Free IAPP CIPT Exam Questions

Become IAPP Certified with updated CIPT exam questions and correct answers

Page: 1 / 53

Total 261 Questions | Updated On: Dec 18, 2025

Add To Cart

Question 1

A privacy engineer reviews a newly developed on-line registration page on a company's website. The purpose of the page is to enable corporate customers to submit a returns / refund request for physical goods. The page displays the following data capture fields: company name, account reference, company address, contact name, email address, contact phone number, product name, quantity, issue description and company bank account details.

After her review, the privacy engineer recommends setting certain capture fields as `non-mandatory`. Setting which of the following fields as `non-mandatory` would be the best example of the principle of data minimization?

A : The contact phone number field.

B : The company address and name.

C : The contact name and email address.

D : The company bank account detail field.

Answer: A,C

Question 2

What is an example of a just-in-time notice?

A : A warning that a website may be unsafe.

B : A full organizational privacy notice publicly available on a website

C : A credit card company calling a user to verify a purchase before itis authorized

D : Privacy information given to a user when he attempts to comment on an online article.

Answer: D

Question 3

Which of the following would be the best method of ensuring that Information Technology projects follow Privacy by Design (PbD) principles?

A : Develop a technical privacy framework that integrates with the development lifecycle.

B : Utilize Privacy Enhancing Technologies (PETs) as a part of product risk assessment and management.

C : Identify the privacy requirements as a part of the Privacy Impact Assessment (PIA) process during development and evaluation stages.

D : Develop training programs that aid the developers in understanding how to turn privacy requirements into actionable code and design level specifications.

Answer: A,C

Question 4

Under the Family Educational Rights and Privacy Act (FERPA), releasing personally identifiable information from a student's educational record requires written permission from the parent or eligible student in order for information to be?

A : Released to a prospective employer.

B : Released to schools to which a student is transferring.

C : Released to specific individuals for audit or evaluation purposes.

D : Released in response to a judicial order or lawfully ordered subpoena.

Answer: A

Question 5

In jurisdictions where children are legally protected online, privacy controls should be implemented in each of the following situations EXCEPT?

A : A virtual jigsaw puzzle game marketed for ages 5-9 displays pieces of the puzzle on a handheld screen. Once the child completes a certain level, it flashes a message about new themes released that day.

B : A child logs in to a system to use an interactive toy that copies the child’s behavior through gestures and kid-friendly sounds.

C : A math tutoring service commissioned an advertisement on a bulletin board inside a school. The service makes it simple for children to reach out to tutors by entering a through a QR-code through their school account.

D : A note-taking application converts hard copies of kids’ class notes into audio books in seconds and stores a copy in the cloud in the students’ account.

Answer: C

Page: 1 / 53

Total 261 Questions | Updated On: Dec 18, 2025

Add To Cart