Beruflich Dokumente
Kultur Dokumente
G Concentration Prep
Materials
CBK Tests
Revision 2.0.28
CIPP Guide's G Concentration Prep Materials
CIPP_G_CBK_Tests Page 1
Table
of
Contents
i v. 2.0.28
Introduction
This booklet consolidates all of the tests from the CIPPguide website as of its date of
publication. Each chapter corresponds to a roughly 25 question test on site. At the end of
each chapter includes the answers. Explanations may be found on the website in the
interactive test engine. Best of luck on the exam!
1 v2.0.28
CIPP_G_CBK_Tests 2
CIPP_G_CBK
Test
1
Questions
1. What is the best way to describe the approach to privacy protection in the
United States?
2. The Housing Education and Welfare Report of 1973 lead directly to the creation
of which of the following?
3. Which part of the Health Insurance Portability and Accountability Act sets
requirements for the use of protected health information (PHI)?
3 v2.0.28
C. individuals with health insurance
D. any entity in compliance with HIPAA
5. Individuals that wish to receive a copy of their medical files and protected
health information must:
6. ---- is the term for an agreement covered entities enter into with third parties
before disclosing PHI to ensure the information will be adequately protected once
released.
A. cases in which disclosure of PHI is allowed without the prior approval the
individual
B. cases in which access to PHI may be denied
C. cases in which a covered entity is not held responsible for a privacy violation
D. cases in which an individual need not receive notice of a covered entity's
privacy practices
CIPP_G_CBK_Tests 4
B. HIPAA is highly enforced by the U.S. Government.
C. The Department of Health and Human Services, Office of Civil Rights is in charge
of enforcement.
D. The Federal Trade Commission is in charge of enforcement.
11. -------- is the US Federal agency with enforcement power of the Children's
Online Privacy and Protection Act?
13. Which of the following were COPPA and other privacy related violations
addressed in the FTC Enforcement Case against Gateway Learn- Hooked on Phonics?
A. collecting PII from children under the age of 13 without parental consent
B. disclosing information collected from children under the 13 to third parties
without parental consent
C. retroactively changing privacy policies
D. failing to notify parents regarding changes in privacy policies
14. What information may a Web site operator collect from a child without prior
parental consent?
A. his name
B. his phone number
C. his email address
D. his age
15. Cases in which PII may be collected from a child without the prior approval of
the parent:
16. Which of the following types of Web sites must comply with COPPA?
5 v2.0.28
A. the U.S. Government
B. only Web sites operated in the United States targeting children under the age of
13.
C. all Web sites, regardless of location, targeting children under the age of 13.
D. all Web sites
17. Which of the following are verifiable consent options for Web sites that may
disclose information to third parties?
A. toll-free line staffed by professionals to receive verbal consent over the phone
B. a printable form that may be mailed of faxed back
C. a Web form the parent may fill out
D. email verification
18. What is an additional verifiable consent options for companies that only plan
to use children's PII internally?
20. Who must comply with the Safeguards rule of the Gramm-Leach-Bliley Act?
22. What is a customer as defined under the Gramm Leach Bliley Act?
CIPP_G_CBK_Tests 6
A. any individual that makes use of a financial institution's services
B. any individual with whom the financial institution has done business with in the
past,
C. any individual with a long-standing relationship with a financial institution
D. any individual with a history on file with a credit reporting agency.
23. What information is protected under the Privacy Rule of the Gramm-Leach-Bliley
Act?
25. Examples of safeguards to be used pursuant to the Safeguards Rule of the Gramm-
Leach-Bliley Act include:
A. remote access
B. employee training
C. encryption
D. disaster recovery plans
7 v2.0.28
Answers
1. A, B
2. A, D
3. C
4. B
5. B, D
6. D
7. B, C, D
8. A
9. D
10. B, C
11. A
12. B
13. B, C, D
14. A, C
15. B, D
16. A, B, C
17. A, B
18. C
19. A
20. A, C, D
21. B
22. C
23. C
24. A, B, D
25. B, C, D
CIPP_G_CBK_Tests 8
CIPP_G_CBK
Test
2
Questions
1. Which Federal law provides a model for how Government security programs should
be developed and implemented?
2. What are the three main components of a successful information security program?
9 v2.0.28
5. Which of the following responsibilities outlined under Appendix I of OMB
Circular A-130 must only be followed by the specified agency?
A. The National Archives and Records must review System of Records Notice every two
years.
B. The Office of Personnel Management must create privacy training programs for
government employees.
C. The Office of Management and Budget must assist agencies in implementing the
Privacy Act by providing guidelines.
D. The Office of Management and Budget must review privacy training programs every
two years.
6. How often must Privacy Act and Matching Program Reports be published by
government agencies?
A. annually
B. only upon major changes
C. every two years
D. twice a year
A. cost/benefit analysis
B. list of any matching agreement violations
C. results of the matching program
D. information about the Data Integrity Board
10. Which of the following are the three stages for implementing and managing
information systems?
A. selection
B. control
CIPP_G_CBK_Tests 10
C. compliance
D. evaluation
13. Which of the following are other names for files sharing technology?
A. Peer to Peer
B. P3P
C. P2P
D. networking
14. Why was the use of file sharing technology banned under M-04-26?
15. What are the three recommendations put forth in OMB Memorandum 04-26 to prevent
the use of file sharing technology by government employees?
16. OMB Memorandum 05-08 called for the designation of a privacy officer in
government agencies pursuant to the recommendations in Executive Order 13353 which:
11 v2.0.28
D. gave the FTC power to enforce privacy violations
18. OMB Memorandum 06-15 reiterates which aspect of the Privacy Act?
A. notice
B. consent
C. minimizations
D. safeguarding data
19. What are the three types of safeguards that must be implemented to adequately
safeguard information?
A. technical
B. electronic
C. physical
D. administrative
A. a time-out function
CIPP_G_CBK_Tests 12
B. encryption
C. two-factor authentication
D. restricted access to sensitive information
23. Under OMB Memorandum 06-16 data extracts containing sensitive information that
is no longer being used should be deleted:
A. within 24 hours
B. within 30 days
C. within 90 days
D. within one year
25. Which of the following are part of the remote access checklist issued by NIST
and reiterated in M-06-16 to safeguard sensitive information?
A. PII at increased security risk due to remote access may not be accessed, used,
or disclosed.
B. PII at increased security risk due to remote access must be identified.
C. Organizational policy must be reviewed for compliance and efficacy.
D. Virtual Private Networks should be used to increase security controls and
provide further authentication of the user's identity.
13 v2.0.28
Answers
1. B
2. A
3. D
4. A, B, C
5. B, C
6. C
7. B, C, D
8. A, B, D
9. B, C, D
10. A, B, D
11. A, D
12. B, C
13. A, C
14. A, B, C
15. B, C, D
16. A
17. B, D
18. D
19. A, C, D
20. B
21. C
22. A, B, C
23. C
24. B
25. B, C, D
CIPP_G_CBK_Tests 14
CIPP_G_CBK
Test
3
Questions
1. What are some of the benefits of sharing PII among government agencies?
A. improved efficiency
B. identifies and prevents fraud
C. helps find beneficiaries of public programs
D. allows more information to be collected
15 v2.0.28
A. Privacy Act
B. FISMA
C. Freedom of Information Act
D. the Children's Online Privacy Protection Act
5. Which of the following are examples in which a Privacy Impact Assessment must be
completed?
6. Which of the following are among the agency requirements outline in M-03-22 for
implementing the E-Government Act?
7. OMB Memorandum added what two content areas to agency privacy policies?
8. Under the E-Government Act and M-03022, all agency privacy policies must:
A. be password protected
B. be machine-readable
C. follow a standard agency template
D. be updated biennially
10. M-03-22 modifies previous OMB Memoranda such as M-99-18, M-00-13, M99-05, which
concern:
CIPP_G_CBK_Tests 16
C. internet privacy policies
D. general privacy responsibilities of an agency
11. The ------------ issued OMB Memoranda 07-16 "Safeguarding Against and
Responding to the Breach of Personally Identifiable Information."
12. What was the primary requirement issued to agencies by OMB M-07-16
"Safeguarding Against and Responding to the Breach of Personally Identifiable
Information?"
13. Which of the following factors affect an agency's decision on how or when to
alert individuals over data breaches involving their PII?
A. personal visit
B. telephone
C. newspapers or other media
D. e-mail
15. To whom does the Rules and Consequences Policy required under M-07-16 apply?
A. agency heads
B. all federal employees
C. all federal employees handling PII
D. third parties that the Federal Government may hire to process PII
17 v2.0.28
D. the US Computer Emergency Readiness Team
17. What significant change to reporting procedure was issued in OMB Memorandum 06-
19?
19. ---- is the government department that issues memoranda regarding the use of
government employee information.
20. According to the Office of Personnel Management, -------- should be used when
transporting or transmitting electronic data containing Social Security Numbers.
A. biometric identifiers
B. encryption
C. physical safeguards
D. all of the above
22. The September 20, 2006 OMB Memorandum on ID Theft related data breach
notification recommends that every agency have an initial response group that
includes:
CIPP_G_CBK_Tests 18
B. the Chief Legal Officer
C. the Agency's Inspector General
D. All of the anove
23. Under OMB guidelines which of the following would constitute a risk of ID
theft?
24. Which of the following are factors which determine the level of risk of ID
theft due to a data breach?
25. Why do agencies only alert individuals of data breaches when a significant risk
of ID theft has occurred?
19 v2.0.28
Answers
1. A, B, C
2. A, C, D
3. B
4. D
5. A, B, D
6. A, B, C
7. C, D
8. B
9. A
10. B, C, D
11. C
12. D
13. A, C, D
14. B, C, D
15. C
16. D
17. C
18. B, D
19. C
20. B
21. B
22. D
23. B, C, D
24. D
25. B, C, D
CIPP_G_CBK_Tests 20
CIPP_G_CBK
Test
4
Questions
1. Why was the Safe Harbor agreement created?
2. What are the main reasons the European Union finds data protection in the U.S.
to be inadequate?
A. Ensure the data protection laws of the receiving country are equal to those of
the originating country
B. Add additional encryption and other security controls
C. Ensure the receiving entity will provide equal data protection even if they are
not already required to do so by the local laws
D. Relinquish rights to the data
21 v2.0.28
B. The Federal Register
C. On display at the agency's location
D. The agency's website
5. The ----__ must be consulted for approval when a government agency collects
information from more than ten people which may require disclosure.
6. What is the government agency in charge of handling workforce related isues for
Federal employees?
A. To ensure that people working with children, the elderly, and the disabled don't
have a criminal record
B. To determine security clearance for individuals
C. To verify credentials
D. To sort through large pools of candidates
A. Height and weight if there are specific height and weight restrictions in order
to perform the job function
B. Ethnic background
C. Current and past illegal drug use
D. A photograph
9. Which of the following may not be asked of a candidate during the interview
process under U.S. law?
10. The Office of Management and Budget is required to submit general reports to
Congress on Government implementation of which laws?
CIPP_G_CBK_Tests 22
A. The Federal Information Security Management Act
B. The Privacy Act
C. Computer Matching Act
D. E-Government Act
11. What is the purpose of the semiannual reports the Inspector General of many
agencies must make to Congress?
12. Which agency performs audits of the U.S. Government and reports to Congress and
the public regarding the use of funding in different agencies?
13. Which agency reports to Congress each year on the number of requests received
by government agencies to perform electronic surveillance under the Foreign
Intelligence Surveillance Act?
14. The Securities and Exchange Commission publishes an annual report which
includes:
A. Major enforcement cases conducted by the agency for fraudulent behavior with
regard to securities
B. A performance summary of the agency
C. A listing of all SEC filings
D. An analysis of the governments financial holdings in terms of securities
15. Which agency publishes reports on work force hiring in the Federal Government
and the private sector?
23 v2.0.28
16. In terms of data protection, what is the most important thing to consider in
the data lifecycle?
17. Which U.S. Law greatly expanded the financial reporting requirements originally
issued under the Bank Secrecy Act?
18. What is the minimum amount for a general transaction that requires the filing
of a Currency Transaction Report under the Bank Secrecy Act?
A. $5000
B. $10000
C. $25000
D. $100000
20. When must a Suspicious Activity Report be filed as required under the Bank
Secrecy Act?
A. When there is a suspected crime involving $5,000 or more and a probable suspect
B. When there is suspected criminal activity involving $10,000 or more and a
probable suspect
C. When there is suspected criminal activity and no probable suspect can be
identified
D. When an insider is suspected of committing or aiding a crime
CIPP_G_CBK_Tests 24
22. The Foreign Intelligence Surveillance Act protects:
A. U.S. citizens
B. Permanent residents
C. Anyone with a valid U.S. Visa
D. U.S. Companies
24. Under the Foreign Intelligence Surveillance Act, when may warrantless
surveillance take place?
A. For a period of one year for any individual for which there is reasonable cause
to suspect they are an agent of foreign power
B. For a period of one year if the surveillances is not expected to involved a U.S.
person and there is reasonable cause to suspect they are an agent of foreign power
C. For fifteen days following a declaration of war by Congress
D. On groups engaged in international terrorism
25. What information from the FISA court, which oversees requests for surveillance,
is available to the public?
25 v2.0.28
Answers
1. B, C
2. B, C, D
3. A, C
4. B, D
5. D
6. B
7. A, B, C
8. A, C
9. A, B, D
10. A, D
11. A, C
12. D
13. B
14. A, B
15. C
16. D
17. C
18. B
19. A, C
20. A, C, D
21. C, D
22. A, B, D
23. C, D
24. B, C
25. D
CIPP_G_CBK_Tests 26
CIPP_G_CBK
Test
5
Questions
1. Under OMB Memorandum 06-20, how often must agency privacy updates be submited to
support the President's Management Agenda scorecard?
A. Annually
B. Quarterly
C. Biannually
D. Biennially with the Privacy Act Report
2. Information systems that are -------- must be reported to the OMB and Congress
under Memorandum 06-20.
4. OMB M-07-19 required all agencies to attach the report required under OMB M-07-
16 to their report to congress. OMB M-07-16 dealt primarily with:
27 v2.0.28
B. Creating privacy programs
C. Safeguarding against the breach of personal information
D. Reporting Agency complaints and responses
6. How many different classes of privacy complaints are outlined in OMB M-08-09
which must be reported to Congress?
A. One
B. Three
C. Five
D. Ten
7. Why might an agency have multiple privacy policies for its website?
A. The changes may be applied to information collected prior to the policy date
without the individual's consent.
B. The changes only apply to information collected after the policy date.
C. The individual must be notified of the changes and given the right to withdraw
their consent
D. The changes must be posted conspicuously on the website.
A. Technical safeguards
B. Education and Training on privacy responsibilities for employees
C. Issuing reprimands and consequences for employees failing to protect privacy
D. Password protection
10. Which of the following are ways government agencies can ensure clear and
ongoing communication about privacy issues with their employees?
CIPP_G_CBK_Tests 28
A. Periodic privacy training sessions.
B. Alerting employees of all non-compliance that takes place
C. Sending out periodic privacy bulletins
D. Requiring annual signing of a rules and consequences policy
11. Which of the following are among the eight principles/processes guiding inter-
agency data sharing under M-01--05
12. Which of the following falls under the privacy principle of accountability as
required in inter-agency data sharing?
13. ---- may be transmitted without protection because it does not pose a
significant risk of harm to the individual if the data is compromised.
A. Personal information
B. Sensitive information
C. Non-sensitive personally identifiable information
D. Public record information
14. Which of the following types of information must use encryption protection when
transmitted electronically?
A. Criminal history
B. Medical information
C. Name and address
D. Date and place of birth
A. Minimization
B. Redisclosure limitations
C. Integrity
D. Accountability
29 v2.0.28
A. Make a distinction between paper and electronic records in terms of level of
protection
B. Provide stronger protections for paper records
C. Provide stronger records for electronic records
D. Do not make a distinction between the two
18. Agencies must consider the location where PII is stored because:
A. Different states have different laws guiding the use of PII by the government
B. Different locations around the country have varying levels of security
capabilities
C. Data protections and storage locations are determined by the frequency and use
of the PII
D. Part of security includes creating physical safeguards such as locked offices,
security officers and equipment and biometric passwords.
22. Which of the Fair Information Practices does the Common Rule for Protection of
Human Subjects stress/enforce the most?
CIPP_G_CBK_Tests 30
A. Notice
B. Consent
C. Integrity
D. Accountability
23. This type of audit or review should be performed before implementing a new
information system:
24. Why are regular privacy and security audits of an information system necessary?
A. To ensure compliance
B. To develop stronger security controls
C. Because privacy and security risks can change as technologies develop
D. All of the above
A. May not be disclosed in identifiable form for any other use other than
statistical information
B. May disclose PII to other agencies for purposes other than statistical
information only with the consent of the individual
C. Must be authorized by the head of the disclosing agency to make sure no other
laws are violated
D. All of the above
31 v2.0.28
Answers
1. B
2. A
3. A, B, C
4. C
5. D
6. B
7. A, B, C
8. B, C, D
9. B, C
10. A, C, D
11. A, B, C
12. A, C
13. C
14. A, B, D
15. A
16. D
17. A
18. B, C
19. B, C
20. C
21. D
22. B
23. B
24. D
25. D
CIPP_G_CBK_Tests 32
CIPP_G_CBK
Test
6
Questions
1. Which financial privacy law was created in reaction to a series of district and
federal court rulings?
2. What were the three main purposes for which the Right to Financial Privacy Act
was designed?
A. Individuals
B. Private corporations
C. Trusts and estates
D. All of the above
33 v2.0.28
A. The Federal government
B. State & local governments
C. Private third parties
D. All of the above
5. Under the Right to Financial Privacy Act, notice is given to customers when:
6. Under the Right to Financial Privacy Act, in order to gain access to financial
information, a government agency must provide:
7. Which of the following may be considered financial institutions under the Right
to Financial Privacy Act?
A. Casinos
B. The Post Office
C. Credit Unions
D. Schools
A. Wire transfers
B. Communications from a tracking device
C. Radio transfers
D. Photo-electric and photo-optical systems
A. Prohibits the use of pen registers and tracing devices without a warrant.
B. Protect store communications
CIPP_G_CBK_Tests 34
C. Protects communications in transit
D. All of the above
A. Prohibits the use of pen registers and tracing devices without a warrant.
B. Protect store communications
C. Protects communications in transit
D. All of the above
A. Prohibits the use of pen registers and tracing devices without a warrant.
B. Protect store communications
C. Protects communications in transit
D. All of the above
13. Why is protection of data even more relevant today than it was when the
Electronic Communications Privacy Act was originally passed?
A. It does not adequately protect all the technology and uses of electronic
communiction in practice today
B. There is no judicial review to oversee the issuing of warrants
C. The protection granted email is unclear
D. The act restricts the government's ability to investigate national security
threats
A. Title I
B. Title II
C. Title III
D. All of the above
16. The USA PATRIOT Act allowed which of the following changes?
35 v2.0.28
C. Increased ability for the government to search electronic communications, and
financial, medical and other private records
D. Expanded the techniques that may be use by the U.S. government to gather
intelligence information
17. Which of the following are U.S. privacy laws modified by the USA-PATRIOT Act?
18. Which of the following are changes made by the USA-PATRIOT Act with regard to
accessing electronic information?
20. How did the USA-PATRIOT Act change the government's ability to gather foreign
intelligence information?
CIPP_G_CBK_Tests 36
C. A warrant allowing surveillance without a specific target
D. A warrant with delayed notification to the targeted individual
23. Which provision of the USA-PATRIOT act has been contested in court for
violating the fourth amendment?
A. Roving wiretaps
B. "Sneak & Peak" Warrants
C. Duration of FISA surveillance
D. Use of pen registers and other tracing devices
24. Title II of the USA-PATRIOT Act allows the FBI to order the reproduction of all
books, reports, records and documents related to an individual during the course of
an investigation involving national security unless:
37 v2.0.28
Answers
1. B
2. A, B, D
3. A
4. A
5. B, C
6. A, B, C
7. A, B, C
8. D
9. A, C, D
10. C
11. B
12. A
13. D
14. A, B, C
15. A
16. B, C, D
17. B, D
18. A, B
19. C
20. A, C
21. D
22. C
23. B
24. C
25. D
CIPP_G_CBK_Tests 38
CIPP_G_CBK
Test
7
Questions
1. The Rearing and Empowering America for Longevity Against Acts of International
Destruction is otherwise known as?
2. The issuing of Driver's licenses and other ID cards falls under the jurisdiction
of:
A. Local governments
B. County governments
C. States governments
D. Federal government
3. If a state does not meet the requirements of the REAL ID Act, license holders:
A. Cardholder's signature
B. Cardholder's photograph
C. Cardholder's date of birth
39 v2.0.28
D. All of the above
A. Electro-magnetic strip
B. Common machine readable technology
C. Holograms
D. Raised characters
6. Which of the following are not changes made by the REAL ID act?
A. States must share motor vehicle information with all entities participating in
the Driver's License Agreement
B. States must share motor vehicle information with other states
C. Immigrants seeking asylum may be asked to present corroborating evidence
D. Stricter rules for required documentation in order to apply for an ID card
8. All of the following are exemptions under which the government can deny access
to data under the FOIA except:
A. Geological information
B. Law enforcement records
C. Birth/death records
D. Intra-agency memos
A. Congressional records
B. Judicial records
C. Federal Agency records
D. All of the above
CIPP_G_CBK_Tests 40
11. Which of the following is considered "compelling need" for the fulfillment of
an FOIA expedited request?
14. If a requested document contains information that may remain confidential under
one of the FOIA exemptions then:
A. Is illegal
B. Allows the government to assess fees for similar requests
C. Deters FOIA requests
D. Can happen in theory but does not often occur in practice
16. Agencies can charge what type of fees for an FOIA request?
41 v2.0.28
D. Duplication fees
17. Which of the following is not a reason a requestor may appeal an FOIA request?
18. Why are so many FOIA requests denied when they should be fulfilled?
A. Budgeting constraints
B. The requested information is difficult to retrieve
C. There is a large backlog of requests
D. Rules are unclear for what may and may not be released
19. A requestor whose requests and appeals are repeatedley denied may:
A. The President
B. The Department of Justice
C. The FCC
D. Congress
A. Establishing fair use practice principles for information collected by the U.S.
Government
B. Controlling the disclosure of personally identifiable information
C. Ensuring transparency and access by outlawing secret records systems
D. All of the above
CIPP_G_CBK_Tests 42
A. Accountability
B. Accessibility
C. Minimization
D. Consent
24. Under the Privacy Act, with regard to a system of records, an individual may:
43 v2.0.28
Answers
1. B
2. C
3. D
4. D
5. B
6. A
7. A
8. C
9. C
10. B
11. D
12. C
13. B
14. C
15. B
16. D
17. A
18. C
19. C
20. D
21. A
22. D
23. C
24. B
25. B
CIPP_G_CBK_Tests 44
CIPP_G_CBK
Test
8
Questions
1. ----- is "any group of records under the control of any agency from which
information is retrieved by the name of an individual or by some identifying
number, symbol, or other identifying particular assigned to the individual"
A. An information system
B. A PII database
C. System of Records
D. Social Security database
3. Which of the following are requirements for data management under the Privacy
Act of 1974?
A. Information must be used for the purposes under which it was originally
collected
B. Information may not be disclosed to third parties without prior consent of the
individual
C. Individuals must be able to amend erroneous information maintained about them
D. All of the above
45 v2.0.28
A. May be shared freely with other government agencies
B. may be shared freely with government agencies and state governments
C. Must use data sharing agreements when sharing information with state governments
D. Must use data sharing agreements when sharing information with other agencies
A. A data sharing agreement must be signed between the two agencies participating
in the matching program
B. The data sharing agreement must be given to Congress
C. The data sharing agreement must be shared with the public
D. All of the above
7. What is the practice defined in the Privacy Act, which allows PII to be used for
additional purposes without the consent the individual
A. Compelling need
B. Exceptional circumstances
C. Routine use
D. Exceptional use
8. Contractors:
A. May never be hired to manage system of records on behalf of the U.S. Government
B. Effectively become government employees when contracted to work with a system of
records and must follow the requirements of the privacy act
C. Must destroy all PII from a system of records once the contract has been
fulfilled
D. May not work with non-government clients when fulfilling a contract for a U.S.
agency
A. Biennially
B. Whenever a system of records is created
C. Whenever a system of records adds new routine uses for the information it
contains
D. All of the above
CIPP_G_CBK_Tests 46
A. The location of a system of records
B. Privacy practices and usage policies for the system of records
C. Information on the efficacy of the system of records
D. The types of data a system of records maintains
11. What is the purpose of periodic reviews under the Privacy Act?
13. Agencies must provide notice to individuals about the use of their information:
A. In writing
B. Through the federal register
C. When changes occur to how their information is handled
D. All of the above
14. Which of the following is not usually included in notice given to individual's
under the Privacy Act?
15. Which of the following are records exempt from following the rules of the
Privacy Act?
A. Congressional records
B. Judicial records
C. State Records
D. All of the above
47 v2.0.28
C. Specifying the privacy protections granted to information collected and
maintained electronically by government agencies
D. All of the above
19. The E-Government Act applies privacy protections to the web already guaranteed
by which privacy law?
20. Which of the following are old OMB requirements modified by the E-Government
Act?
A. Electronic media may be used if it is cost effective and most users have the
training to access the information
B. Privacy must be considered whe developing new policies
C. Records must reflect government activity
D. The sharing of PII should be limited
21. Each privacy policy must notify individuals of their rights under:
CIPP_G_CBK_Tests 48
C. All of the above
D. None of the above
49 v2.0.28
Answers
1. C
2. C
3. D
4. D
5. D
6. A
7. C
8. B
9. D
10. C
11. D
12. B
13. D
14. B
15. D
16. C
17. A
18. B
19. B
20. A
21. D
22. C
23. A
24. B
25. A
CIPP_G_CBK_Tests 50
CIPP_G_CBK
Test
9
Questions
1. OMB M-00-13
51 v2.0.28
5. A PIA should be conducted:
7. The following are exceptions to the rule regarding conducting PIAs except for:
9. What is the main difference between a Privacy Impact Assessment and a System of
Records Notice?
CIPP_G_CBK_Tests 52
B. System of Records Notice
C. E-Government Act status report
D. Privacy report
12. What main privacy contribution did the Consolidated Appropriations Act of 2005
make?
16. Which of the following is no included in the third party review required under
the Consolidated Appropriations Act of 2005?
17. The main purpose of the Data Quality Act of 2002 was to:
53 v2.0.28
D. All of the above
19. The ----- created guidelines for other government agencies to create their own
data quality guidelines
A. Unbiased information
B. Information is protected from disclosure
C. Information is protected from unauthorized access/revision
D. Usefulness
A. Unbiased information
B. Presentation of information as unbiased
C. Information from an unbiased source
D. Cooperating with the press
24. What are the agency reporting requirements under the Data Quality Act?
CIPP_G_CBK_Tests 54
A. Publish agency requirements within one year
B. Report to Congress every two years
C. Publish agency requirements within one year and send an annual report to
Congress
D. Publish agency requirements within one year and send a report to Congress
biennially
55 v2.0.28
Answers
1. C
2. C
3. B
4. D
5. A
6. C
7. D
8. A
9. D
10. A
11. C
12. D
13. D
14. C
15. D
16. C
17. B
18. B
19. A
20. B
21. C
22. B
23. A
24. C
25. D
CIPP_G_CBK_Tests 56