Personally Identifiable Information (PII) v4.0 Test with Answers
Which action requires an organization to carry out a Privacy
Impact Assessment? - ANSWER -Collecting PII to store in
a new information system Officials or employees who knowingly disclose PII to someone
without a need-to-know may be subject to which of the
following? - ANSWER -Criminal penalties
What is the purpose of a Privacy Impact Assessment (PIA)? -
ANSWER -Determine whether the collection and
maintenance of PII is worth the risk to individuals Your organization has a new requirement for annual security
training. To track training completion, they are using employee
Social Security Numbers as a record identification. Is this
T or F? Information that can be combined with other information compliant with PII safeguarding procedures? - ANSWER -
to link solely to an individual is considered PII. - No
ANSWER -T or F? Information that can be combined with
other information to link solely to an individual is considered PII.
Identify if a PIA is required: - ANSWER -PII records are
being converted from paper to electronic. & A new system is
What guidance identifies federal information security controls? - being purchased to store PII.
ANSWER -OMB Memorandum M-17-12: Preparing for
and Responding to a Breach of Personally Identifiable
Information Which of the following is NOT included in a breach notification? -
ANSWER -Articles and other media reporting the breach.
An organization that fails to protect PII can face consequences
including: - ANSWER -All of the above T or F? Misuse of PII can result in legal liability of the individual.
- ANSWER -Trure
If someone tampers with or steals and individual's PII, they
could be exposed to which of the following? - ANSWER - Which regulation governs the DoD Privacy Program? -
All of the above ANSWER -DoD 5400.11-R: DoD Privacy Program
Which of the following is not an example of PII? - T or F? Using a social security number to track individuals'
ANSWER -Pet's nickname training requirements is an acceptable use of PII. -
ANSWER -False
What law establishes the federal government's legal
responsibility for safeguarding PII? - ANSWER -The T or F? Misuse of PII can result in legal liability of the
Privacy Act of 1974 organization. - ANSWER -True
An organization with existing system of records decides to start Which type of safeguarding measure involves restricting PII
using PII for a new purpose outside the "routine use" defined in access to people with a need-to-know? - ANSWER -
the System of Records Notice (SORN). Is this a permitted use? Administrative
- ANSWER -No
Which of the following is responsible for the most recent PII
data breaches? - ANSWER -Phishing
Which of the following is not an example of an administrative
safeguard that organizations use to protect PII? -
ANSWER -List all potential future uses of PII in the
System of Records Notice (SORN)
Within what timeframe must DoD organizations report PII
breaches to the United States Computer Emergency Readiness
Team (US-CERT) once discovered? - ANSWER -1 hour
1/1
Which action requires an organization to carry out a Privacy
Impact Assessment? - ANSWER -Collecting PII to store in
a new information system Officials or employees who knowingly disclose PII to someone
without a need-to-know may be subject to which of the
following? - ANSWER -Criminal penalties
What is the purpose of a Privacy Impact Assessment (PIA)? -
ANSWER -Determine whether the collection and
maintenance of PII is worth the risk to individuals Your organization has a new requirement for annual security
training. To track training completion, they are using employee
Social Security Numbers as a record identification. Is this
T or F? Information that can be combined with other information compliant with PII safeguarding procedures? - ANSWER -
to link solely to an individual is considered PII. - No
ANSWER -T or F? Information that can be combined with
other information to link solely to an individual is considered PII.
Identify if a PIA is required: - ANSWER -PII records are
being converted from paper to electronic. & A new system is
What guidance identifies federal information security controls? - being purchased to store PII.
ANSWER -OMB Memorandum M-17-12: Preparing for
and Responding to a Breach of Personally Identifiable
Information Which of the following is NOT included in a breach notification? -
ANSWER -Articles and other media reporting the breach.
An organization that fails to protect PII can face consequences
including: - ANSWER -All of the above T or F? Misuse of PII can result in legal liability of the individual.
- ANSWER -Trure
If someone tampers with or steals and individual's PII, they
could be exposed to which of the following? - ANSWER - Which regulation governs the DoD Privacy Program? -
All of the above ANSWER -DoD 5400.11-R: DoD Privacy Program
Which of the following is not an example of PII? - T or F? Using a social security number to track individuals'
ANSWER -Pet's nickname training requirements is an acceptable use of PII. -
ANSWER -False
What law establishes the federal government's legal
responsibility for safeguarding PII? - ANSWER -The T or F? Misuse of PII can result in legal liability of the
Privacy Act of 1974 organization. - ANSWER -True
An organization with existing system of records decides to start Which type of safeguarding measure involves restricting PII
using PII for a new purpose outside the "routine use" defined in access to people with a need-to-know? - ANSWER -
the System of Records Notice (SORN). Is this a permitted use? Administrative
- ANSWER -No
Which of the following is responsible for the most recent PII
data breaches? - ANSWER -Phishing
Which of the following is not an example of an administrative
safeguard that organizations use to protect PII? -
ANSWER -List all potential future uses of PII in the
System of Records Notice (SORN)
Within what timeframe must DoD organizations report PII
breaches to the United States Computer Emergency Readiness
Team (US-CERT) once discovered? - ANSWER -1 hour
1/1
