Free IAPP CIPP-E Exam Questions

Question 1

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 2

Through a combination of hardware failure and human error, the decryption key for a bank’s customer account transaction database has been lost. An investigation has determined that this was not the result of hacking or malfeasance, simply an unfortunate combination of circumstances. Which of the following accurately indicates the nature of this incident?

A : A data breach has not occurred because the loss was not the result of hacking.

B : A data breach has not occurred because no data was exposed to any unauthorized individual.

C : A data breach has occurred because the loss of the key has resulted in the data no longer being accessible.

D : A data breach has occurred because the loss of the key has resulted in the loss of confidentiality or integrity of the data.

Answer: D

Question 3

Which of the following is NOT recognized as being a common characteristic of cloud-computing services?

A : service's infrastructure is shared among the supplier's customers and can be located in a number of countries.

B : supplier determines the location, security measures, and service standards applicable to the processing.

C : supplier allows customer data to be transferred around the infrastructure according to capacity.

D : supplier assumes the vendor's business risk associated with data processed by the supplier.

Answer: D

Question 4

Which of the following demonstrates compliance with the accountability principle found in Article 5, Section 2 of the GDPR?

A : Anonymizing special categories of data.

B : nducting regular audits of the data protection program.

C : tting consent from the data subject for a cross border data transfer.

D : crypting data in transit and at rest using strong encryption algorithms.

Answer: B

Question 5

Many businesses print their employees' photographs on building passes, so that employees can be identified by security staff. This is notwithstanding the fact that facial images potentially qualify as biometric data under the GOPR. Why would such practice be permitted?

A : cause use of biometric data to confirm the unique identification of data subjects benefits from an exemption.

B : Because photographs qualify as biometric data only when they undergo a "specific technical processing".

C : cause employees are deemed to have given their explicit consent when they agree to be photographed by their employer.

D : cause photographic ID is a physical security measure which is "necessary for reasons of substantial public interest".

Answer: B