cipp/c prep materials2. the federal legislative branch of canada is represented by parliament, which...

CIPP GuideYour Guide to the CIPP

CIPP/C Prep Materials

CBK Tests

Revision 2.0.38

CIPP Guide's CIPP/C Prep Materials

Published by Jon-Michael Brook, Clearwater, FL.

Copyright © 2007 - 2010 Jon-Michael Brook and the CIPP Guide

No part of this publication may be reproduced, stored in a retrieval system or transmitted inany form or by any means, electronic, mechanical, photocopying, recording, scanning orotherwise, except as permitted under Sections 107 or 108 of the 1976 United StatesCopyright Act, without either the prior written permission of the Publisher. Requests to thePublisher for permission should be addressed to the Permissions Department, 2541Estancia Blvd, Clearwater, FL 33761, (727) 564-9101, fax (440) 445-7338, or by email [email protected].

Trademarks: The CIPPGuide Sleuth Logo, Your Guide to the CIPP, cippguide.org,cippguide.com,and related trade dress are trademarks or registered trademarks of Jon-Michael C. Brook, the CIPPguide and/or its affiliates in the United States and othercountries, and may not be used without written permission. All other trademarks are theproperty of their respective owners. Jon-Michael C. Brook is not associated with anyproduct or vendor outside of the CIPP Guide mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER ANDTHE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITHRESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OFTHIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDINGWITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULARPURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES ORPROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINEDHEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK ISSOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOTENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHERPROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED,THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BESOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLEFOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATIONOR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR APOTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THATTHE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THEORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS ITMAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNETWEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEAREDBETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

CIPP_C_CBK_Tests Page 1

Tableof

Contents

CIPP/C Prep Materials:

CBK Tests

The CIPP/C Exam

The CIPP/C Exam...............................................................................................................i

Introduction......................................................................................................................1

CIPP/C CBK 1....................................................................................................................3

CIPP/C CBK 2....................................................................................................................9

CIPP/C CBK 3..................................................................................................................15

CIPP/C CBK 4..................................................................................................................21

CIPP/C CBK 5..................................................................................................................27

CIPP/C CBK 6..................................................................................................................33

CIPP/C CBK 7..................................................................................................................39

CIPP/C CBK 8..................................................................................................................45

CIPP/C CBK 9..................................................................................................................51

CIPP/C CBK 10................................................................................................................57

CIPP/C CBK 11................................................................................................................63

CIPP/C CBK 12................................................................................................................69

i v. 2.0.38

Introduction


CBK Tests

Introduction

This booklet consolidates all of the tests from the CIPPguide website as of its date of publication. Each chapter corresponds to a roughly 25 question test on site. At the end of each chapter includes the answers. Explanations may be found on the website in the interactive test engine. Best of luck on the exam!

1 v2.0.38

CIPP_C_CBK_Tests 2

CIPP/CCBK Tests

1


CBK Tests

CIPP/C CBK Tests 1

Questions1. Which of the following best describes the structure of the Canadian government?

A. socialist stateB. constitutional monarchyC. constitutional republicD. parliamentary republic

2. The federal legislative branch of Canada is represented by Parliament, which consists of:

A. the Governor GeneralB. the SenateC. the House of CommonsD. the Prime Minister

3. Which of the following correctly outlines the procedure whereby bills become laws?

A. House of Commons, Governor General, Prime MinisterB. Governor General, Senate, House of CommonsC. Upper house, lower house, Governor GeneralD. \"House of Commons

4. What is Royal Assent?

A. Formal acceptance of a bill, carried out by the Governor GeneralB. Formal acceptance of a bill, carried out by the Prime MinisterC. Formal acceptance of a bill, carried out by the QueenD. Rejection of a bill by the Queen

3 v2.0.38

5. Senate members are:

A. appointed by the Governor General.B. democratically elected.C. appointed by the government of the day. D. appointed by the Prime Minister.

6. In the legislative process, there are two main categories of bills:

A. government bills, public billsB. corporate bills, private billsC. \"government billsD. private bills\"

7. Which of the following is true of private bill procedure?

A. The bill should be passed only after explicit request of the persons who will directly benefit. B. The financial burden of this bill should be shared by the groups involved in this bill. C. Necessary information regarding a private bill is open to all interested persons. D. Anyone affected by a private bill is heard during committee hearings.

8. The executive branch of the Canadian government consists of:

A. the Prime MinisterB. the Governor GeneralC. the CabinetD. the upper house

9. A political party must have at least how many sitting member(s) in the House of Commons?

A. 1B. 5C. 12D. 25

10. How are members of the Senate selected?

A. by democratic electionB. appointed by the Governor GeneralC. recommended by the Prime MinisterD. by popular vote in the House of Commons

CIPP_C_CBK_Tests 4

11. Which of the following is a privilege of a member of Parliament?

A. freedom of speechB. freedom from arrest in civil actionsC. freedom from obstruction, interference, and intimidationD. exemption from attending court as a witness

12. Which of the following is NOT a function of the Canadian cabinet?

A. making decisions that will be held accountable to the ParliamentB. advising the Prime Minister in his/her responsibilitiesC. passing legislationD. advising the Governor General in his/her function

13. Shadow cabinets are formed by:

A. each opposition partyB. the largest party in oppositionC. each Cabinet memberD. Senators

14. The Canadian constitution gives which group exclusive right to deal with criminal law?

A. provincial governmentB. federal governmentC. territorial governmentsD. military government

15. The final court of appeal is the:

A. National Court of CanadaB. Provincial Court of AppealC. Supreme Court of CanadaD. Federal Court of Appeal

16. Issues of intellectual property, maritime law and federal-provincial disputes are resolved in the:

A. Supreme CourtB. Federal CourtC. Provincial CourtD. Territorial Superior Court

17. Specialized courts, such as family courts or small claims court, are under the jurisdiction of:

5 v2.0.38

A. Provincial CourtsB. Federal CourtsC. Supreme CourtD. Superior Court

18. Which of the following statements is true?

A. Provincial courts try only civil cases. B. Only Federal courts try civil and criminal cases. C. Provincial courts try civil cases, and Federal courts try criminal cases. D. Provincial and Territorial courts try both civil and criminal cases.

19. The rights and freedoms of the individual are protected under the:

A. Parliament of Canada Act (1985)B. Canadian Charter of Rights and Freedoms (1982)C. Canadian Human Rights Act (1977)D. Canadian Bill of Rights


A. The Charter of Rights and Freedoms embodies all rights for Canadian citizens. B. Parliament or a provincial/territorial legislature can amend the rights of the individual. C. The Charter does not protect minority-language rights. D. International law does not affect the rights of Canadian citizens.

21. Which of the following statements is NOT true?

A. The majority of civil cases in Canada are tried by judges without a jury. B. Anyone sentenced to prison for less than five years does not have the right to trial by jury. C. Anyone sentenced to prison for more than five years has the right to trial by jury.D. Some civil cases can be tried by judge and jury.

22. Which of the following terms are synonymous?

A. statuteB. regulationC. billD. law

23. Which province continues to retain its own civil code for private law issues?

A. British ColumbiaB. ManitobaC. Ontario

CIPP_C_CBK_Tests 6

D. Quebec

24. Legal appeals are heard at which of the following level(s)?

A. municipalB. provincial/territorialC. federalD. supreme

25. Except for Quebec, a province's lower courts are bound by:

A. only the decisions of that province's Court of Appeal.B. the decisions of all other province/territory's Courts of Appeal. C. decisions made by the Supreme Court of Canada. D. the common law legal tradition.

7 v2.0.38

Answers1. B2. A, B, C3. Sena4. A5. C6. national bills, provincial bil7. A, B, C, D8. A, C9. C10. B, C11. A, B, C, D12. C13. A14. B15. C16. B17. A18. D19. B, C, D20. B21. B22. A, D23. D24. B, C, D25. A, C, D

CIPP_C_CBK_Tests 8

CIPP/C CBK Tests2


CBK Tests

CIPP/C CBK Tests 2

Questions1. There are three levels of Canadian police forces:

A. provincialB. localC. municipalD. federal

2. Which of the following provides law enforcement policy development?

A. Police Policy CanadaB. Public Safety CanadaC. Police Agency CanadaD. Public Works Canada

3. Public law is made up of three basic areas:

A. Administrative law, Constitutional law, Criminal lawB. Citizen's law, Maritime law, Constitutional lawC. Family law, Bankruptcy law, Civil rightsD. Citizen's law, Criminal law, Immigration law

4. Which of the following is based on the principle that government action must be accountable to the law?

A. Constitutional lawB. Parliamentary lawC. Administrative lawD. Criminal law

5. The Canadian Privacy Act is classified as:

9 v2.0.38

A. civil legislationB. municipal legislationC. provincial legislationD. federal legislation

6. Which of the following right(s) is/are guaranteed under the Privacy Act?

A. access to personal information held by government departmentsB. correction of personal information held by government departmentsC. access to personal information held by private sector organizationsD. use of personal information held by private sector organizations

7. Which federal legislation regulates privacy in the private sector?

A. Privacy Act (1983)B. provincial privacy legislationC. Personal Information Protection and Electronic Documents Act (PIPEDA)D. There is no mechanism for privacy protection in commercial activities.

8. According to federal legislation, public- and private-sector organizations can collect, use, or disclose personal information by fair and lawful means, which refers to:

A. individual consentB. stated purposesC. reasonable purposesD. emergency purposes

9. An organization may collect personal information only if:

A. the individual approves. B. it is essential to the business transaction.C. it can be used for marketing purposes.D. an enterprise may collect any kind of personal information, as long as it protects the privacy of the individual.

10. Which of the following is central to the concept of privacy?

A. consentB. necessityC. circulationD. secrecy

11. The Government of Canada uses two main types of sensitive information designations:

A. secure and unsecure

CIPP_C_CBK_Tests 10

B. confidential and classifiedC. classified and designatedD. secret and circulated

12. Confidential information refers to:

A. when disclosure might cause serious harm to national interest. B. when disclosure might reasonably harm national interest.C. when disclosure neither benefits nor harms national interest. D. when disclosure is not a matter of national interest.

13. Which of the following statements is true about the Canadian Charter of Rights & Freedoms?

A. It specifically protects an individual's right to privacy and personal freedom.B. It does not specifically protect an individual's right to privacy and personal freedom.C. It specifically mentions the concept of consent as key to personal privacy. D. It protects the individual's right to refuse to provide more personal information than is deemed necessary.

14. "Publicly available personal information" refers to:

A. all personal information that one has consented to releasing. B. personal information that is accessible through governmental departments. C. all personal information that has entered the public realm by any means whatsoever. D. personal information that a private individual is able to gain access to.

15. Publicly available personal information can be found in:

A. white pages telephone directoryB. newspapersC. public registriesD. television and radio media

16. To determine which federal agency has your personal information, you would use:

A. InfoSourceB. Federal DirectoriesC. Privacy ActD. Privacy Protection Services

17. Which of the following describes a privacy breach?

A. unauthorized access to personal informationB. unauthorized collection of personal information

11 v2.0.38

C. unauthorized use of personal informationD. unauthorized disclosure of personal information

18. Which of the following is an example of a privacy breach?

A. A patient's medical records are lost. B. A client's personal information is mistakenly disclosed. C. A customer refuses to provide a sales assistant with personal information. D. Employees' personal records have been stolen.

19. In cases of privacy breaches, the ---- sensitive the information, risk of harm to individuals is ----.

A. less; greaterB. more; lowerC. more; higherD. less; highest

20. An "opt-in" document is also referred to:

A. positive consentB. sensitive consentC. express consentD. negative consent

21. An "opt-out" mechanism refers to:

A. positive consentB. negative consentC. express consentD. implied consent

22. The strongest form of consent is:

A. positive consentB. negative consentC. explicit consentD. secure consent

23. An individual who purchases a magazine subscription knows that his/her name and address will be used for mailing, billing, and renewal purposes. This is an example of:

A. positive consentB. negative consentC. express consentD. implied consent

CIPP_C_CBK_Tests 12

24. In addition to the PIPEDA, which of the following provinces also have their own private sector privacy laws?

A. NewfoundlandB. AlbertaC. British ColumbiaD. Quebec

13 v2.0.38

Answers

1. A, C, D2. B3. A4. C5. D6. A, B7. C8. A, B, C9. B10. A11. C12. B13. B14. C15. A, B, C, D16. A17. A, B, C, D18. A, B, D19. C20. A, C21. B22. A23. D24. B, C, D

CIPP_C_CBK_Tests 14

CIPP/C CBK Tests3


CBK Tests

CIPP/C CBK Tests 3

Questions1. Canadian privacy legislation applies to:

A. individualsB. Canadian citizens onlyC. residents of specific provinces/territoriesD. adults

2. The Canadian Standards Association (CSA) is:

A. for-profit membership-based associationB. non-profit public associationC. not-for-profit membership-based associationD. federal government department

3. Which piece of federal legislation is based on the CSA's Model Code for the Protection of Personal Information?

A. Personal Information Protection and Electronic Documents Act (PIPEDA)B. Privacy Act (1983)C. Canadian Charter of Rights & FreedomsD. None; it is actually based on provincial privacy legislation.

4. The CSA's Model Privacy Code aims to balance the rights and needs of which of the following?

A. government departmentsB. individualsC. private organizationsD. municipal authorities

15 v2.0.38

5. Which of the following is NOT a principle contained in the CSA Model Privacy Code?

A. limiting collectionB. limiting useC. accountabilityD. government compliance

6. Which of the following is NOT a principle contained in the CSA Model Privacy Code?

A. accuracyB. institutional privacyC. identifying purposesD. openness

7. Which of the following is included as a possible definition of privacy?

A. the right to control information about oneselfB. the right to enjoy solitudeC. the right to secrecyD. the right to minimize intrusiveness

8. Security safeguards as outlined by the CSA Model Privacy code include:

A. locking filing cabinetsB. enforcing security clearancesC. determining access on a "need to know" basisD. using passwords and encryption

9. Directive 95/46/EC of the European Parliament:

A. regulates the processing of personal data within and without the European Union. B. prevents all movement of personal data within the European Union. C. encourages free movement of personal data within the European Union. D. regulates the processing of personal data internationally.

10. The EU Data Protection Directive differs from a US approach to privacy protection in that:

A. the EU Directive is more sectoral than a US approach to privacy protection. B. the US takes a more sectoral approach to data protection legislation.C. the EU Directive is adopted on an "as needed" basis. D. the EU Directive is less comprehensive than US approaches.

11. The EU-US Safe Harbor Principles intend to:

CIPP_C_CBK_Tests 16

A. encourage unrestricted data transfer between EU and US organizations. B. prevent information disclosure between EU and US organizations.C. prevent accidental information disclosure or loss in US organizations. D. foster a sense of customer security in EU and US organizations.

12. Which of the following is NOT a provision under the EU-US Safe Harbor Principles?

A. onward transferB. data integrityC. enforcementD. openness

13. Which of the following is NOT a provision under the EU-US Safe Harbor Principles?

A. accessB. self-assessmentC. noticeD. choice

14. The European Commission implemented the Data Protection Directive in ----, while the member states had until ---- to incorporate the Directive into internal law.

A. 1995; 1998B. 2000; 2005C. 1995; 2000D. 1998; 2000

15. According to the EU Data Protection Directive, movement of personal information outside the EU is based on:

A. compliance with EU-US Safe Harbor PrinciplesB. compliance with EU directivesC. adequate privacy protection for the informationD. the Directive has no jurisdiction over data transfers outside of the EU

16. According to the OECD privacy protection guidelines, movement of personal data across national borders is:

A. transborder flows of personal dataB. transnational flows of personal dataC. international flows of personal dataD. global data transfer

17. According to the OECD privacy protection guidelines, data quality refers to:

17 v2.0.38

A. accurate dataB. limited transfer of dataC. complete dataD. up-to-date data

18. Which of the following statements is true of the APEC Privacy Framework?

A. It is inconsistent with the OECD's privacy guidelines. B. It is consistent with the OECD's privacy guidelines. C. It aims to discourage electronic commerce in the Asia Pacific region. D. It provides privacy principles in all areas except electronic commerce.

19. The APEC Privacy Framework is implemented differently in each member state because:

A. it is difficult to regulate standard implementation in the Asia Pacific region. B. member states are not legally bound by APEC rulings. C. each member state has different social, cultural, economic, and legal context. D. most member states already have principles for privacy protection.

20. According to the APEC Privacy Framework, personal information controllers should provide which of the following information?

A. the fact that personal information is being collectedB. the purposes for collecting personal informationC. the choices and means for accessing and correcting personal informationD. the demographics of the people who are disclosing personal information

21. The co-regulatory model of privacy protection is adopted by:

A. the United StatesB. CanadaC. the European UnionD. the Asia Pacific region

22. This model of privacy protection involves general laws which apply to both private and public sectors.

A. co-regulatory modelB. comprehensive lawsC. self-regulationD. sectoral laws

23. The United States applies which of the following methods to ensure privacy protection?

CIPP_C_CBK_Tests 18

A. co-regulatory modelB. comprehensive lawsC. self-regulationD. sectoral laws

24. The sectoral approach to privacy protection involves:

A. legislationB. self-regulationC. industry regulationD. general laws

25. According to the EU Data Protection Directive, processing refers to:

A. the collection, storage, or retrieval of personal dataB. the transmission or dissemination of personal dataC. operations performed on personal data by automatic meansD. any operations performed upon personal data

19 v2.0.38

Answers

1. A2. B3. A4. B, C5. D6. B7. A, B, C, D8. A, B, C, D9. A10. B11. C12. D13. B14. A15. C16. A17. A, C, D18. B19. C20. A, B, C21. B22. B23. D24. A, B, C25. D

CIPP_C_CBK_Tests 20

CIPP/C CBK Tests 4


CBK Tests

CIPP/C CBK Tests 4

Questions1. Which of the following agencies is responsible for overseeing privacy practices in Canada?

A. Data Protection CanadaB. Privacy Enforcement CanadaC. Office of the Privacy Commissioner (OPC) of CanadaD. Canadian Federal Trade Commission


A. The OPC is independent from any other part of the Canadian government.B. The federal government oversees operations of the OPC.C. The OPC regulates compliance with the Privacy Act, but not the PIPEDA. D. The OPC may pursue legal action in the Federal Courts.

3. The Personal Information Protection Act (PIPA) is:

A. federal privacy legislationB. provincial privacy legislationC. municipal privacy legislationD. privacy legislation for medical industries only

4. In Canada, privacy issues in hospitals would fall under the jurisdiction of the:

A. municipal governmentB. provincial governmentC. federal governmentD. industry-specific monitoring organizations

5. Disputes in federal privacy issues are ultimately brought to:

21 v2.0.38

A. the Federal Court of CanadaB. the Supreme Court of CanadaC. provincial courts of appealD. the Office of the Privacy Commissioner (OPC)

6. ---- has privacy laws that protect personal information collected by the private sector?

A. OntarioB. ManitobaC. QuebecD. Newfoundland

7. According to the EU Data Protection Directive:

A. the EU is responsible for setting up a supervisory authority in each member state.B. supervision and monitoring practices are to be determined by each member state. C. there is no provision for supervision or monitoring in the Directive.D. each member state must set up its own supervisory authority.

8. Countries outside the European Union are referred to as:

A. third partiesB. third countriesC. foreign countriesD. foreign parties

9. Provincial privacy legislation is overseen by:

A. municipal commissionersB. provincial courtsC. provincial commissioner/ombudsmanD. privacy commissioner of Canada

10. The group is an independent agency established to promote consumer protection in the United States.

A. Consumer Protection AgencyB. United States Trade CommissionC. Federal Trade CommissionD. American Trade Commission

11. \"In the US

A. privacy and identity protection in commerce falls under the mandate of:\"

CIPP_C_CBK_Tests 22

B. Consumer Protection AgencyC. Bureau of Consumer ProtectionD. Bureau of Economics

12. Which of the following would fall under the jurisdiction of a US state Attorney General?

A. buying a used carB. shopping couponsC. credit scamsD. phishing

13. PIPEDA governs private-sector organizations and mainly pertains to:

A. personal information in paper or electronic formB. electronic documents only C. health care informationD. consumer rights

14. Which of the following statements is NOT true of the PIPEDA?

A. It takes an ombudsman approach to privacy protection. B. It guarantees an automatic right to sue for privacy violations. C. PIPEDA violations are taken to the Federal Court immediately. D. Commissioners can only make recommendations on PIPEDA violations.

15. Which of the following statements is true of the PIPA Alberta?

A. It is substantially similar to the PIPEDA.B. It recognizes privacy protection in the private sector. C. It has a substantially different scope than the PIPEDA. D. It encourages industries to develop their own privacy protection mechanisms.

16. The PIPA Alberta provides for which of the following forms of redress?

A. Complaints are brought to the Office of the Information and Privacy Commissioner (OIPC).B. An individual can sue for damages.C. Fines, as assessed by the courtsD. The PIPA Alberta does not discuss forms of redress.

17. The PIPA British Columbia regulates the collection, use, and disclosure of personal information by which of the following organizations?

A. provincial government departmentsB. businessesC. charities

23 v2.0.38

D. labor organizations

18. In the province of Quebec, the CAI (Information Access Commission) fulfills which of the following functions?

A. adjudicationB. data transferC. supervisory/controlD. advisory

19. According to the CAI, personal information agents (those who deal with individuals' credit files) are required to:

A. cease collection of personal informationB. keep a copy of the Act respecting access to documents in their place of businessC. obtain membership with the CAID. register their enterprise with the CAI

20. According to the CAI, all bodies collecting personal information must obtain the individual's consent except:

A. a public body that must collect information to fulfill its functionB. a person who must urgently protect the life, health, and safety of the individual in questionC. a person responsible for preventing or detecting crimeD. a person who works in a money lending enterprise and must check the credit status of the individual in question

21. The concept of responsibility for an organization's compliance to PIPEDA regulations is also called:

A. consentB. accountabilityC. accuracyD. safeguards

22. The development and review of federal privacy legislation is the responsibility of:

A. the Office of the Privacy Commissioner of CanadaB. the Governor General of CanadaC. the government of CanadaD. the Canadian Privacy Department

23. According to the PIPEDA, consent may be provided in all of the following ways except:

CIPP_C_CBK_Tests 24

A. through an authorized representativeB. verballyC. in writingD. inferred from an individual's actions

24. According to the PIPEDA, every time an individual's consent is requested:

A. a legal witness should be present. B. the purposes for information collection should be provided. C. an official consent form should be completed.D. the individual should understand that consent cannot be withdrawn.

25. Which of the following describe responsibilities of private sector organizations for data transfer to third parties and affiliated companies.

A. never held accountableB. always held accountableC. may be accountable, depending on the situationD. may be accountable, depending on their industry

25 v2.0.38

Answers

1. C2. B, C3. B4. B5. A6. C7. D8. B9. C10. C11. US Consumer Protection Agen12. A, B, C, D13. A14. B, C15. A, B, D16. A, B, C17. B, C, D18. A, C, D19. D20. A, B, C21. B22. C23. A24. B25. B

CIPP_C_CBK_Tests 26

CIPP/C CBK Tests5


CBK Tests

CIPP/C CBK Tests 5

Questions1. Third parties must provide:

A. twice the level of privacy protection as the initial organization.B. exactly the same level of protection as the initial organization. C. at least the same level of privacy protection as the initial organization. D. third parties are not required to provide any level of protection; the responsibility lies with the initial organization.

2. Under the PIPEDA, whistleblowers are protected in which of the following ways?

A. his/her identity may be kept confidentialB. he/she cannot be demotedC. he/she cannot be harassedD. he/she cannot be disadvantaged

3. Which of the following statements is true of court hearings under PIPEDA?

A. Applications for court hearings may be made at any time that the PIPEDA is not being enforced correctly. B. Applications for court hearings may only be made after the Privacy Commissioner has issued the final report.C. The Court will examine the original complaint. D. The Court will review the Privacy Commissioner's final report.

4. According to the PIPEDA, who is authorized to file an application with the Federal Court?

A. the respondent organizationB. a third-party observerC. the individual complainantD. the Privacy Commissioner

27 v2.0.38


A. A large number of complaints made under PIPEDA are brought before the Federal Court.B. Very few complaints made under PIPEDA are brought before the Federal Court. C. Generally, a court hearing does not involve witnesses. D. Many cases are settled amicably by the Privacy Commissioner.

6. Between 2001 and 2005, how many complaints under the PIPEDA were brought before the Federal Court.

A. 3B. 38C. 300D. 1350

7. The courts can demand a fine of up to what amount for any discipline against or disadvantages imposed against a whistleblower?

A. $1,000B. $10,000C. $100,000D. $1,000,000

8. The Privacy Commissioner has identified two privacy issues involving emerging technologies:

A. online consumer trackingB. ecommerceC. hosted servicesD. cloud computing

9. Current Federal Court rulings under PIPEDA suggest:

A. It is unlikely that the respondent organization will be successful in defending its position in court. B. A cost award may be made to the successful party for reimbursements of legal fees, lost time, etc. C. Self-represented parties are generally unsuccessful in court. D. Self-represented parties are the most successful in court.

10. Applicants can challenge the decision of the Privacy Commissioner if:

A. the Commissioner refused to exercise her jurisdictionB. the Commissioner acted without jurisdictionC. the Commissioner refused to bring the application before the Federal Court

CIPP_C_CBK_Tests 28

D. the Commissioner surpassed the boundaries outlined in the PIPEDA

11. A well-founded and resolved case is characterized by:

A. The conclusion that all parties have respected the provisions of the Privacy Act and the PIPEDA.B. The organization taking or committing to take the Commissioner's recommendations for corrective action. C. Dealing with the issue before a formal investigation is undertaken. D. The Commissioner negotiating a solution during the course of a formal investigation.

12. The termination of an investigation before a situation has been fully resolved is referred to as:

A. early resolutionB. settled during the course of resolutionC. not well-foundedD. discontinued

13. Privacy concerns that are raised by various sources and often do not identify a specific victim are known as:

A. discontinuedB. not well-foundedC. incidentsD. investigations

14. The AICPA/CICA Privacy Framework refers to:

A. a privacy model for certified public accountants/chartered accountantsB. a guide for implementing international privacy programs as well as domestic laws and regulationsC. a jointly established framework for Canadian and American CPAs/CAsD. a model for effective privacy practices in large and small businesses and organizations

15. The AICPA/CICA Privacy Framework is made up of:

A. ten privacy components.B. open-ended privacy components.C. a combination of policies and privacy components.D. procedures and privacy components.

16. The AICPA/CICA task forces developed Generally Accepted Privacy Principles (GAPP) in which of the following versions?

29 v2.0.38

A. certified public accountantsB. chartered accountantsC. businessD. practitioners

17. The GAPP integrates which of the following privacy requirements?

A. localB. municipalC. nationalD. international

18. Within the province of Ontario, the collection, use and disclosure of personal health information is governed by:

A. the Privacy ActB. the PHIPAC. the PIPEDAD. there is no specific legislation for personal health information

19. The PHIPA applies to:

A. doctors and nurses onlyB. health information custodiansC. individuals and organizations that receive information from health information custodiansD. individuals that receive personal health information from doctors or nurses


A. Health care professionals in Ontario are legally bound to comply with the PHIPA. B. The PHIPA is meant as a complementary legislation for existing privacy practices. C. The PHIPA supersedes existing information practices of health information custodians. D. The PHIPA aims to enhance patient privacy without interfering in the patient-provider relationship.

21. The PHIPA applies to:

A. medical researchersB. patientsC. health care providersD. insurance companies

22. According to the PHIPA, personal health information includes:

CIPP_C_CBK_Tests 30

A. an individual's eligibility for health careB. a plan of health care services for the individualC. the mental health history of an individual's familyD. a blood donation


A. There is a substantial similarity between the PIPEDA and the PHIPA. B. The PIPEDA comprehensively sets out rules and regulations regarding personal health information. C. The PIPEDA applies to organizations that deal with personal information in the course of commercial activities. D. The PHIPA applies to personal health information for commercial and non-commercial activities.


A. A health information custodian is exempt from compliance to PIPEDA.B. A health information custodian is exempt from compliance to PHIPA. C. PIPEDA are PHIPA are substantially dissimilar, thus no exemption can be granted.D. Regardless of any similarities, all health information custodians are subject to both the PIPEDA and the PHIPA.

25. According to the PHIPA, a pharmacist, an ambulance paramedic, and a member of a board of health would be considered:

A. health care practitionersB. health information practitionersC. health information custodiansD. primary privacy enforcers

31 v2.0.38

Answers

1. B2. A, B, C, D3. B, C4. C5. B, C, D6. B7. C8. A, D9. B10. A, B, D11. B12. D13. C14. A, B, C, D15. A16. C, D17. A, C, D18. B19. B, C20. C21. A, B, C, D22. A, B, C, D23. B24. A25. C

CIPP_C_CBK_Tests 32

CIPP/C CBK Tests6


CBK Tests

CIPP/C CBK Tests 6

Questions1. To ensure transparency, a health information custodian must provide a written statement including:

A. information practicesB. contact information, or contact personC. information on access/correction of a recordD. complaints procedure

2. According to the PHIPA, a custodian may disclose personal information without consent:

A. as long as the individual is not adversely affected by this disclosure.B. if the disclosure is necessary on reasonable grounds. C. if the recipient is not a natural person. D. none; under the PHIPA, the custodian may never disclose information without consent.

3. According to the PHIPA, consent can be provided:

A. only by the individual in questionB. by the individual, or the individual's spouse/partnerC. by the individual, or a person who is authorized to act on the individual's behalfD. by the individual, or the individual's attorney

4. Which of the following are examples of health information custodians working for non-custodians?

A. A nurse is employed by the school board to provide health care at a public high school.B. A registered massage therapist provides care to clients of a day spa.

33 v2.0.38

C. A nurse is employed by a community walk-in clinic. D. A doctor is employed by a professional hockey team to provide health care.

5. Under the PHIPA, a custodian cannot disclose personal health information to a non-custodian, unless:

A. the disclosure is permitted by the PHIPAB. the individual has given express consentC. the individual is not adversely affected by the disclosureD. the custodian believes the disclosure is in the best interests of the individual

6. According to the PHIPA, a health information custodian must provide what in the case that the information is stolen, lost or accessed by unauthorized persons?

A. a privacy breach reportB. an unauthorized disclosureC. a notice of lossD. a security application

7. According to the PHIPA, a person who is authorized to act on behalf of a personal health information custodian is known as:

A. attorneyB. agentC. representativeD. non-custodian

8. The province of British Columbia has provincial legislation governing the privacy practices of public organizations called:

A. PHIPAB. FOIPPAC. Privacy Act of British ColumbiaD. Provincial Privacy Act

9. Under the FOIPPA, an individual's request to access information:

A. may be denied if it is frivolousB. may be denied, unless it is for correction purposesC. may be denied if it would unreasonably interfere with the operations of the public organizationD. may not be denied, under any circumstances

10. Which of the following is a process that enables organizations to determine whether new programs, policies, and technologies meet privacy requirements.

A. Personal Information Sharing

CIPP_C_CBK_Tests 34

B. New System AuthorizationC. Privacy Level AnalysisD. Privacy Impact Assessment

11. Which of the following is NOT a component of a PIA process?

A. project initiationB. data flow analysisC. privacy systems architectureD. privacy impact analysis report

12. Personal information collected and used by a government department is retained at least:

A. indefinitelyB. until the individual has a reasonable opportunity to access the informationC. a period of ninety daysD. a period of three years


A. Government institutions do not need to inform individuals of the purpose for which the information is being collected. B. Government institutions do not need to inform individuals of the purpose for which information is being collected, as long as it relates directly to the program/activity of the institution. C. A government institution must inform the individual of the purpose for which the information is being collected. D. Only federal institutions must inform the individual for the purpose for which the information is being collected.

14. As stated in the Privacy Act, Right of Access refers to:

A. citizens or permanent residents can access personal informationB. only citizens can access personal informationC. individuals given access to personal information can request correction of this informationD. individuals requesting correction must be granted their full requests

15. Passwords, digital certificates, biometrics and smart cards are examples of:

A. identificationB. authenticationC. authorizationD. audit

16. Authenticators are often based on which of the following factors?

35 v2.0.38

A. something you knowB. something you haveC. something you areD. where you are

17. In order to access the account, you must provide a correct user name and password. This is an example of:

A. single-factor authenticationB. one-time authenticationC. two-factor authenticationD. multi-factor authentication

18. Two-factor authentication:

A. is also known as multi-factor authenticationB. is the same as strong authenticationC. is more secure than single-factor authenticationD. provides no more benefits than single-factor authentication

19. Virtual tokens are a form of authentication that is based on which of the following factors?

A. something you knowB. something you haveC. something you areD. where you are

20. A ---- is a card with embedded integrated circuits and represents a form of ---- authorization.

A. smart card; strong securityB. smart card; multi-factorC. chip card; one-timeD. chip card; public

21. Identification of individuals through physiological traits for access control is referred to as:

A. physiometricsB. biometricsC. virtual metricsD. digital authentication

22. Digital signatures authenticate identity by using:

CIPP_C_CBK_Tests 36

A. one-time passwordsB. USB tokensC. algorithmsD. biological traits

23. What is the US federal standard for authenticating electronic messages/documents?

A. CSAB. NISTC. NSAD. DSS

24. A public key infrastructure:

A. allows users of a secure network to publicly share and exchange dataB. allows users of an unsecure network to securely and privately exchange dataC. allows users to store highly sensitive information in a secure and private mannerD. identifies users of a public network before any data is shared or exchanged

25. This identification system is made up of interrogators and tags.

A. digital frequency identificationB. authentic frequency identificationC. radio frequency identificationD. biometrics

37 v2.0.38

Answers

1. A, B, C, D2. B3. C4. A, B, D5. A, B6. C7. B8. B9. A, C10. D11. C12. B13. C14. A, C15. B16. A, B, C, D17. A18. A, C19. B20. A21. B22. C23. D24. B25. C

CIPP_C_CBK_Tests 38

CIPP/C CBK Tests 7


CBK Tests

CIPP/C CBK Tests 7

Questions1. Restricting computer systems access to authorized users is referred to as:

A. role-based access controlB. authorized access controlC. administrator access controlD. function-based access control

2. Identity management can involve which of the following areas?

A. technicalB. policeC. socialD. security

3. Intrusion prevention systems:

A. are an outsourced application that provides security managementB. direct network traffic to ensure that unauthorized users do not gain access to sensitive informationC. monitor network activities for unwanted behavior and respond to block or prevent such activitiesD. manage network activities to ensure that all users have the same level of access to resources

4. This is a type of security management that gathers and analyzes data to identify intrusions and misuse of a network.

A. intrusion prevention B. intrusion detectionC. intrusion protocolsD. network detection

39 v2.0.38

5. Which of the following protects a private network from users from other networks?

A. intrusion protocolB. IP addressC. firewallD. anti-virus software

6. Anti-virus software prevents, detects and removes:

A. wormsB. Trojan horsesC. virusesD. spyware

7. Which of the following is designed to update a computer program and repair security vulnerabilities?

A. cycle revisionB. applicationC. bugD. patch

8. Unsecured accounts may include:

A. transmission of usernames/passwords encrypted across the networkB. transmission of usernames/passwords unencrypted across the networkC. null passwordsD. passwords without forced expiration

9. A network penetration test evaluates:

A. hardware flawsB. software flawsC. improper system configurationD. operational weaknesses

10. The two major trust models are:

A. hierarchicalB. networkC. peerD. central

11. In terms of computer system and network security, access control includes:

CIPP_C_CBK_Tests 40

A. authenticationB. authorizationC. assessmentD. audit

12. \"---- should be done on a regular basis to ensure that the data is still available in case of equipment failure

A. theftB. etc. \"C. MirroringD. Back-up

13. The process of retrieving data from damaged, corrupted, or inaccessible secondary storage is known as:

A. back-upsB. secondary solutionsC. data recoveryD. data access

14. A mainframe would best be described as:

A. a computer program that provides services to other computers and usersB. a large-scale computer requiring high-performance, availability, and securityC. a general-purpose computer accessible and affordable by an individual end-userD. a device that delivers hosted services over the internet

15. A server would best be described as:

A. a computer program that provides services to other computers and usersB. a large-scale computer requiring high-performance, availability, and securityC. a general-purpose computer accessible and affordable by an individual end-userD. a device that delivers hosted services over the internet

16. A desktop would best be described as:

A. a computer program that provides services to other computers and usersB. a general-purpose computer used by an individual user, usually at a single locationC. a personal computer small and light enough for mobile useD. a pocket-sized computing device for mobile use

17. A laptop would best be described as:

A. a computer program that provides services to other computers and users

41 v2.0.38

B. a device that delivers hosted services over the internetC. a personal computer small and light enough for mobile useD. a general-purpose computer used by an individual user, usually at a single location

18. Which of the following are characteristics of handheld devices?

A. pocket-sized device for mobile useB. touch input or miniature keyboardC. access to Web browserD. data storage

19. Which of the following is an example of a portable media device?

A. iPodB. cell phoneC. hard driveD. bar code scanner

20. A hard drive would be classified as:

A. mass storage deviceB. removable mediaC. portable media deviceD. RAM storage device

21. Which of the following are characteristics of a local area network (LAN)?

A. able to serve thousands of usersB. covers a large area C. networked devices share a common communications line/linkD. users share applications and data storage

22. Which of the following are characteristics of a wide area network (WAN)?

A. examples are Ethernet and token ringB. users can print documents and order other services through this networkC. can cross national boundariesD. may include privately owned or public networks

23. Which of the following uses TCP/IP to connect computer networks globally?

A. LANB. WANC. WWWD. The internet

CIPP_C_CBK_Tests 42

24. Which of the following is NOT a Web application?

A. Google docsB. MS WordC. Flash programsD. Java applets

25. The buying and selling of products/services over the internet is called:

A. electronic interchangeB. online transactionsC. e-commerceD. e-retail

43 v2.0.38

Answers

1. A2. A, B, C, D3. C4. B5. C6. A, B, C, D7. D8. B, C, D9. A, B, C, D10. A, C11. A, B, D12. Recove13. C14. B15. A16. B17. C18. A, B, C, D19. A, B20. A21. A, C, D22. C, D23. D24. B25. C

CIPP_C_CBK_Tests 44

CIPP/C CBK Tests8

CIPP/C Prep Materials CBK TestsCIPP/C CBK Tests 8

Questions1. In this process, messages are exchanged between hosts using SMTP.

A. electronic interchangeB. e-mailC. e-commerceD. network connections

2. Accessing a computer or a network remotely is known as:

A. network connectionsB. communication connectionsC. remote accessD. digital access

3. Mobile devices, such as smartphones, rely on which of the following networks?

A. LANB. PSTNC. VPND. wireless networks

4. Which of the following refers to the transmission of voice information in digital form over the internet?

A. VoIPB. PSTNC. VPND. IP

5. Which of the following are characteristics of broadband?

A. a single-channel band

45 v2.0.38

B. carries information on many frequencies or channelsC. carries information in a narrow band of frequenciesD. high data rate access

6. Data transmitted over which of the following is strongly encrypted and not distinguishable from underlying network traffic?

A. VoIPB. LANC. VPND. PSTN

7. Which of the following are responsibilities of a chief information security officer (CISO)?

A. ensure adequate protection of information assetsB. direct, implement, and maintain processes to reduce IT risksC. establish appropriate privacy standards and controlsD. respond to privacy breaches and other security incidents

8. Security awareness training should be directed towards:

A. an organization's entire user populationB. senior-level executivesC. the IT departmentD. management

9. The goals of IT asset management include:

A. performance enhancement of IT assetsB. process improvementC. user trainingD. assessment of IT inventory

10. A data owner is:

A. the individual who created the data fileB. the IT staff in an organizationC. head of the IT department in an organizationD. whoever is in charge of allowing/denying access to data

11. A records management retention policy should involve:

A. disposal of unnecessary recordsB. organization and classification of recordsC. allowing public access to recordsD. preservation of records in an archive

CIPP_C_CBK_Tests 46

12. Responsibilities of information asset owners include:

A. removing access from those who do not have a business need for the informationB. updating asset inventory registersC. implementing confidentiality safeguardsD. classifying information assets

13. Determining and assigning the level of data sensitivity is also referred to as:

A. data managementB. security labelingC. data classificationD. privacy classification

14. In the business sector, data is classified with the labels:

A. public, sensitive, private, confidentialB. public, restricted, private, confidentialC. public, unclassified, sensitive, secretD. unclassified, classified, restricted, confidential

15. In data management, an event attributable to a human cause is known as:

A. an eventB. an incidentC. an emergencyD. a breach

16. Which of the following is NOT part of effective incident response?

A. preparationB. identificationC. recoveryD. reassurance

17. Which of the following aims to explain the current state of computer systems, storage media, or electronic documents.

A. Digital artifactsB. Computer forensicsC. Data managementD. Information security

18. Which of the following is NOT included in the foundation of computer forensics?

47 v2.0.38

A. Acquire evidence without altering or damaging the original.B. Authenticate the evidence is identical to the original data. C. Eradicate the threat to the original data. D. Analyze the data without modifications.

19. The Traffic Light Protocol (TLP) refers to:

A. the sharing of sensitive informationB. a classification system for top secret informationC. a classification system for military documentsD. classification of government and corporate documents

20. A document that outlines the precautions and responses in the case of a disaster is called:

A. Disaster prevention planB. Disaster recovery planC. Disaster continuity planD. Incident management plan

21. Which of the following is NOT true of a disaster recovery plan/business continuity plan?

A. It outlines the process, policies, and procedures necessary for responding to a human-induced disaster only. B. It is increasingly important as IT devices, systems, and networks are becoming more complex. C. Effective and appropriate plans vary widely from one organization to another. D. Generally, it is only the IT department that is involved with the creation of this plan.

22. Which of the following is NOT a control measure included in a BCP/DRP?

A. preventive measuresB. detective measuresC. punitive measuresD. corrective measures

23. The most effective way to prevent data loss is:

A. using computer forensicsB. classifying sensitive dataC. implementing a BCP/DRPD. data backups

24. Which of the following delivers packets of data from the source host to the destination host based on their addresses?

CIPP_C_CBK_Tests 48

A. ICMPB. IPC. TCPD. UDP

25. A 32-bit numerical label that designates devices in a computer network is known as:

A. TCP addressB. IP addressC. UDP numberD. internet address

49 v2.0.38

Answers

1. B2. C3. D4. A5. A, D6. C7. A, B, C, D8. A9. A, B, D10. D11. A, D12. A, B, C, D13. C14. A15. B16. D17. B18. C19. A, D20. B21. A, D22. C23. D24. B25. B

CIPP_C_CBK_Tests 50

CIPP/C CBK Tests9


Questions1. What kind of IP address is assigned to a computer and remains its permanent address?

A. staticB. dynamicC. privateD. public

2. Which of the following defines how messages are formatted and transmitted?

A. TCP/IPB. IP addressC. HTTPD. HTML

3. Which of the following determines how Web servers and browsers respond to commands?

A. TCP/IPB. IP addressC. HTTPD. HTML

4. The predominant markup language used for Web pages is:

A. HTTPB. HTMLC. SGMLD. XML

5. <tag>content to be rendered </tag> is an example of:

51 v2.0.38

A. HTTPB. HTMLC. IP addressD. TCP/IP

6. 216.239.51.99 is an example of:

A. HTTPB. HTMLC. IP addressD. TCP/IP

7. SSL refers to:

A. single socket layerB. secure sockets layerC. secondary security layerD. same socket layers

8. Which of the following encrypts segments of internet connections at the transport layer?

A. TCP/IPB. HTTPC. HTMLD. SSL

9. Which of the following handles requests from clients requesting resources from different servers?

A. file server B. database serverC. proxy serverD. database server

10. Which of the following is a purpose of a proxy server?

A. to keep machines anonymousB. to block undesired sitesC. to log or audit usageD. to increase access to resources

11. This technology reduces bandwidth usage, server load, and perceived lag?

A. Web cachingB. Web archivingC. disc caching

CIPP_C_CBK_Tests 52

D. fiber optics

12. Which of the following maintains a history of server activity?

A. disc cacheB. server archiveC. server logD. disc log

13. Server logs are accessible to:

A. the administratorB. general usersC. the publicD. upper management

14. Participants are approached to complete a survey. This is an example of:

A. market data collectionB. active data collectionC. passive data collectionD. public data collection

15. At the end of an interview, the participant decides to withdraw all answers. This is an example of:

A. non-committal data collectionB. passive data collectionC. active data collectionD. public data collection

16. The use of CCTV in a shopping center is an example of:

A. public data collectionB. passive data collectionC. active data collectionD. market research data collection

17. Before ordering a product online, shipping and billing information must be entered into a:

A. Web invoiceB. WebformC. e-commerce documentD. processing form

53 v2.0.38

18. Which of the following is a piece of text that a Web browser stores on a user's computer?

A. HTTPB. HTMLC. cookieD. spyware

19. Which of the following is a function of a cookie?

A. storing site preferencesB. storing browser historyC. session trackingD. authentication

20. Which of the following is true of a session cookie?

A. It is stored even after the user closes the Web browser. B. It is stored in temporary memory. C. It collects information from the user's computer. D. It does not personally identify the user.

21. Which of the following is stored on a user's hard drive until the user deletes it, or it expires?

A. persistent cookieB. session cookieC. impermanent cookieD. intermittent cookie

22. A cookie that allows a user to save language/region preferences would be a:

A. persistent cookieB. session cookieC. first-party cookieD. third-party cookie

23. While visiting a Web site, you notice the same domain has set a cookie. This is an example of a:

A. permanent cookieB. session cookieC. first-party cookieD. third-party cookie

24. While visiting google.com, a cookie is placed on your computer by ebay.com. This is an example of:

CIPP_C_CBK_Tests 54

A. persistent cookieB. session cookieC. first-party cookieD. third-party cookie


A. Third-party cookies inherently pose a security risk to the user. B. Anti-spyware software does not target first-party cookies. C. Third-party cookies improve Web functionality. D. Very few people block first-party cookies.

55 v2.0.38

Answers

1. A2. C3. C4. B5. B6. C7. B8. D9. C10. A, B, C, D11. A12. C13. A14. B15. C16. B17. B18. C19. A, C, D20. B, D21. A22. A23. C24. D25. A

CIPP_C_CBK_Tests 56

CIPP/C CBK Tests10


Questions1. Which of the following are embedded in Web pages and emails that monitors the behavior of the visitor or recipient?

A. Web spiesB. IndicatorsC. Web beaconsD. Cookies

2. Web beacons are used in combination with:

A. HTML codeB. IP addressesC. Web spiesD. cookies

3. Which of the following represents a cooperative of online marketing and analytics companies?

A. NAIB. IPCC. OPCD. IAN

4. NAI's standards for online advertising are based on a model of:

A. consent and refusalB. purchase and choiceC. notice and choiceD. first and third parties

5. According to NAI standards, notice presented before personal information is collected is known as:

57 v2.0.38

A. opt-in noticeB. strong consentC. robust noticeD. robust consent

6. This technology allows Web sites to declare intentions for collecting user information.

A. P2PB. P3PC. W3CD. WWW


A. P3P is meant to increase user confidence in the Web. B. P3P compares the personal information the user is comfortable with releasing, to the information the server wants to have. C. P3P manages information through cookies. D. P3P presents privacy policies in a simple, organized manner.

8. P3P compact policy:

A. is delivered in the HTTP headerB. cannot be read by modern browsersC. allows the browser to make decisions before displaying the pageD. allows the browser to make decisions after displaying the page

9. Which of the following are layers in a layered privacy notice?

A. privacy notice summaryB. privacy titleC. very short privacy statementD. complete privacy notice

10. Which of the following would belong in the first layer of a privacy notice?

A. links to more detailed informationB. overview of how personal information will be handledC. rights and choicesD. agency contact information

11. US federal law protects children's online privacy rights for those under age:

A. 12B. 13

CIPP_C_CBK_Tests 58

C. 16D. 18

12. What percentage of Canadian youth admit to never reading privacy policies while browsing?

A. 0.25B. 0.3C. 0.5D. 0.75

13. \"In Canada

A. a child aged 12:\"B. can decide for him/herself to give personal information. C. must make a joint decision with his/her parents whether personal information will be given. D. can give personal information only after reading the Web site's privacy policy.

14. Which of the following provides that children should have the freedom to seek ideas through the media, as well as the right to privacy?

A. Convention of Human RightsB. Convention of the Rights of the ChildC. COPPAD. NAI Standards

15. Quebec's Consumer Protection Act:

A. bans any advertising towards children under age 13. B. bans children under age 13 from browsing without parent/guardian supervision.C. bans children under age 13 from sharing personal information online. D. bans children under age 13 from browsing without parental consent.

16. Which of the following are characteristics of a certificate of authority (CA)?

A. issued by a third-party organizationB. issued by the Web site publisherC. a digital certificateD. contains personal information

17. Secure Web sites rely on which of the following to protect transactions and other interactions?

A. authenticationB. identificationC. encryption

59 v2.0.38

D. authentication and encryption

18. Alone, encryption is able to protect:

A. integrity of a messageB. confidentiality of a messageC. authenticity of a messageD. transmission of a message

19. SSL creates an encrypted link between which of the following?

A. Web siteB. Web serverC. browserD. administrator

20. SSL certificates usually contain:

A. company nameB. company addressC. certificate expiration dateD. details of the certification authority

21. Which of the following creates open source material to help individuals and organizations make decisions about application security risks?

A. NAIB. COPPAC. OWASPD. W3C

22. According to the OWASP, which of the following are critical Web application security risks?

A. injection B. cross site scripting (XSS)C. failure to restrict URL accessD. insufficient transport layer protection

23. According to the OWASP, a path through an application that may result in harmful effects is known as:

A. an application security riskB. an application weaknessC. an attack vectorD. security control failure

CIPP_C_CBK_Tests 60

24. Unsolicited bulk email, junk mail, or unsolicited commercial mail is also known as:

A. e-mail spamB. inbox clutterC. digital deliveryD. TMI

25. The practice of collecting and compiling email addresses is known as:

A. zombie networksB. wormsC. harvestingD. spamming

61 v2.0.38

Answers

1. C2. D3. A4. C5. C6. B7. C8. A, C9. A, C, D10. A, B, C, D11. B12. C13. can give personal information only with parental consent14. B15. A16. A, C, D17. D18. B19. B, C20. A, B, C, D21. C22. A, B, C, D23. A24. A25. C

CIPP_C_CBK_Tests 62

CIPP/C CBK Tests 11


CBK Tests

CIPP/C CBK Tests 11

Questions1. Which of the following is a potential medium for spam?

A. mobile phonesB. instant messaging programsC. blogsD. wikis

2. Which of the following is a process of attempting to acquire personal information by pretending to be a trustworthy entity?

A. spammingB. phishingC. social engineeringD. instant messaging

3. In recent years, phishers have targeted customers of:

A. banksB. online backup servicesC. remote applicationsD. online payment services

4. Which of the following collects pieces of information about computer users without their knowledge?

A. spamB. phishing attacksC. spywareD. adware

63 v2.0.38


A. Spyware secretly monitors the user's computer behavior. B. Other than monitoring the user, spyware cannot affect the computer in any other way. C. Spyware is usually installed on users' personal computers. D. Spyware is classified under the category "privacy-invasive software."

6. Anti-spyware software:

A. blocks spyware programsB. removes spyware programsC. traces spyware programs to their originatorD. intercepts spyware programs

7. Which of the following refers to a software package that automatically plays, displays, or downloads ads to a computer?

A. spamB. phishing attacksC. spywareD. adware

8. What is the objective of data inventory?

A. To establish different classifications of information that an organization must deal with. B. To follow the flow of each piece of information an organization comes into contact with. C. To follow and document the flow of each piece of information an organization must deal with. D. To ensure integrity and security of each piece of information an organization must deal with.

9. Personally identifiable information (PII) is defined as:

A. any piece of information that can uniquely identify an individualB. any piece of information that compromises the organizational privacy of a companyC. any information that compromises the physical privacy of an individualD. any information that can be used to trace an individual's identity

10. PII:

A. is always classified as sensitive informationB. is classified as sensitive information only under Canadian privacy lawC. is classified as sensitive only if it has been collected through Web sites or email

CIPP_C_CBK_Tests 64

D. may or may not be sensitive, depending on the context.

11. In organizations, data flow management refers to:

A. combining data from different channelsB. limiting the movement of information out of the organizationC. improving quality of dataD. increasing accessibility to data

12. In organizational data flow management, data flow tables describe:

A. each data elementB. collection of dataC. use of dataD. disclosure of data

13. A data dictionary refers to:

A. something that determines the structure of a database management systemB. a document that describes a database or several databasesC. a document that describes the scope of data collected from clientsD. a map that traces the path of data through an organization

14. The means of managing all databases on a system or network is known as:

A. DBMSB. data dictionaryC. database architectureD. DDMS

15. Which of the following is NOT a key element of DBMS?

A. administration of data structuresB. data query languageC. manipulation of records by multiple users simultaneouslyD. implementation of a modeling language

16. A DFD refers to:

A. the procedure for authorizing any disclosure of sensitive dataB. a graphical representation of the movement of data through an information systemC. the hierarchy of data management in an organizationD. a document that describes the scope of data collected from individuals or organizations

17. DFDs provide end users with:

65 v2.0.38

A. a more regulated system of data input. B. a better idea of how data input affects the system.C. a more anonymous method of inputting data. D. an increasingly secure method of inputting data.

18. End-user databases may consist of:

A. dynamically-generated Web pagesB. spreadsheetsC. word filesD. read-only databases

19. In database management, shareability refers to:

A. different people and processes using data at the same timeB. a graphical representation of the movement of data through an organizationC. a document that describes the use and disclosure of any personal information collectedD. a guarantee that input data will not be shared with other parties

20. An organization establishing a third-party relationship should conduct an assessment:

A. before selecting the third-partyB. periodically in the course of the relationshipC. after the contract has been fulfilledD. before contract renewal

21. Comprehensive assessment of third-party risk includes:

A. experience and ability to implement the proposed activityB. business reputationC. use of subcontractorsD. knowledge of consumer protection laws and regulations

22. Individual access and redress to information held by federal government agencies is provided for under the:

A. Privacy ActB. PIPEDAC. FOIPPAD. PHIPA

23. Individual access and redress to information held by private sector organizations is provided for under the:

CIPP_C_CBK_Tests 66

A. Privacy ActB. PIPEDAC. Quebec ActD. PHIPA

24. Contract management includes contracts made with:

A. employersB. vendorsC. customersD. supervisors/managers

25. The main areas of contract management activities include:

A. service delivery managementB. performance managementC. contract administrationD. relationship management

67 v2.0.38

Answers

1. A, B, C, D2. B3. A, D4. C5. B6. A, B, D7. D8. C9. D10. D, A11. A, C, D12. A, B, C, D13. A, B14. A15. C16. B17. B18. B, C, D19. A20. A, B, D21. A, B, C, D22. A23. B, C, D24. B, C25. A, B, C, D

CIPP_C_CBK_Tests 68

CIPP/C CBK Tests 12


CBK Tests

CIPP/C CBK Tests 12

Questions1. A public body that wishes to outsource outside Canada faces which of the following gaps in privacy protection?

A. The department/agency may be subject to more stringent privacy laws in the other jurisdiction. B. The other jurisdiction may not have legislation protecting personal information. C. It is a direct violation of the terms set out in the PIPEDA.D. It may be difficult to enforce the contract terms in a foreign country.

69 v2.0.38

Answers1. B, D

CIPP_C_CBK_Tests 70