Copyright © OLIVIAWEST2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED
Identifying and Safeguarding PII V4.0
(2024) Exam Questions and Answers
Which of the following must Privacy Impact Assessments (PIAs) do?
- Analyze how an organization handles information to ensure it satisfies requirements
-mitigate privacy risks
-determine the risks of collecting, using, maintaining, and disseminating PII on electronic information
systems.
-all of the above - ANSWER✔✔-All of the Above
True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud, and other
damage. - ANSWER✔✔-True
What / Which guidance identifies federal information security controls?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program - ANSWER✔✔-OMB Memorandum M-17-12
Which of the following is NOT an example of PII?
-Driver's License Number
Copyright ©Stuvia International BV 2010-2024 Page 1/6
, Copyright © OLIVIAWEST2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED
-Pet's nickname
-Social Security Number
-Fingerprints - ANSWER✔✔-Pet's nickname
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
-These are all permitted disclosures
-The record is disclosed for a new purpose that is not specified in the SORN
-The record is disclosed for routine use.
-The individual has requested that their record be disclosed. - ANSWER✔✔-The record is disclosed for a
new purpose that is not specified in the SORN
PIA is required when organization collects PII from: - ANSWER✔✔-- Existing information systems and
electronic collections for which no PIA was prev completed.
-New information systems or electronic collections.
(before development or purchase and/or converting paper records to electronic systesm)
PIA is not required when the information system or electronic collection: - ANSWER✔✔-- does not
collect, maintain, or disseminate PII
-is a national security system, including one that process classified info
- is solely paper-based
Within what timeframe must DOD organizations report PII breaches to the United States Computer
Emergency Readiness Team (US-CERT) once discovered?
Copyright ©Stuvia International BV 2010-2024 Page 2/6
Identifying and Safeguarding PII V4.0
(2024) Exam Questions and Answers
Which of the following must Privacy Impact Assessments (PIAs) do?
- Analyze how an organization handles information to ensure it satisfies requirements
-mitigate privacy risks
-determine the risks of collecting, using, maintaining, and disseminating PII on electronic information
systems.
-all of the above - ANSWER✔✔-All of the Above
True or False? An Individual whose PII has been stolen is susceptible to identity theft, fraud, and other
damage. - ANSWER✔✔-True
What / Which guidance identifies federal information security controls?
-The Freedom of Information Act (FOIA)
-The Privacy Act of 1974
-OMB Memorandum M-17-12: Preparing for and responding to a breach of PII
-DOD 5400.11-R: DOD Privacy Program - ANSWER✔✔-OMB Memorandum M-17-12
Which of the following is NOT an example of PII?
-Driver's License Number
Copyright ©Stuvia International BV 2010-2024 Page 1/6
, Copyright © OLIVIAWEST2024/2025 ACADEMIC YEAR. ALL RIGHTS RESERVED
-Pet's nickname
-Social Security Number
-Fingerprints - ANSWER✔✔-Pet's nickname
Which of the following is NOT a permitted disclosure of PII contained in a system of records?
-These are all permitted disclosures
-The record is disclosed for a new purpose that is not specified in the SORN
-The record is disclosed for routine use.
-The individual has requested that their record be disclosed. - ANSWER✔✔-The record is disclosed for a
new purpose that is not specified in the SORN
PIA is required when organization collects PII from: - ANSWER✔✔-- Existing information systems and
electronic collections for which no PIA was prev completed.
-New information systems or electronic collections.
(before development or purchase and/or converting paper records to electronic systesm)
PIA is not required when the information system or electronic collection: - ANSWER✔✔-- does not
collect, maintain, or disseminate PII
-is a national security system, including one that process classified info
- is solely paper-based
Within what timeframe must DOD organizations report PII breaches to the United States Computer
Emergency Readiness Team (US-CERT) once discovered?
Copyright ©Stuvia International BV 2010-2024 Page 2/6
