Email Us [email protected]
LOG IN SIGN UP 0

Free IAPP CIPM Exam Questions

Try our Free Demo Practice Tests for Comprehensive CIPM Exam Preparation

  • IAPP CIPM Exam Questions
  • Provided By: IAPP
  • Exam: Certified Information Privacy Manager
  • Certification: Certified Information Privacy Manager
  • Total Questions: 278
  • Updated On: May 24, 2026
  • Rated: 4.9 |
  • Online Users: 556
Page No. 1 of 56
   
Add To Cart
  • Question 1
    • An organization's internal audit team should do all of the following EXCEPT?

      Answer: B
  • Question 2
    • Which of the following is a common disadvantage of a third-party audit?

      Answer: C
  • Question 3
    • SCENARIO
      Please use the following to answer the next question:
      As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your
      accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of
      relatively minor data breaches that could easily have been worse. However, you have not had a reportable
      incident for the three years that you have been with the company. In fact, you consider your program a model
      that others in the data storage industry may note in their own program development.
      You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward
      coherence across departments and throughout operations. You were aided along the way by the program's
      sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding
      of the need for change.
      Initially, your work was greeted with little confidence or enthusiasm by the company's "old guard" among both
      the executive team and frontline personnel working with data and interfacing with clients. Through the use of
      metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that
      easily could occur given the current state of operations, you soon had the leaders and key decision-makers
      largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each
      department and the development of a baseline privacy training program achieved sufficient "buy-in" to begin
      putting the proper procedures into place.
      Now, privacy protection is an accepted component of all current operations involving personal or protected data
      and must be part of the end product of any process of technological development. While your approach is not
      systematic, it is fairly effective.
      You are left contemplating:
      What must be done to maintain the program and develop it beyond just a data breach prevention program?
      How can you build on your success?
      What are the next action steps?
      What stage of the privacy operational life cycle best describes the company's current privacy program?

      Answer: D
  • Question 4
    • When conducting due diligence during an acquisition, what should a privacy professional avoid?

      Answer: B
  • Question 5
    • SCENARIO
      Please use the following to answer the next question:
      Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific
      Suites. In 1998, Briseño decided to change the hotel’s on-the-job mentoring model to a standardized training
      program for employees who were progressing from line positions into supervisory positions. He developed a
      curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to small
      groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software
      engineers to offer the program in an online format. The online program saved the cost of a trainer and allowed
      participants to work through the material at their own pace.
      Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne SilvaHayes expanded the training and offered it company-wide. Employees who completed the program received
      certification as a Pacific Suites Hospitality Supervisor. By 2001, the program had grown to provide industry-wide
      training. Personnel at hotels across the country could sign up and pay to take the course online. As the program
      became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training
      (PHT). The sole focus of PHT was developing and marketing a variety of online courses and course
      progressions providing a number of professional certifications in the hospitality industry.
      By setting up a user account with PHT, course participants could access an information library, sign up for
      courses, and take end-of-course certification tests. When a user opened a new account, all information was
      saved by default, including the user’s name, date of birth, contact information, credit card information,
      employer, and job title. The registration page offered an opt-out choice that users could click to not have their
      credit card numbers saved. Once a user name and password were established, users could return to check
      their course status, review and reprint their certifications, and sign up and pay for new courses. Between 2002
      and 2008, PHT issued more than 700,000 professional certifications.
      PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from elearning providers. By 2011, Pacific Suites was out of the online certification business and PHT was dissolved.
      The training program’s systems and records remained in Pacific Suites’ digital archives, un-accessed and
      unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling
      the archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their
      attention to crucial day-to-day operations. They planned to deal with the PHT materials once resources allowed.
      In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system
      exposed the credit card information of hundreds of hotel guests. While targeting the financial data on the
      reservation site, hackers also discovered the archived training course data and registration accounts of Pacific
      Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of recent
      hotel guests and the exfiltration of the PHT database with all its contents.
      A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports.
      Pacific Suites quickly notified credit card companies and recent hotel guests of the breach, attempting to
      prevent serious harm. Technical security engineers faced a challenge in dealing with the PHT data.
      PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing
      information. Pacific Suites has procedures in place for data access and storage, but those procedures were not
      implemented when PHT was formed. When the PHT database was acquired by Pacific Suites, it had no owner
      or oversight. By the time technical security engineers determined what private information was compromised, at
      least 8,000 credit card holders were potential victims of fraudulent activity.
      In the Information Technology engineers had originally set the default for customer credit card information to
      “Do Not Save,” this action would have been in line with what concept?

      Answer: B
PAGE: 1 - 56
   
Add To Cart

© Copyrights Dumpscity 2026. All Rights Reserved

We use cookies to ensure your best experience. So we hope you are happy to receive all cookies on the Dumpscity.