Enjoy 15% Discount With Coupon 15off

IAPP CIPM Certified Information Privacy Manager (CIPM) Online Training

IAPP CIPM Certified Information Privacy Manager (CIPM) Online Training

IAPP CIPM Online Training

The questions for CIPM were last updated at Nov 26,2024.
  • Exam Code: CIPM
  • Exam Name: Certified Information Privacy Manager (CIPM)
  • Certification Provider: IAPP
  • Latest update: Nov 26,2024
Question #21

SCENARIO

Please use the following to answer the next QUESTION:

John is the new privacy officer at the prestigious international law firm C A&M LLP. A&M LLP is very proud of its reputation in the practice areas of Trusts & Estates and Merger & Acquisition in both U.S. and Europe.

During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm’s email continuity service to their existing email security vendor C MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&M LLP.

John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe’s previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns.

At the meeting, Derrick emphasized that email is the primary method for the firm’s lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn’t have the time or resource to look for another solution. Furthermore, the off- premises email continuity service will only be turned on when the email service at A&M LLP’s primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days.

Which of the following is a TRUE statement about the relationship among the organizations?

  • A . Cloud Inc. must notify A&M LLP of a data breach immediately.
  • B . MessageSafe is liable if Cloud Inc. fails to protect data from A&M LLP.
  • C . Cloud Inc. should enter into a data processor agreement with A&M LLP.
  • D . A&M LLP’s service contract must be amended to list Cloud Inc. as a sub-processor.

Reveal Solution Hide Solution

Question #22

SCENARIO

Please use the following to answer the next QUESTION:

John is the new privacy officer at the prestigious international law firm C A&M LLP. A&M LLP is very proud of its reputation in the practice areas of Trusts & Estates and Merger & Acquisition in both U.S. and Europe.

During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm’s email continuity service to their existing email security vendor C MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&M LLP.

John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe’s previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns.

At the meeting, Derrick emphasized that email is the primary method for the firm’s lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn’t have the time or resource to look for another solution. Furthermore, the off- premises email continuity service will only be turned on when the email service at A&M LLP’s primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days.

Which of the following is NOT an obligation of MessageSafe as the email continuity service provider for A&M LLP?

  • A . Privacy compliance.
  • B . Security commitment.
  • C . Certifications to relevant frameworks.
  • D . Data breach notification to A&M LLP.

Reveal Solution Hide Solution

Question #23

In privacy protection, what is a "covered entity"?

  • A . Personal data collected by a privacy organization.
  • B . An organization subject to the privacy provisions of HIPAA.
  • C . A privacy office or team fully responsible for protecting personal information.
  • D . Hidden gaps in privacy protection that may go unnoticed without expert analysis.

Reveal Solution Hide Solution

Question #24

Which of the following best describes proper compliance for an international organization using Binding Corporate Rules (BCRs) as a controller or processor?

  • A . Employees must sign an ad hoc contractual agreement each time personal data is exported.
  • B . All employees are subject to the rules in their entirety, regardless of where the work is taking place.
  • C . All employees must follow the privacy regulations of the jurisdictions where the current scope of their work is established.
  • D . Employees who control personal data must complete a rigorous certification procedure, as they are exempt from legal enforcement.

Reveal Solution Hide Solution

Question #25

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather’s law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office’s strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients’ personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year’s end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

Richard believes that a transition from the use of fax machine to Internet faxing provides all of the following security benefits EXCEPT?

  • A . Greater accessibility to the faxes at an off-site location.
  • B . The ability to encrypt the transmitted faxes through a secure server.
  • C . Reduction of the risk of data being seen or copied by unauthorized personnel.
  • D . The ability to store faxes electronically, either on the user’s PC or a password-protected network server.

Reveal Solution Hide Solution

Question #26

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather’s law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office’s strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients’ personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year’s end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

As Richard begins to research more about Data Lifecycle Management (DLM), he discovers that the law office can lower the risk of a data breach by doing what?

  • A . Prioritizing the data by order of importance.
  • B . Minimizing the time it takes to retrieve the sensitive data.
  • C . Reducing the volume and the type of data that is stored in its system.
  • D . Increasing the number of experienced staff to code and categorize the incoming data.

Reveal Solution Hide Solution

Question #27

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather’s law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office’s strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients’ personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year’s end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

Which of the following policy statements needs additional instructions in order to further protect the personal data of their clients?

  • A . All faxes sent from the office must be documented and the phone number used must be double checked to ensure a safe arrival.
  • B . All unused copies, prints, and faxes must be discarded in a designated recycling bin located near the work station and emptied daily.
  • C . Before any copiers, printers, or fax machines are replaced or resold, the hard drives of these devices must be deleted before leaving the office.
  • D . When sending a print job containing personal data, the user must not leave the information visible on the computer screen following the print command and must retrieve the printed document immediately.

Reveal Solution Hide Solution

Question #28

SCENARIO

Please use the following to answer the next QUESTION:

Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia to help run his aging grandfather’s law practice. The elder McAdams desired a limited, lighter role in the practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and assesses the office’s strategies for growth.

Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to modernize the office, mostly in regard to the handling of clients’ personal data. His first goal is to digitize all the records kept in file cabinets, as many of the documents contain personally identifiable financial and medical data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/ printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing policy by the year’s end.

Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following day, to get insight into how the office computer system is currently set-up and managed.

Richard needs to closely monitor the vendor in charge of creating the firm’s database mainly because of what?

  • A . The vendor will be required to report any privacy violations to the appropriate authorities.
  • B . The vendor may not be aware of the privacy implications involved in the project.
  • C . The vendor may not be forthcoming about the vulnerabilities of the database.
  • D . The vendor will be in direct contact with all of the law firm’s personal data.

Reveal Solution Hide Solution

Question #29

What should be the first major goal of a company developing a new privacy program?

  • A . To survey potential funding sources for privacy team resources.
  • B . To schedule conversations with executives of affected departments.
  • C . To identify potential third-party processors of the organization’s information.
  • D . To create Data Lifecycle Management policies and procedures to limit data collection.

Reveal Solution Hide Solution

Question #30

Which is TRUE about the scope and authority of data protection oversight authorities?

  • A . The Office of the Privacy Commissioner (OPC) of Canada has the right to impose financial sanctions on violators.
  • B . All authority in the European Union rests with the Data Protection Commission (DPC).
  • C . No one agency officially oversees the enforcement of privacy regulations in the United States.
  • D . The Asia-Pacific Economic Cooperation (APEC) Privacy Frameworks require all member nations to designate a national data protection authority.

Reveal Solution Hide Solution

Previous Questions Next Questions
Latest CIPM Dumps Valid Version with 90 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CIPM PDF
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments

Related Posts

24Sep

IAPP AIGP Artificial Intelligence Governance Professional Online Training

Question #1 Machine learning is best described as a type of algorithm by which? A . Systems can mimic human intelligence with... read more

18Oct

IAPP CIPT Certified Information Privacy Technologist Online Training

Question #1 What would be an example of an organization transferring the risks associated with a data breach? A . Using a... read more

14Oct

IAPP CIPP-C Certified Information Privacy Professional/ Canada (CIPP/C) Online Training

Question #1 SCENARIO Please use the following to answer the next QUESTION Noah is trying to get a new job involving... read more

25Dec

IAPP CIPP-E Certified Information Privacy Professional/Europe (CIPP/E) Online Training

Question #1 Read the following steps: ✑ Discover which employees are accessing cloud services and from which devices and apps Lock... read more

09Nov

IAPP CIPP-US Certified Information Privacy Professional/United States (CIPP/US) Online Training

Question #1 Which jurisdiction must courts have in order to hear a particular case? A . Subject matter jurisdiction and regulatory jurisdictionB... read more

06Oct

IAPP CIPP-A Certified Information Privacy Professional/Asia (CIPP/A) Online Training

Question #60 When implementing Privacy by Design (PbD), what would NOT be a key consideration? A . Collection limitation.B . Data minimization.C... read more