Personally Identifiable Information (PII) v4.0 ||
QUESTIONS WITH 100% ACCURATE
SOLUTIONS!!
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System correct answers B. Collecting PII to
store in a new information system
Which of the following is an example of a physical safeguard that individuals can use to
protect PII? correct answers All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of
Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity correct
answers C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
T or F? Information that can be combined with other information to link solely to an
individual is considered PII. correct answers True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
D. The Privacy Act of 1974 correct answers C. OMB Memorandum M-17-12: Preparing for
and Responding to a Breach of Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above correct answers D. All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which of the
following?
A. Embarrassment
B. Fraud
, C. Identity theft
D. All of the above correct answers D. All of the above
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN. correct
answers d. The record is disclosed for a new purpose that is not specified in the SORN.
Which of the following is not an example of PII?
A. Fingerprints
B. Driver's license number
C. Social Security number
D. Pet's nickname correct answers D. Pet's nickname
Which of the following must privacy impact assessments (PIAs) do? correct answers all of
the above
What law establishes the federal government's legal responsibility for safeguarding PII?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) correct answers C. The Privacy Act of 1974
ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY,
AND COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE
FOLLOWING? correct answers CIVIL PENALTIES
What law establishes the public's right to access federal government information?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) correct answers D. The Freedom of Information
Act (FOIA)
An organization with existing system of records decides to start using PII for a new purpose
outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted
use?
A. Yes
B. No correct answers B. No
QUESTIONS WITH 100% ACCURATE
SOLUTIONS!!
Which action requires an organization to carry out a Privacy Impact Assessment?
A. Storing paper-based records
B. Collecting PII to store in a new information system
C. Collecting any CUI. including but not limited to PII
D. Collecting PII to store in a National Security System correct answers B. Collecting PII to
store in a new information system
Which of the following is an example of a physical safeguard that individuals can use to
protect PII? correct answers All of the above
What is the purpose of a Privacy Impact Assessment (PIA)?
A. Determine whether paper-based records are stored securely
B. Determine whether information must be disclosed according to the Freedom of
Information Act (FOIA)
C. Determine whether the collection and maintenance of PII is worth the risk to individuals
D. Determine whether Protected Health Information (PHI) is held by a covered entity correct
answers C. Determine whether the collection and maintenance of PII is worth the risk to
individuals
T or F? Information that can be combined with other information to link solely to an
individual is considered PII. correct answers True
What guidance identifies federal information security controls?
A. DoD 5400.11-R: DoD Privacy Program
B. The Freedom of Information Act (FOIA)
C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
D. The Privacy Act of 1974 correct answers C. OMB Memorandum M-17-12: Preparing for
and Responding to a Breach of Personally Identifiable Information
An organization that fails to protect PII can face consequences including:
A. Remediation costs
B. Loss of trust
C. Legal liability
D. All of the above correct answers D. All of the above
If someone tampers with or steals and individual's PII, they could be exposed to which of the
following?
A. Embarrassment
B. Fraud
, C. Identity theft
D. All of the above correct answers D. All of the above
Which of the following is NOT a permitted disclosure of PII contained in a system of
records?
a. The individual has requested that their record be disclosed.
b. The record is disclosed for routine use.
c. All permitted disclosures.
d. The record is disclosed for a new purpose that is not specified in the SORN. correct
answers d. The record is disclosed for a new purpose that is not specified in the SORN.
Which of the following is not an example of PII?
A. Fingerprints
B. Driver's license number
C. Social Security number
D. Pet's nickname correct answers D. Pet's nickname
Which of the following must privacy impact assessments (PIAs) do? correct answers all of
the above
What law establishes the federal government's legal responsibility for safeguarding PII?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) correct answers C. The Privacy Act of 1974
ORGANIZATIONS THAT FAIL TO MAINTAIN ACCURATE, RELEVANT, TIMELY,
AND COMPLETE INFORMATION MAY BE SUBJECT TO WHICH OF THE
FOLLOWING? correct answers CIVIL PENALTIES
What law establishes the public's right to access federal government information?
A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally
Identifiable Information
B. DoD 5400.11-R: DoD Privacy Program
C. The Privacy Act of 1974
D. The Freedom of Information Act (FOIA) correct answers D. The Freedom of Information
Act (FOIA)
An organization with existing system of records decides to start using PII for a new purpose
outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted
use?
A. Yes
B. No correct answers B. No
