CIPP/E IAPP Practice Questions
_________ is/are a key part of the equation while assessing hazard.
-Controller obligatins
-Expected loss
-Purpose of processing
-Data subject rights - ANS-Expected loss
__________must be included in a processor contract.
Check all that observe:
-the kinds of records subjects
- the character and reason of the processing
-the issue be counted and length of the processing
-the sort of personal information
-The approach for destroying private records following processing activities - ANS-All EXCEPT
The technique for destroying non-public facts.
Contract need to also incorporate the responsibilities and rights of the controller
A controller must notify the data topics of a non-public facts breach if the breach is probable to
result in a high threat to the rights and freedoms of those people unless_________. Pick all that
observe:
-Individual observe require disproportionate effort
-Prior implementation of suitable technical
and organisational measures rendered the non-public information unintelligible or encrypted
-Post-breach moves substantially lessen the hazard to the rights and freedoms of the statistics
topics. - ANS-All
A controller must notify the supervisory authority of a personal statistics breach if __________.
-A breach is in all likelihood to bring about a chance to the rights and freedoms of natural
individuals
-A breach is possibly to bring about a high threat for the rights and freedoms of herbal
individuals - ANS-A breach probable to result in danger to the rights and freedoms of natural
humans.
,A processor is answerable for enforcing appropriate technical and organisational measures to
hold private data secure. True or false? - ANS-True
A processor may additionally manner non-public facts only on documented instructions from the
controller. True or fake? - ANS-True
According to the GDPR, the proper to information portability applies:
a. Whilst the processing turned into primarily based on a public hobby
b. Whilst processing changed into at the start based totally at the person's consent
c. Whilst the processing was carried out through automated approach
d. While the processing turned into based on the controller's legitimate hobbies. - ANS-b
According to the GDPR, while does an organization want to do so to legitimize pass border
records transfers of private data
a. While the date is routed via another jurisdicion in or outdoor the EU
b. While the date is transferred from one jurisdiction inside the EU to every other
c. While the date is transferred from a jurisdiction outside the European Union to a member
kingdom of the EU
d. Whilst the date is transferred from a jurisdiction within the EU to a third u . S . A . Which is not
deemed good enough. - ANS-d
Along with legitimacy, what is some other condition that need to be met when wearing out
worker tracking?
A. The monitoring need to e within the public hobby
b. The monitoring must e restrained to what's essential for the functions
c. The monitoring should be beneath an employment contract
d. The monitoring should be held to time constraints. - ANS-b
Along with the name and phone details of the statistics controller processing the non-public
statistics, what other data should e blanketed in the facts of processing to be maintained by way
of the information controller under the GDPR?
, A. Retention period of each category of personal data, in which possible.
B. Purpose(s) for processing the non-public data
c. 0.33 countries to which the facts may be transferred
d. All of A, B, and C. - ANS-d
Choose the characteristic that describes the Council of the EU
-Is every so often described as the executive body of the EU
-Is one of the major decision-making bodies of the EU - ANS-Is one of the major choice making
our bodies of the EU.
Choose the function that describes the Court of Justice of the EU
-Makes choices on troubles of EU regulation
-Is based in Strasbourg - ANS-Makes decisions on issues of EU law.
Choose the function that describes the European Commission.
-Has the energy to advocate legislation
-Is composed of a at once elected frame - ANS-Has the power to recommend rules
Choose the function that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts legal guidelines - ANS-Sets the general political time table of the EU.
Chose the function that describes the European Parliament.
-Is liable for legislative improvement, supervisory oversight of other institutions, and
improvement of the budget
-Defines the EU priorities and units the political path for the EU. - ANS-Defines the EU priorities
and units the political direction for the EU
CIAR stands for.....
-Confidentiality, records, availability and hazard assessment
-Continuity, integrity, access, and resilience
-Confidentiality, integrity, availability and resilience
-Continuity, information, get right of entry to and danger assessment - ANS-Confidentiality,
integrity, availability and resilience
Exclusions to the cloth scope of GDPR need to be interpreted broadly. True or fake? -
ANS-False
How is an enterprise obliged to proceed earlier than attractive within the preferred monitoring of
email visitors and net use of all of its employees?
_________ is/are a key part of the equation while assessing hazard.
-Controller obligatins
-Expected loss
-Purpose of processing
-Data subject rights - ANS-Expected loss
__________must be included in a processor contract.
Check all that observe:
-the kinds of records subjects
- the character and reason of the processing
-the issue be counted and length of the processing
-the sort of personal information
-The approach for destroying private records following processing activities - ANS-All EXCEPT
The technique for destroying non-public facts.
Contract need to also incorporate the responsibilities and rights of the controller
A controller must notify the data topics of a non-public facts breach if the breach is probable to
result in a high threat to the rights and freedoms of those people unless_________. Pick all that
observe:
-Individual observe require disproportionate effort
-Prior implementation of suitable technical
and organisational measures rendered the non-public information unintelligible or encrypted
-Post-breach moves substantially lessen the hazard to the rights and freedoms of the statistics
topics. - ANS-All
A controller must notify the supervisory authority of a personal statistics breach if __________.
-A breach is in all likelihood to bring about a chance to the rights and freedoms of natural
individuals
-A breach is possibly to bring about a high threat for the rights and freedoms of herbal
individuals - ANS-A breach probable to result in danger to the rights and freedoms of natural
humans.
,A processor is answerable for enforcing appropriate technical and organisational measures to
hold private data secure. True or false? - ANS-True
A processor may additionally manner non-public facts only on documented instructions from the
controller. True or fake? - ANS-True
According to the GDPR, the proper to information portability applies:
a. Whilst the processing turned into primarily based on a public hobby
b. Whilst processing changed into at the start based totally at the person's consent
c. Whilst the processing was carried out through automated approach
d. While the processing turned into based on the controller's legitimate hobbies. - ANS-b
According to the GDPR, while does an organization want to do so to legitimize pass border
records transfers of private data
a. While the date is routed via another jurisdicion in or outdoor the EU
b. While the date is transferred from one jurisdiction inside the EU to every other
c. While the date is transferred from a jurisdiction outside the European Union to a member
kingdom of the EU
d. Whilst the date is transferred from a jurisdiction within the EU to a third u . S . A . Which is not
deemed good enough. - ANS-d
Along with legitimacy, what is some other condition that need to be met when wearing out
worker tracking?
A. The monitoring need to e within the public hobby
b. The monitoring must e restrained to what's essential for the functions
c. The monitoring should be beneath an employment contract
d. The monitoring should be held to time constraints. - ANS-b
Along with the name and phone details of the statistics controller processing the non-public
statistics, what other data should e blanketed in the facts of processing to be maintained by way
of the information controller under the GDPR?
, A. Retention period of each category of personal data, in which possible.
B. Purpose(s) for processing the non-public data
c. 0.33 countries to which the facts may be transferred
d. All of A, B, and C. - ANS-d
Choose the characteristic that describes the Council of the EU
-Is every so often described as the executive body of the EU
-Is one of the major decision-making bodies of the EU - ANS-Is one of the major choice making
our bodies of the EU.
Choose the function that describes the Court of Justice of the EU
-Makes choices on troubles of EU regulation
-Is based in Strasbourg - ANS-Makes decisions on issues of EU law.
Choose the function that describes the European Commission.
-Has the energy to advocate legislation
-Is composed of a at once elected frame - ANS-Has the power to recommend rules
Choose the function that describes the European Council.
-Sets the overall political agenda of the EU
-Negotiates and adopts legal guidelines - ANS-Sets the general political time table of the EU.
Chose the function that describes the European Parliament.
-Is liable for legislative improvement, supervisory oversight of other institutions, and
improvement of the budget
-Defines the EU priorities and units the political path for the EU. - ANS-Defines the EU priorities
and units the political direction for the EU
CIAR stands for.....
-Confidentiality, records, availability and hazard assessment
-Continuity, integrity, access, and resilience
-Confidentiality, integrity, availability and resilience
-Continuity, information, get right of entry to and danger assessment - ANS-Confidentiality,
integrity, availability and resilience
Exclusions to the cloth scope of GDPR need to be interpreted broadly. True or fake? -
ANS-False
How is an enterprise obliged to proceed earlier than attractive within the preferred monitoring of
email visitors and net use of all of its employees?
