessary for a contract
D. personal data shouldn't be processed

17. What does the Data Protection Directive consider sensitive personal data?

A. health
B. race
C. politics

29 v2.0.37
D. religion

18. What does the Data Protection Directive call countries outside the E.U.?

A. member states
B. enemy territory
C. third countries
D. Third World

19. What process agreement was developed between the U.S. and E.U. to help U.S.
businesses comply with the Data Protection Directive?

A. Third Country Rule

B. Safe Harbor
C. center ;eft
D. U.S.O.

20. U.S. companies wishing to opt into the Safe Harbor process must adhere to the:

A. Geneva Convention
B. seven directive principles
C. ten commandments
D. First Amendment

21. This Safe Harbor principle require that individuals be informed about the
collection and use of their data.

A. notice
B. choice
C. onward transfer
D. security

22. This Safe Harbor principle states that data transfer to third parties can only
happen to companies that follow the directive principles.

A. Notice
B. Choice
C. Onward transfer
D. Security

23. This Safe Harbor principle states that people must have the chance to opt out
of the collection, use, and transfer of their personal data to third parties.

A. notice
B. choice
C. onward transfer
D. security

CIPP__CBK_Tests 30
24. What Safe Harbor principle states that "reasonable efforts" have to be made to
prevent data loss?

A. notice
B. choice
C. security
D. access

25. According to Safe Harbor principle of data integrity, data collected must be:

A. relevant and reliable

B. easily accessible
C. investigated
D. breached

31 v2.0.37
Answers

1. A, B, C, D
2. A
3. B
4. B
5. C
6. D
7. A, B, C
8. C
9. B
10. A, B, C
11. C
12. C
13. D
14. D
15. D
16. B, C
17. A, B, C, D
18. C
19. B
20. B
21. A
22. C
23. B
24. C
25. A

CIPP__CBK_Tests 32
 CIPP CBK Tests
6

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 6

Questions
1. According to this Safe Harbor principle, people must have the ability to access
and edit incorrections in their stored data.

A. access
B. enforcement
C. choice
D. notice

2. How often does a U.S. company have to recertify for the Safe Harbor process?

A. monthly
B. quarterly
C. yearly
D. biyearly

3. How is it determined that a U.S. company meets the Safe Harbor requirements?

A. self-assessment
B. third-party assessment
C. government assessment
D. EU assessment

4. What agency is supposed to monitor U.S. companies participating in Safe Harbor?

A. Federal Trade Commission

B. Department of Defense
C. FBI
D. CIA

5. What U.S. department helped the E.U. develop the Safe Harbor program?

33 v2.0.37
A. Department of Defense
B. Department of Education
C. Department of Health and Human Services
D. Department of Commerce

6. What is e-discovery?

A. Encrypted discovery - layers of data used for security

B. Electronic discovery - submission of electronic documents during a legal
proceeding
C. E.U. discovery - punishment for Safe Harbor compliance failure
D. End discovery - the last thing discovered in a misconduct investigation

7. What data type can be used in e-discovery?

A. e-mail
B. instant messages
C. database document
D. Web sites

8. One reason that the E.U. does not commonly cooperate in e-discovery is that the
personal data was collected for a specific purpose and use, and involving that data
in litigation would be:

A. immoral
B. secondary use
C. modernized
D. privatized

9. What is due diligence?

A. the document stage of litigation

B. a misconduct investigation
C. violation of trade law
D. checking to make sure a transaction is as it seems before it is made

10. Vendor due diligence is cared out by:

A. the buyer
B. the seller
C. a third party
D. the government

11. Who pays for the vendor due diligence process?

A. the buyer
B. the seller

CIPP__CBK_Tests 34
C. a third party
D. the government

12. What is a benefit of vendor due diligence?

A. speeds up the transaction process

B. saves costs of in-house investigations
C. grants credibility to the seller
D. reduction of confidential materials revealed to buyer

13. Employee termination records should be kept to satisfy what law?

A. ADA
B. ADEA
C. OSHA
D. HIPAA

14. Where should documentation of a misconduct investigation be stored?

A. safety deposit box

B. employee's personnel file
C. new file created for that purpose
D. vault

15. How should employers make it clear what is expected of employees?

A. issue job descriptions

B. issue employee handbooks
C. memoranda
D. e-mails

16. What type of information should be kept in an employee's personnel file?

A. resume
B. performance evaluations
C. record of disciplinary action
D. medical records

17. What records shouldn't be kept in an employee's personnel file?

A. religious information
B. medical records
C. worker's compensation records
D. resume

18. Performance evaluation remarks should be made using what type of descriptors?

35 v2.0.37
A. vague
B. objective
C. notarized
D. dubious

19. What should be documented during an employee performance evaluation?

A. issue of the evaluation

B. specific examples
C. record of warning of bad behavior given to the employee
D. employee signature

20. What should never be included in an employer's records?

A. Protected status information about employees, such as sexual orientation or

disability
B. Admissions of wrongdoing on the part of the company
C. Opinionated remarks about an employee's behavior
D. False information

21. Documentation is helpful for the employer to have when an employee makes what
type of claim?

A. wage claim
B. breach of contract
C. wrongful termination
D. discrimination

22. How many U.S. states lack specific laws pertaining to Social Security Number
privacy?

A. 5
B. 14
C. 20
D. 48

23. What branch of the U.S. government controls the nation's money?

A. Executive
B. Legislative
C. Judicial
D. monetary

24. What branch of the U.S. government gets to police itself?

A. Executive
B. Legislative

CIPP__CBK_Tests 36
C. Judicial
D. monetary

25. What branch of the U.S. government can start impeachment proceedings against
the President?

A. Executive
B. Legislative
C. Judicial
D. impeachment

37 v2.0.37
Answers

1. A
2. C
3. A, B
4. A
5. D
6. B
7. A, B, C, D
8. B
9. D
10. C
11. B
12. A, B, C, D
13. A, B
14. C
15. A, B, C, D
16. A, B, C
17. A, B, C
18. B
19. A, B, C
20. A, B, C, D
21. A, B, C, D
22. B
23. B
24. C
25. B

CIPP__CBK_Tests 38
 CIPP CBK Tests
7

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 7

Questions
1. Where is a contract enforceable?

A. court of law
B. workplace
C. agreement location
D. notary's office

2. Failure to honor the terms of a contract is called a:

A. breach
B. impeachment
C. agreement
D. agenda

3. A standardized contractual term is called a:

A. letter
B. veto
C. boilerplate
D. breach

4. At what level are the distinctions among jurisdictions in the U.S. codified?

A. state
B. national
C. city
D. region

5. This type of jurisdiction pertains to the power of the court over a specific
person or property item.

39 v2.0.37
A. federal question
B. personal
C. removal
D. class action

6. The jurisdiction of U.S. district courts allows them to hear only cases
involving:

A. Federal law
B. a complaint against another state
C. a complaint against another country
D. appeals

7. To be considered an unfair practice by a court, a consumer case must have:

A. injured consumers
B. violated public policy
C. been unethical
D. been financial

8. The Food and Drug Administration is part of which Cabinet department?

A. Department of Commerce
B. Department of Health and Human Services
C. Federal Trade Commission
D. Federal Communications Commission

9. The Comptroller of the Currency is also director of the:

A. FBI
B. Federal Deposit Insurance Corporation
C. Department of Health and Human Services
D. CIA

10. How are most state attorney generals appointed?

A. election
B. Presidential appointment
C. Senate
D. House of Representatives

11. The U.S. Constitution has jurisdiction at what level?

A. national
B. state
C. city
D. regional

CIPP__CBK_Tests 40
12. What does a state constitution typically contain?

A. Bill of Rights
B. establishment of a state executive branch
C. state legislature
D. invocation of God

13. Federal laws require Social Security Numbers be reported for those:

A. requesting food stamps

B. requesting financial assistance
C. need a birth certificate issue
D. filing a tax return

14. Credit bureaus are a type of:

A. consumer reporting agency

B. contract
C. misconduct investigation
D. performance review

15. How many years may a bankruptcy appear on a credit report?

A. 7
B. 10
C. 12
D. 20

16. According to the FCRA, this entity provides the credit information to the
consumer reporting agencies.

A. FTC
B. information furbisher
C. lawyer
D. retailer

17. Information furbishers can be:

A. creditors
B. third-party collection agencies
C. courts
D. credit reporting agencies

18. According to the FCRA, those who wish to use a credit report as a judgment for
more credit or employment must:

41 v2.0.37
A. notify the individual if an adverse action results from the report
B. identify which credit reporting agency the report came from
C. Third parties aren't allowed to access credit reports under any circumstances
D. third parties have full and free access to credit reports

19. Which company is regulated by the FCRA?

A. Transunion
B. Equifax
C. Experian
D. Honda

20. The Children's Online Privacy Protection Act (COPPA) pertains to:

A. e-mail
B. Web sites
C. games
D. telephones

21. Under COPPA, Web sites targeted at those under 13 must require the children:

A. sign a waiver
B. get permission from a parent
C. leave the site forever
D. click yes

22. Under the TCPA, telemarketers may not call homes before and after what times?

A. 8 a.m. and 9 p.m.

B. 7 a.m. and 10 p.m.
C. 6 a.m. and 5 p.m.
D. 9 a.m. and 11 p.m.

23. According to the TCPA, a telemarketer must provide what information to the
person he is calling?

A. name of the telemarketer

B. name of entity they are calling on behalf of
C. contact information for the entity they represent
D. their badge number

24. The CAN-SPAM Act amended the type to apply to calls and faxes that:

A. originated from another state

B. originated from another country
C. were made before 8 a.m.
D. were made by a machine

CIPP__CBK_Tests 42
25. What does the CAN-SPAM Act legalize?

A. internet pornography
B. most e-mail spam
C. telemarketing calls
D. robocalls

43 v2.0.37
Answers

1. A
2. A
3. C
4. B
5. B
6. A, B, C
7. A, B, C
8. B
9. B
10. A
11. A
12. A, B, C, D
13. A, B, C, D
14. A
15. B
16. B
17. A, B, C
18. A, B
19. A, B, C
20. B, C
21. B
22. A
23. A, B, C
24. B
25. B

CIPP__CBK_Tests 44
 CIPP CBK Tests
8

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 8

Questions
1. CAN-SPAM requires unsolicited email marketing messages to adhere to what rule
regarding unsubscribe methods?

A. Every email must contain a working and visible unsubscribe link.

B. Every message must contain a self-destruct program.
C. Every message must contain a false subject line.
D. Opt-out requests must be met within 10 days of the request.

2. According to CAN-SPAM, what must unsolicited marketing emails contain?

A. accurate "from" information

B. non-deceptive subject lines
C. a real address for the advertiser
D. pornography

3. What is considered an "aggravated offense" under CAN-SPAM?

A. email address harvesting

B. Trojan horses
C. worms
D. unsubscribe methods

4. Many of the telemarketing laws do not apply when the caller and the receiver
have an EBR. What does EBR stand for?

A. Entity Building Residual

B. Existing Business Relationship
C. End Back Report
D. Earning Basis Residuals

5. The board of the National Labor Relations Board is appointed by:

45 v2.0.37
A. the President
B. the Senate
C. the President, with the Senate's approval
D. elections

6. What is a workplace change that was brought about by OSHA?

A. guards covering moving parts when contact with humans may occur
B. permissible exposure limits for chemicals
C. personal protective equipment for workers
D. CAN-SPAM

7. These letters are sent to public companies from the SEC requesting comments on
particular issues.

A. advisory letters
B. warnings
C. comment letters
D. memoranda

8. A proven case of negligence could entitle the injured party to compensation for:

A. bodily harm
B. property damage
C. mental health
D. finances

9. What condition is excluded from the Americans with Disabilities Act?

A. substance abuse problems

B. multiple sclerosis
C. vision problems that can be corrected by lenses
D. paralysis

10. Under the ADA, how is it determined if someone is disabled?

A. decision made on a case-by-case basis

B. there is a checklist of criteria
C. the person must be handicapped
D. the person must be on disability

11. The ADA definition of a disability states that the impairment must limit:

A. movement
B. sight
C. a major life activity
D. happiness

CIPP__CBK_Tests 46
12. The Civil Rights Act of 1964 outlawed:

A. slavery
B. discrimination against the disabled
C. racial segregation
D. telemarketing fraud

13. The Equal Pay Act of 1963 prohibited wage differences based on:

A. race
B. religion
C. gender
D. sexuality

14. Employee exit management refers to a process during which an employee:

A. leaves of her own accord

B. leaves based on a mutual agreement
C. is terminated
D. receives a promotion

15. What is an issue a company might have to consider during an employee

termination?

A. avoidance of litigation
B. protection of trade secrets
C. hiring a replacement
D. references

16. When an employee is "terminated without prejudice," it means:

A. the company wishes him well in the future

B. the employee may be rehired for a job at that company in the future
C. the company considers the employee incompetent
D. the company will not provide references

17. What is a reason an employee may be terminated with prejudice?

A. incompetence
B. dishonesty
C. layoffs
D. insubordination

18. An employee fired for what reason could bring a wrongful termination lawsuit
against the company?

47 v2.0.37
A. employer discrimination
B. employee refusal to do something illegal for the employer
C. employer retaliation
D. employee incompetence

19. When an employer knows an employee is to be terminated, it should contact the

Network Administrator for the company and terminate the employee's access to:

A. the computer system

B. the telephone systems
C. building entry code
D. lockers

20. This type of discipline is a process in which an employee is warned about poor
performance in an increasingly formal series of steps.

A. metric
B. progressive
C. instigating
D. termination

21. An employee termination meeting should include:

A. the employee
B. the employee's direct supervisor
C. the employee's spouse
D. lawyer

22. What is an action that may lead to immediate termination of employment with
cause?

A. acts of violence
B. property theft
C. incompetence
D. no call, no show

23. Employers may be required to offer terminated employees information about this
continuing health care coverage program.

A. HIPAA
B. AETNA
C. Humana
D. COBRA

24. What records should an employer generally keep for a year after an employee has
been terminated?

A. resume

CIPP__CBK_Tests 48
B. application
C. employment test
D. payroll records

25. An employee termination meeting should include:

A. employee's spouse
B. co-workers
C. HR representative
D. lawyer

49 v2.0.37
Answers

1. A, D
2. A, B, C
3. A, B, C
4. B
5. C
6. A, B, C
7. C
8. A, B, C, D
9. A, C
10. A
11. C
12. C
13. C
14. C
15. A, B, C
16. B
17. A, B, D
18. A, B, C
19. A, B, C
20. B
21. A, B
22. A, B
23. D
24. A, B, C
25. C

CIPP__CBK_Tests 50
 CIPP CBK Tests
9

CIPP Prep Materials

CBK Tests
CIPP CBK Tests 9

Questions
1. -------- is the term for the guidelines governing the use of an IT system
including those governing its users:

A. Access controls
B. Security controls
C. Rules of behavior
D. System rules

2. The use of personal data for a purpose other than the one for which it was
originally collected is called ----

A. data mining
B. data aggregation
C. data augmentation
D. secondary use

3. ---- is the denial of access to protected information from unauthorized users.

A. Classification
B. Secrecy
C. Access restriction
D. Security controls

4. A Secret Key:

A. contains classified information

B. is not made available to the public
C. is "secret" in order to protect it from disclosure or substitution
D. may be associated with one or more entities

5. Security measures of an information system include:

51 v2.0.37
A. physical facilities
B. administrative processes and activities
C. government classifications
D. technical safeguards

6. Security Controls are:

A. all administrative, physical, and technical safeguards to protect an information

system
B. any protective measures implemented in order to meet security requirements for
IT systems
C. the implementation of access controls
D. all actions taken as a countermeasure to potential risks

7. Which of the following are security incidents?

A. successful unauthorized access to personal health information

B. successful disruption of the operations of an information system
C. an attempt to gain access to unauthorized information
D. all of the above

8. Which of the following include sensitive information?

A. only classified information as decided by a federal agency

B. data protected under the privacy act
C. information deemed unreleasable by the Freedom of Information Act
D. any information that would cause loss or harm to an agency's ability to
accomplish its mission should unauthorized use or disclosure occur

9. What is a Service Recipient?

A. any entity receiving federal benefits

B. any entity that receives personal health information
C. any entity that receives personally identifiable information
D. any entity that receives information processing services from an IPS
organization

10. ----_ is the term for any agency that discloses records to be used in matching
programs or other agencies that disclose records for matching programs.

A. matching program record storage

B. information processing services organization
C. source agency
D. information collection agency

11. What is included under the term State in the Fair Credit Reporting Act?

A. Puerto Rico

CIPP__CBK_Tests 52
B. US Virgin Islands
C. the 50 states
D. any country

12. A state insurance authority regulates:

A. in-state insurance claims for state residents only

B. insurance claims for state residents for in-state and out of state
C. insurance issuers residing within a state
D. in-state claims for residents and non-residents of a state

13. For what purposes may a statistical record be used?

A. statistical research
B. reporting purposes
C. determining the identity of an individual from the information
D. contacting an individual who has a statistical record

14. According to FERPA, a student is:

A. any individual enrolled in primary or secondary school

B. any individual taking a class on any subject
C. an individual who has been in attendance at an agency or institution
D. any person who has educational records on file at a educational agency or
institution

15. Which of the following are examples of supervisory agencies of financial

institutions?

A. Federal Deposit Insurance Corporation

B. any state banking or securities department or agency
C. the National Credit Union Administration
D. the Federal Trade Commission

16. -------- is a generic term used to describe an application or support system.

A. Network
B. Information technology
C. System
D. Software

17. ---- is the name for the individual responsible for managing a multi-user
computer system.

A. Chief Information Officer

B. System Administrator
C. Access controller

53 v2.0.37
D. Network supervisor

18. Initiation, development, acquisition, implementation, operation, maintenance,

and disposal are all activities in a --------

A. System Development Life Cycle

B. data lifecycle
C. information life cycle
D. network lifecycle

19. Information is retrieved from a ----_ using the name of an individual, account
number or other identifier.

A. network
B. data storage
C. system of records
D. computer

20. ---- is the term for the direct connection of two more IT systems

A. network interconnection
B. sister systems
C. system sharing
D. system interconnection

21. Technical controls:

A. include physical facilities

B. can be hardware
C. can be software
D. operate within technical systems and applications

22. Technical safeguards:

A. protect electronic health information

B. include the technology systems used to mange health information
C. include the physical facilities storing technological equipment
D. include policies and procedures related to the technology systems used

23. ----_ is the transmission of data between two points, specified by the user,
during which the data remains unchanged.

A. Electronic communication
B. Information transmission
C. Telecommunication
D. Transmission maintaining data integrity

CIPP__CBK_Tests 54
24. Threats include:

A. deliberate attempts to cause harm to an information system

B. unintentional possibility of harm to an information system
C. any potential risk that may cause harm to an information system
D. successful attempts at harm to an information system

25. ---- is the transmission of information for the purpose of financial or

administrative activities.

A. Electronic communication
B. Information transmission
C. Telecommunication
D. Transaction

55 v2.0.37
Answers

1. C
2. D
3. A
4. B, C, D
5. A, B, D
6. B
7. D
8. B, C, D
9. D
10. C
11. A, B, C
12. C
13. A, B
14. C, D
15. A, B, C
16. C
17. B
18. A
19. C
20. D
21. B, C, D
22. A, B, D
23. C
24. A, B, C
25. D

CIPP__CBK_Tests 56