01. What is generally the best approach when working with authorities?
a) Delay for as long as legally permissible.
b) Slowly and progressively provide requested information.
c) Cooperate and act with transparency.
d) Delay for as long as possible.
02. By integrating privacy and security into business continuity planning, an organization ensures that:
a) Processes related to personal information are given priority for restoration.
b) Personal information protection and valid use continues to be the norm.
c) Processes related to personal information are more resilient.
d) Privacy and security are the most important characteristics of business processes.
03. A privacy strategist recently joined a retail organization that operates with slim profit margins and has discovered that the organization lacks several important privacy capabilities. What is the best strategy here?
a) Insist that management support an aggressive program quickly to improve the program.
b) Develop a risk ledger that highlights all identified risks.
c) Recommend that the biggest risks be avoided.
d) Develop a risk-based strategy that implements changes slowly over an extended period of time.
04. In addition to regulatory requirements and business practices, what important factors must a global privacy strategy consider?
a) Cultural norms
b) Geographic features
c) Political history
d) Monetary exchange
05. A system that intakes event data and produces alerts is known as a:
a) System event and information management system
b) System event and incident management system
c) Security information and event management system
d) Security event and incident management system
06. If an organization maintains a separate ethics office, to whom would its officer typically report to in order to retain the greatest degree of independence?
a) The Board of Directors
b) The Chief Financial Officer
c) The Human Resources Director
d) The organization’s General Counsel
07. All of the following are deemed administrative safeguards except:
a) Security policy
b) Privileged access controls
c) Privacy policy
d) Security standards
08. How are individual program needs and specific organizational goals identified in privacy framework development?
a) By employing metrics to align privacy protection with objectives
b) Through conversations with the privacy team
c) By employing an industry-standard needs analysis
d) Through creation of the business case
09. As part of understanding the organization’s current state, a privacy strategist is examining the organization’s privacy policy. What does the policy tell the strategist?
a) The level of management commitment to privacy
b) The maturity level of the organization
c) The compliance level of the organization
d) None of these
10. Executive management is considering entering negotiations that, if successful, will result in the acquisition of another organization. What is the best time for the organization’s privacy leader to become involved in the acquisition?
a) During final negotiations
b) As early as possible
c) After negotiations have concluded
d) When the transaction closes
The purpose of this Sample Question Set is to provide you with information about the IAPP Certified Information Privacy Manager (CIPM) exam. These sample questions will make you very familiar with both the type and the difficulty level of the questions on the CIPM certification test. To get familiar with real exam environment, we suggest you try our Sample IAPP Information Privacy Manager Certification Practice Exam. This sample practice exam gives you the feeling of reality and is a clue to the questions asked in the actual IAPP Certified Information Privacy Manager (CIPM) certification exam.