CIPM Exam - Page 3 - ExamTopics
Uploaded by
kayleesocoolCIPM Exam - Page 3 - ExamTopics
Uploaded by
kayleesocool- Expert Verified, Online, Free.
Custom View Settings
Question #101 Topic 1
Which term describes a piece of personal data that alone may not identify an individual?
A. Unbundled data
B. A singularity
C. Non-aggregated infopoint
D. A single attribute Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #102 Topic 1
SCENARIO -
Please use the following to answer the next question:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for
several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget
vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit
card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the
Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third
parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the
“misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters,
however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues
of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of
revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data
cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a
small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared
conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
After conducting research, you discover a primary data protection issue with cloud computing. Which of the following should be your biggest
concern?
A. An open programming model that results in easy access
B. An unwillingness of cloud vendor to provide security information Most Voted
C. A lack of vendors in the cloud computing market
D. A reduced resilience of data structures that may lead to data loss.
Correct Answer: B
Community vote distribution
B (67%) D (33%)
Question #103 Topic 1
SCENARIO -
Please use the following to answer the next question:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for
several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget
vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit
card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the
Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third
parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the
“misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters,
however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues
of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of
revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data
cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a
small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared
conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
What is the best way to prevent the Finnish vendor from transferring data to another party?
A. Restrict the vendor to using company security controls
B. Offer company resources to assist with the processing
C. Include transfer prohibitions in the vendor contract Most Voted
D. Lock the data down in its current location
Correct Answer: C
Community vote distribution
C (100%)
Question #104 Topic 1
SCENARIO -
Please use the following to answer the next question:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for
several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget
vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit
card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the
Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third
parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the
“misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters,
however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues
of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of
revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data
cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a
small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared
conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
What process can best answer your questions about the vendor’s data security safeguards?
A. A second-party of supplier audit Most Voted
B. A reference check with other clients
C. A table top demonstration of a potential threat
D. A public records search for earlier legal violations
Correct Answer: B
Community vote distribution
A (100%)
Question #105 Topic 1
SCENARIO -
Please use the following to answer the next question:
Your organization, the Chicago (U.S.)-based Society for Urban Greenspace, has used the same vendor to operate all aspects of an online store for
several years. As a small nonprofit, the Society cannot afford the higher-priced options, but you have been relatively satisfied with this budget
vendor, Shopping Cart Saver (SCS). Yes, there have been some issues. Twice, people who purchased items from the store have had their credit
card information used fraudulently subsequent to transactions on your site, but in neither case did the investigation reveal with certainty that the
Society’s store had been hacked. The thefts could have been employee-related.
Just as disconcerting was an incident where the organization discovered that SCS had sold information it had collected from customers to third
parties. However, as Jason Roland, your SCS account representative, points out, it took only a phone call from you to clarify expectations and the
“misunderstanding” has not occurred again.
As an information-technology program manager with the Society, the role of the privacy professional is only one of many you play. In all matters,
however, you must consider the financial bottom line. While these problems with privacy protection have been significant, the additional revenues
of sales of items such as shirts and coffee cups from the store have been significant. The Society’s operating budget is slim, and all sources of
revenue are essential.
Now a new challenge has arisen. Jason called to say that starting in two weeks, the customer data from the store would now be stored on a data
cloud. “The good news,” he says, “is that we have found a low-cost provider in Finland, where the data would also be held. So, while there may be a
small charge to pass through to you, it won’t be exorbitant, especially considering the advantages of a cloud.”
You begin to research and discover that a number of the leading cloud service providers have signed a letter of intent to work together on shared
conventions and technologies for privacy protection. You make a note to find out if Jason’s Finnish provider is signing on.
What is the best way for your vendor to be clear about the Society’s breach notification expectations?
A. Include notification provisions in the vendor contract Most Voted
B. Arrange regular telephone check-ins reviewing expectations
C. Send a memorandum of understanding on breach notification
D. Email the regulations that require breach notifications
Correct Answer: A
Community vote distribution
A (100%)
Question #106 Topic 1
What is the function of the privacy operational life cycle?
A. It establishes initial plans for privacy protection and implementation
B. It allows the organization to respond to ever-changing privacy demands Most Voted
C. It ensures that outdated privacy policies are retired on a set schedule
D. It allows privacy policies to mature to a fixed form
Correct Answer: B
Community vote distribution
B (100%)
Question #107 Topic 1
Which is the best way to view an organization’s privacy framework?
A. As an industry benchmark that can apply to many organizations
B. As a fixed structure that directs changes in the organization
C. As an aspirational goal that improves the organization
D. As a living structure that aligns to changes in the organization Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #108 Topic 1
An organization is establishing a mission statement for its privacy program. Which of the following statements would be the best to use?
A. This privacy program encourages cross-organizational collaboration which will stop all data breaches
B. Our organization was founded in 2054 to reduce the chance of a future disaster like the one that occurred ten years ago. All individuals
from our area of the country should be concerned about a future disaster. However, with our privacy program, they should not be concerned
about the misuse of their information.
C. The goal of the privacy program is to protect the privacy of all individuals who support our organization. To meet this goal, we must work to
comply with all applicable privacy laws. Most Voted
D. In the next 20 years, our privacy program should be able to eliminate 80% of our current breaches. To do this, everyone in our organization
must complete our annual privacy training course and all personally identifiable information must be inventoried.
Correct Answer: C
Community vote distribution
C (100%)
Question #109 Topic 1
SCENARIO -
Please use the following to answer the next question:
You lead the privacy office for a company that handles information from individuals living in several countries throughout Europe and the
Americas. You begin that morning’s privacy review when a contracts officer sends you a message asking for a phone call. The message lacks
clarity and detail, but you presume that data was lost.
When you contact the contracts officer, he tells you that he received a letter in the mail from a vendor stating that the vendor improperly shared
information about your customers. He called the vendor and confirmed that your company recently surveyed exactly 2000 individuals about their
most recent healthcare experience and sent those surveys to the vendor to transcribe it into a database, but the vendor forgot to encrypt the
database as promised in the contract. As a result, the vendor has lost control of the data.
The vendor is extremely apologetic and offers to take responsibility for sending out the notifications. They tell you they set aside 2000 stamped
postcards because that should reduce the time it takes to get the notice in the mail. One side is limited to their logo, but the other side is blank
and they will accept whatever you want to write. You put their offer on hold and begin to develop the text around the space constraints. You are
content to let the vendor’s logo be associated with the notification.
The notification explains that your company recently hired a vendor to store information about their most recent experience at St. Sebastian
Hospital’s Clinic for Infectious Diseases. The vendor did not encrypt the information and no longer has control of it. All 2000 affected individuals
are invited to sign-up for email notifications about their information. They simply need to go to your company’s website and watch a quick
advertisement, then provide their name, email address, and month and year of birth.
You email the incident-response council for their buy-in before 9 a.m. If anything goes wrong in this situation, you want to diffuse the blame
across your colleagues. Over the next eight hours, everyone emails their comments back and forth. The consultant who leads the incident-
response team notes that it is his first day with the company, but he has been in other industries for 45 years and will do his best. One of the three
lawyers on the council causes the conversation to veer off course, but it eventually gets back on track. At the end of the day, they vote to proceed
with the notification you wrote and use the vendor’s postcards.
Shortly after the vendor mails the postcards, you learn the data was on a server that was stolen, and make the decision to have your company
offer credit monitoring services. A quick internet search finds a credit monitoring company with a convincing name: Credit Under Lock and Key
(CRUDLOK). Your sales rep has never handled a contract for 2000 people, but develops a proposal in about a day which says CRUDLOK will:
Send an enrollment invitation to everyone the day after the contract is signed.
Enroll someone with just their first name and the last-4 of their national identifier.
Monitor each enrollee’s credit for two years from the date of enrollment.
Send a monthly email with their credit rating and offers for credit-related services at market rates.
Charge your company 20% of the cost of any credit restoration.
You execute the contract and the enrollment invitations are emailed to the 2000 individuals. Three days later you sit down and document all that
went well and all that could have gone better. You put it in a file to reference the next time an incident occurs.
Which of the following elements of the incident did you adequately determine?
A. The nature of the data elements impacted
B. The likelihood the incident may lead to harm Most Voted
C. The likelihood that the information is accessible and usable
D. The number of individuals whose information was affected
Correct Answer: B
Community vote distribution
B (63%) D (38%)
Question #110 Topic 1
SCENARIO -
Please use the following to answer the next question:
You lead the privacy office for a company that handles information from individuals living in several countries throughout Europe and the
Americas. You begin that morning’s privacy review when a contracts officer sends you a message asking for a phone call. The message lacks
clarity and detail, but you presume that data was lost.
When you contact the contracts officer, he tells you that he received a letter in the mail from a vendor stating that the vendor improperly shared
information about your customers. He called the vendor and confirmed that your company recently surveyed exactly 2000 individuals about their
most recent healthcare experience and sent those surveys to the vendor to transcribe it into a database, but the vendor forgot to encrypt the
database as promised in the contract. As a result, the vendor has lost control of the data.
The vendor is extremely apologetic and offers to take responsibility for sending out the notifications. They tell you they set aside 2000 stamped
postcards because that should reduce the time it takes to get the notice in the mail. One side is limited to their logo, but the other side is blank
and they will accept whatever you want to write. You put their offer on hold and begin to develop the text around the space constraints. You are
content to let the vendor’s logo be associated with the notification.
The notification explains that your company recently hired a vendor to store information about their most recent experience at St. Sebastian
Hospital’s Clinic for Infectious Diseases. The vendor did not encrypt the information and no longer has control of it. All 2000 affected individuals
are invited to sign-up for email notifications about their information. They simply need to go to your company’s website and watch a quick
advertisement, then provide their name, email address, and month and year of birth.
You email the incident-response council for their buy-in before 9 a.m. If anything goes wrong in this situation, you want to diffuse the blame
across your colleagues. Over the next eight hours, everyone emails their comments back and forth. The consultant who leads the incident-
response team notes that it is his first day with the company, but he has been in other industries for 45 years and will do his best. One of the three
lawyers on the council causes the conversation to veer off course, but it eventually gets back on track. At the end of the day, they vote to proceed
with the notification you wrote and use the vendor’s postcards.
Shortly after the vendor mails the postcards, you learn the data was on a server that was stolen, and make the decision to have your company
offer credit monitoring services. A quick internet search finds a credit monitoring company with a convincing name: Credit Under Lock and Key
(CRUDLOK). Your sales rep has never handled a contract for 2000 people, but develops a proposal in about a day which says CRUDLOK will:
Send an enrollment invitation to everyone the day after the contract is signed.
Enroll someone with just their first name and the last-4 of their national identifier.
Monitor each enrollee’s credit for two years from the date of enrollment.
Send a monthly email with their credit rating and offers for credit-related services at market rates.
Charge your company 20% of the cost of any credit restoration.
You execute the contract and the enrollment invitations are emailed to the 2000 individuals. Three days later you sit down and document all that
went well and all that could have gone better. You put it in a file to reference the next time an incident occurs.
Regarding the notification, which of the following would be the greatest concern?
A. Informing the affected individuals that data from other individuals may have also been affected.
B. Collecting more personally identifiable information than necessary to provide updates to the affected individuals. Most Voted
C. Using a postcard with the logo of the vendor who make the mistake instead of your company’s logo.
D. Trusting a vendor to send out a notice when they already failed once by not encrypting the database.
Correct Answer: D
Community vote distribution
B (100%)
Question #111 Topic 1
SCENARIO -
Please use the following to answer the next question:
You lead the privacy office for a company that handles information from individuals living in several countries throughout Europe and the
Americas. You begin that morning’s privacy review when a contracts officer sends you a message asking for a phone call. The message lacks
clarity and detail, but you presume that data was lost.
When you contact the contracts officer, he tells you that he received a letter in the mail from a vendor stating that the vendor improperly shared
information about your customers. He called the vendor and confirmed that your company recently surveyed exactly 2000 individuals about their
most recent healthcare experience and sent those surveys to the vendor to transcribe it into a database, but the vendor forgot to encrypt the
database as promised in the contract. As a result, the vendor has lost control of the data.
The vendor is extremely apologetic and offers to take responsibility for sending out the notifications. They tell you they set aside 2000 stamped
postcards because that should reduce the time it takes to get the notice in the mail. One side is limited to their logo, but the other side is blank
and they will accept whatever you want to write. You put their offer on hold and begin to develop the text around the space constraints. You are
content to let the vendor’s logo be associated with the notification.
The notification explains that your company recently hired a vendor to store information about their most recent experience at St. Sebastian
Hospital’s Clinic for Infectious Diseases. The vendor did not encrypt the information and no longer has control of it. All 2000 affected individuals
are invited to sign-up for email notifications about their information. They simply need to go to your company’s website and watch a quick
advertisement, then provide their name, email address, and month and year of birth.
You email the incident-response council for their buy-in before 9 a.m. If anything goes wrong in this situation, you want to diffuse the blame
across your colleagues. Over the next eight hours, everyone emails their comments back and forth. The consultant who leads the incident-
response team notes that it is his first day with the company, but he has been in other industries for 45 years and will do his best. One of the three
lawyers on the council causes the conversation to veer off course, but it eventually gets back on track. At the end of the day, they vote to proceed
with the notification you wrote and use the vendor’s postcards.
Shortly after the vendor mails the postcards, you learn the data was on a server that was stolen, and make the decision to have your company
offer credit monitoring services. A quick internet search finds a credit monitoring company with a convincing name: Credit Under Lock and Key
(CRUDLOK). Your sales rep has never handled a contract for 2000 people, but develops a proposal in about a day which says CRUDLOK will:
Send an enrollment invitation to everyone the day after the contract is signed.
Enroll someone with just their first name and the last-4 of their national identifier.
Monitor each enrollee’s credit for two years from the date of enrollment.
Send a monthly email with their credit rating and offers for credit-related services at market rates.
Charge your company 20% of the cost of any credit restoration.
You execute the contract and the enrollment invitations are emailed to the 2000 individuals. Three days later you sit down and document all that
went well and all that could have gone better. You put it in a file to reference the next time an incident occurs.
What is the most concerning limitation of the incident-response council?
A. You convened it to diffuse blame Most Voted
B. The council has an overabundance of attorneys
C. It takes eight hours of emails to come to a decision
D. The leader just joined the company as a consultant
Correct Answer: A
Community vote distribution
A (60%) D (20%) C (20%)
Question #112 Topic 1
SCENARIO -
Please use the following to answer the next question:
You lead the privacy office for a company that handles information from individuals living in several countries throughout Europe and the
Americas. You begin that morning’s privacy review when a contracts officer sends you a message asking for a phone call. The message lacks
clarity and detail, but you presume that data was lost.
When you contact the contracts officer, he tells you that he received a letter in the mail from a vendor stating that the vendor improperly shared
information about your customers. He called the vendor and confirmed that your company recently surveyed exactly 2000 individuals about their
most recent healthcare experience and sent those surveys to the vendor to transcribe it into a database, but the vendor forgot to encrypt the
database as promised in the contract. As a result, the vendor has lost control of the data.
The vendor is extremely apologetic and offers to take responsibility for sending out the notifications. They tell you they set aside 2000 stamped
postcards because that should reduce the time it takes to get the notice in the mail. One side is limited to their logo, but the other side is blank
and they will accept whatever you want to write. You put their offer on hold and begin to develop the text around the space constraints. You are
content to let the vendor’s logo be associated with the notification.
The notification explains that your company recently hired a vendor to store information about their most recent experience at St. Sebastian
Hospital’s Clinic for Infectious Diseases. The vendor did not encrypt the information and no longer has control of it. All 2000 affected individuals
are invited to sign-up for email notifications about their information. They simply need to go to your company’s website and watch a quick
advertisement, then provide their name, email address, and month and year of birth.
You email the incident-response council for their buy-in before 9 a.m. If anything goes wrong in this situation, you want to diffuse the blame
across your colleagues. Over the next eight hours, everyone emails their comments back and forth. The consultant who leads the incident-
response team notes that it is his first day with the company, but he has been in other industries for 45 years and will do his best. One of the three
lawyers on the council causes the conversation to veer off course, but it eventually gets back on track. At the end of the day, they vote to proceed
with the notification you wrote and use the vendor’s postcards.
Shortly after the vendor mails the postcards, you learn the data was on a server that was stolen, and make the decision to have your company
offer credit monitoring services. A quick internet search finds a credit monitoring company with a convincing name: Credit Under Lock and Key
(CRUDLOK). Your sales rep has never handled a contract for 2000 people, but develops a proposal in about a day which says CRUDLOK will:
Send an enrollment invitation to everyone the day after the contract is signed.
Enroll someone with just their first name and the last-4 of their national identifier.
Monitor each enrollee’s credit for two years from the date of enrollment.
Send a monthly email with their credit rating and offers for credit-related services at market rates.
Charge your company 20% of the cost of any credit restoration.
You execute the contract and the enrollment invitations are emailed to the 2000 individuals. Three days later you sit down and document all that
went well and all that could have gone better. You put it in a file to reference the next time an incident occurs.
Regarding the credit monitoring, which of the following would be the greatest concern?
A. The vendor’s representative does not have enough experience
B. Signing a contract with CRUDLOK which lasts longer than one year
C. The company did not collect enough identifiers to monitor one’s credit Most Voted
D. You are going to notify affected individuals via a letter followed by an email
Correct Answer: A
Community vote distribution
C (100%)
Question #113 Topic 1
SCENARIO -
Please use the following to answer the next question:
You lead the privacy office for a company that handles information from individuals living in several countries throughout Europe and the
Americas. You begin that morning’s privacy review when a contracts officer sends you a message asking for a phone call. The message lacks
clarity and detail, but you presume that data was lost.
When you contact the contracts officer, he tells you that he received a letter in the mail from a vendor stating that the vendor improperly shared
information about your customers. He called the vendor and confirmed that your company recently surveyed exactly 2000 individuals about their
most recent healthcare experience and sent those surveys to the vendor to transcribe it into a database, but the vendor forgot to encrypt the
database as promised in the contract. As a result, the vendor has lost control of the data.
The vendor is extremely apologetic and offers to take responsibility for sending out the notifications. They tell you they set aside 2000 stamped
postcards because that should reduce the time it takes to get the notice in the mail. One side is limited to their logo, but the other side is blank
and they will accept whatever you want to write. You put their offer on hold and begin to develop the text around the space constraints. You are
content to let the vendor’s logo be associated with the notification.
The notification explains that your company recently hired a vendor to store information about their most recent experience at St. Sebastian
Hospital’s Clinic for Infectious Diseases. The vendor did not encrypt the information and no longer has control of it. All 2000 affected individuals
are invited to sign-up for email notifications about their information. They simply need to go to your company’s website and watch a quick
advertisement, then provide their name, email address, and month and year of birth.
You email the incident-response council for their buy-in before 9 a.m. If anything goes wrong in this situation, you want to diffuse the blame
across your colleagues. Over the next eight hours, everyone emails their comments back and forth. The consultant who leads the incident-
response team notes that it is his first day with the company, but he has been in other industries for 45 years and will do his best. One of the three
lawyers on the council causes the conversation to veer off course, but it eventually gets back on track. At the end of the day, they vote to proceed
with the notification you wrote and use the vendor’s postcards.
Shortly after the vendor mails the postcards, you learn the data was on a server that was stolen, and make the decision to have your company
offer credit monitoring services. A quick internet search finds a credit monitoring company with a convincing name: Credit Under Lock and Key
(CRUDLOK). Your sales rep has never handled a contract for 2000 people, but develops a proposal in about a day which says CRUDLOK will:
Send an enrollment invitation to everyone the day after the contract is signed.
Enroll someone with just their first name and the last-4 of their national identifier.
Monitor each enrollee’s credit for two years from the date of enrollment.
Send a monthly email with their credit rating and offers for credit-related services at market rates.
Charge your company 20% of the cost of any credit restoration.
You execute the contract and the enrollment invitations are emailed to the 2000 individuals. Three days later you sit down and document all that
went well and all that could have gone better. You put it in a file to reference the next time an incident occurs.
Which of the following was done CORRECTLY during the above incident?
A. The process by which affected individuals sign up for email notifications
B. Your assessment of which credit monitoring company you should hire
C. The speed at which you sat down to reflect and document the incident Most Voted
D. Finding a vendor who will offer the affected individuals additional services
Correct Answer: C
Community vote distribution
C (100%)
Question #114 Topic 1
In a sample metric template, what does “target” mean?
A. The suggested volume of data to collect
B. The percentage of completion
C. The threshold for a satisfactory rating Most Voted
D. The frequency at which the data is sampled
Correct Answer: C
Community vote distribution
C (100%)
Question #115 Topic 1
Under which circumstances would people who work in human resources be considered a secondary audience for privacy metrics?
A. They do not receive training on privacy issues
B. They do not interface with the financial office
C. They do not have privacy policy as their main task Most Voted
D. They do not have frequent interactions with the public
Correct Answer: C
Community vote distribution
C (100%)
Question #116 Topic 1
SCENARIO -
Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the
chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous
within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also
was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have
been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s
business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within
three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-
up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data
protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims
to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work
responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest
standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to
be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite,
already considering your next steps.
You are charged with making sure that privacy safeguards are in place for new products and initiatives. What is the best way to do this?
A. Hold a meeting with stakeholders to create an interdepartmental protocol for new initiatives
B. Institute Privacy by Design principles and practices across the organization Most Voted
C. Develop a plan for introducing privacy protections into the product development stage
D. Conduct a gap analysis after deployment of new products, then mend any gaps that are revealed
Correct Answer: B
Community vote distribution
B (100%)
Question #117 Topic 1
SCENARIO -
Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the
chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous
within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also
was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have
been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s
business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within
three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-
up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data
protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims
to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work
responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest
standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to
be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite,
already considering your next steps.
The CEO likes what he’s seen of the company’s improved privacy program, but wants additional assurance that it is fully compliant with industry
standards and reflects emerging best practices. What would best help accomplish this goal?
A. An external audit conducted by a panel of industry experts Most Voted
B. An internal audit team accountable to upper management
C. Creation of a self-certification framework based on company policies
D. Revision of the strategic plan to provide a system of technical controls
Correct Answer: A
Community vote distribution
A (100%)
Question #118 Topic 1
SCENARIO -
Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the
chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous
within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also
was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have
been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s
business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within
three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-
up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data
protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims
to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work
responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest
standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to
be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite,
already considering your next steps.
The company has achieved a level of privacy protection that established new best practices for the industry. What is a logical next step to help
ensure a high level of protection?
A. Brainstorm methods for developing an enhanced privacy framework
B. Develop a strong marketing strategy to communicate the company’s privacy practices
C. Focus on improving the incident response plan in preparation for any breaks in protection Most Voted
D. Shift attention to privacy for emerging technologies as the company begins to use them
Correct Answer: C
Community vote distribution
C (63%) D (38%)
Question #119 Topic 1
SCENARIO -
Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the
chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous
within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also
was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have
been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s
business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within
three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-
up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data
protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims
to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work
responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest
standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to
be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite,
already considering your next steps.
What metric can Goddard use to assess whether costs associated with implementing new privacy protections are justified?
A. Compliance ratio
B. Cost-effective mean
C. Return on investment Most Voted
D. Implementation measure
Correct Answer: C
Community vote distribution
C (100%)
Question #120 Topic 1
SCENARIO -
Please use the following to answer the next question:
As they company’s new chief executive officer, Thomas Goddard wants to be known as a leader in data protection. Goddard recently served as the
chief financial officer of Hoopy.com, a pioneer in online video viewing with millions of users around the world. Unfortunately, Hoopy is infamous
within privacy protection circles for its ethically questionable practices, including unauthorized sales of personal data to marketers. Hoopy also
was the target of credit card data theft that made headlines around the world, as at least two million credit card numbers were thought to have
been pilfered despite the company’s claims that “appropriate” data protection safeguards were in place. The scandal affected the company’s
business as competitors were quick to market an increased level of protection while offering similar entertainment and media content. Within
three weeks after the scandal broke, Hoopy founder and CEO Maxwell Martin, Goddard’s mentor, was forced to step down.
Goddard, however, seems to have landed on his feet, securing the CEO position at your company, Medialite, which is just emerging from its start-
up phase. He sold the company’s board and investors on his vision of Medialite building its brand partly on the basis of industry-leading data
protection standards and procedures. He may have been a key part of a lapsed or even rogue organization in matters of privacy but now he claims
to be reformed and a true believer in privacy protection. In his first week on the job, he calls you into his office and explains that your primary work
responsibility is to bring his vision for privacy to life. But you also detect some reservations. “We want Medialite to have absolutely the highest
standards,” he says. “In fact, I want us to be able to say that we are the clear industry leader in privacy and data protection. However, I also need to
be a responsible steward of the company’s finances. So, while I want the best solutions across the board, they also need to be cost effective.”
You are told to report back in a week’s time with your recommendations. Charged with this ambiguous mission, you depart the executive suite,
already considering your next steps.
You give a presentation to your CEO about privacy program maturity. What does it mean to have a “managed” privacy program, according to the
AICPA/CICA Privacy Maturity Model?
A. Procedures or processes exist, however they are not fully documented and do not cover all relevant aspects.
B. Procedures and processes are fully documented and implemented, and cover all relevant aspects.
C. Reviews are conducted to assess the effectiveness of the controls in place. Most Voted
D. Regular review and feedback are used to ensure continuous improvement toward optimization of the given process.
Correct Answer: C
Community vote distribution
C (60%) B (40%)
Question #121 Topic 1
Which of the following best demonstrates the effectiveness of a firm’s privacy incident response process?
A. The decrease of security breaches
B. The decrease of notifiable breaches
C. The increase of privacy incidents reported by users
D. The decrease of mean time to resolve privacy incidents Most Voted
Correct Answer: D
Community vote distribution
D (80%) C (20%)
Question #122 Topic 1
Which of the following is TRUE about a PIA (Privacy Impact Analysis)?
A. Any project that involves the use of personal data requires a PIA
B. A Data Protection Impact Analysis (DPIA) process includes a PIA
C. The PIA must be conducted at the early stages of the project lifecycle Most Voted
D. The results from a previous information audit can be leveraged in a PIA process
Correct Answer: C
Community vote distribution
C (75%) A (17%) 8%
Question #123 Topic 1
SCENARIO -
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to
change the hotel’s on-the-job mentoring model to a standardized training program for employees who were progressing from line positions into
supervisory positions. He developed a curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to
small groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software engineers to offer the program
in an online format. The online program saved the cost of a trainer and allowed participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne Silva-Hayes expanded the training and
offered it company-wide. Employees who completed the program received certification as a Pacific Suites Hospitality Supervisor. By 2001, the
program had grown to provide industry-wide training. Personnel at hotels across the country could sign up and pay to take the course online. As
the program became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training (PHT). The sole focus of
PHT was developing and marketing a variety of online courses and course progressions providing a number of professional certifications in the
hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for courses, and take end-of-course
certification tests. When a user opened a new account, all information was saved by default, including the user’s name, date of birth, contact
information, credit card information, employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check their course status, review and reprint
their certifications, and sign up and pay for new courses. Between 2002 and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from e-learning providers. By 2011, Pacific
Suites was out of the online certification business and PHT was dissolved. The training program’s systems and records remained in Pacific Suites’
digital archives, un-accessed and unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling the
archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their attention to crucial day-to-day operations.
They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system exposed the credit card information
of hundreds of hotel guests. While targeting the financial data on the reservation site, hackers also discovered the archived training course data
and registration accounts of Pacific Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of
recent hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports. Pacific Suites quickly notified
credit card companies and recent hotel guests of the breach, attempting to prevent serious harm. Technical security engineers faced a challenge
in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing information. Pacific Suites has
procedures in place for data access and storage, but those procedures were not implemented when PHT was formed. When the PHT database
was acquired by Pacific Suites, it had no owner or oversight. By the time technical security engineers determined what private information was
compromised, at least 8,000 credit card holders were potential victims of fraudulent activity.
In the Information Technology engineers had originally set the default for customer credit card information to “Do Not Save,” this action would
have been in line with what concept?
A. Use limitation
B. Privacy by Design Most Voted
C. Harm minimization
D. Reactive risk management
Correct Answer: B
Community vote distribution
B (100%)
Question #124 Topic 1
SCENARIO -
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to
change the hotel’s on-the-job mentoring model to a standardized training program for employees who were progressing from line positions into
supervisory positions. He developed a curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to
small groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software engineers to offer the program
in an online format. The online program saved the cost of a trainer and allowed participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne Silva-Hayes expanded the training and
offered it company-wide. Employees who completed the program received certification as a Pacific Suites Hospitality Supervisor. By 2001, the
program had grown to provide industry-wide training. Personnel at hotels across the country could sign up and pay to take the course online. As
the program became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training (PHT). The sole focus of
PHT was developing and marketing a variety of online courses and course progressions providing a number of professional certifications in the
hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for courses, and take end-of-course
certification tests. When a user opened a new account, all information was saved by default, including the user’s name, date of birth, contact
information, credit card information, employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check their course status, review and reprint
their certifications, and sign up and pay for new courses. Between 2002 and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from e-learning providers. By 2011, Pacific
Suites was out of the online certification business and PHT was dissolved. The training program’s systems and records remained in Pacific Suites’
digital archives, un-accessed and unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling the
archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their attention to crucial day-to-day operations.
They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system exposed the credit card information
of hundreds of hotel guests. While targeting the financial data on the reservation site, hackers also discovered the archived training course data
and registration accounts of Pacific Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of
recent hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports. Pacific Suites quickly notified
credit card companies and recent hotel guests of the breach, attempting to prevent serious harm. Technical security engineers faced a challenge
in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing information. Pacific Suites has
procedures in place for data access and storage, but those procedures were not implemented when PHT was formed. When the PHT database
was acquired by Pacific Suites, it had no owner or oversight. By the time technical security engineers determined what private information was
compromised, at least 8,000 credit card holders were potential victims of fraudulent activity.
What key mistake set the company up to be vulnerable to a security breach?
A. Collecting too much information and keeping it for too long Most Voted
B. Overlooking the need to organize and categorize data
C. Failing to outsource training and data management to professionals
D. Neglecting to make a backup copy of archived electronic files
Correct Answer: A
Community vote distribution
A (100%)
Question #125 Topic 1
SCENARIO -
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to
change the hotel’s on-the-job mentoring model to a standardized training program for employees who were progressing from line positions into
supervisory positions. He developed a curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to
small groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software engineers to offer the program
in an online format. The online program saved the cost of a trainer and allowed participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne Silva-Hayes expanded the training and
offered it company-wide. Employees who completed the program received certification as a Pacific Suites Hospitality Supervisor. By 2001, the
program had grown to provide industry-wide training. Personnel at hotels across the country could sign up and pay to take the course online. As
the program became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training (PHT). The sole focus of
PHT was developing and marketing a variety of online courses and course progressions providing a number of professional certifications in the
hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for courses, and take end-of-course
certification tests. When a user opened a new account, all information was saved by default, including the user’s name, date of birth, contact
information, credit card information, employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check their course status, review and reprint
their certifications, and sign up and pay for new courses. Between 2002 and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from e-learning providers. By 2011, Pacific
Suites was out of the online certification business and PHT was dissolved. The training program’s systems and records remained in Pacific Suites’
digital archives, un-accessed and unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling the
archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their attention to crucial day-to-day operations.
They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system exposed the credit card information
of hundreds of hotel guests. While targeting the financial data on the reservation site, hackers also discovered the archived training course data
and registration accounts of Pacific Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of
recent hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports. Pacific Suites quickly notified
credit card companies and recent hotel guests of the breach, attempting to prevent serious harm. Technical security engineers faced a challenge
in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing information. Pacific Suites has
procedures in place for data access and storage, but those procedures were not implemented when PHT was formed. When the PHT database
was acquired by Pacific Suites, it had no owner or oversight. By the time technical security engineers determined what private information was
compromised, at least 8,000 credit card holders were potential victims of fraudulent activity.
How would a strong data life cycle management policy have helped prevent the breach?
A. Information would have been ranked according to importance and stored in separate locations
B. The most sensitive information would have been immediately erased and destroyed
C. The most important information would have been regularly assessed and tested for security
D. Information would have been categorized and assigned a deadline for destruction Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #126 Topic 1
SCENARIO -
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to
change the hotel’s on-the-job mentoring model to a standardized training program for employees who were progressing from line positions into
supervisory positions. He developed a curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to
small groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software engineers to offer the program
in an online format. The online program saved the cost of a trainer and allowed participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne Silva-Hayes expanded the training and
offered it company-wide. Employees who completed the program received certification as a Pacific Suites Hospitality Supervisor. By 2001, the
program had grown to provide industry-wide training. Personnel at hotels across the country could sign up and pay to take the course online. As
the program became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training (PHT). The sole focus of
PHT was developing and marketing a variety of online courses and course progressions providing a number of professional certifications in the
hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for courses, and take end-of-course
certification tests. When a user opened a new account, all information was saved by default, including the user’s name, date of birth, contact
information, credit card information, employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check their course status, review and reprint
their certifications, and sign up and pay for new courses. Between 2002 and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from e-learning providers. By 2011, Pacific
Suites was out of the online certification business and PHT was dissolved. The training program’s systems and records remained in Pacific Suites’
digital archives, un-accessed and unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling the
archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their attention to crucial day-to-day operations.
They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system exposed the credit card information
of hundreds of hotel guests. While targeting the financial data on the reservation site, hackers also discovered the archived training course data
and registration accounts of Pacific Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of
recent hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports. Pacific Suites quickly notified
credit card companies and recent hotel guests of the breach, attempting to prevent serious harm. Technical security engineers faced a challenge
in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing information. Pacific Suites has
procedures in place for data access and storage, but those procedures were not implemented when PHT was formed. When the PHT database
was acquired by Pacific Suites, it had no owner or oversight. By the time technical security engineers determined what private information was
compromised, at least 8,000 credit card holders were potential victims of fraudulent activity.
How was Pacific Suites responsible for protecting the sensitive information of its offshoot, PHT?
A. As the parent company, it should have transferred personnel to oversee the secure handling of PHT’s data.
B. As the parent company, it should have performed an assessment of PHT’s infrastructure and confirmed complete separation of the two
networks.
C. As the parent company, it should have ensured its existing data access and storage procedures were integrated into PHT’s system.
Most Voted
D. As the parent company, it should have replaced PHT’s electronic files with hard-copy documents stored securely on site.
Correct Answer: C
Community vote distribution
C (80%) B (20%)
Question #127 Topic 1
SCENARIO -
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific Suites. In 1998, Briseño decided to
change the hotel’s on-the-job mentoring model to a standardized training program for employees who were progressing from line positions into
supervisory positions. He developed a curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to
small groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software engineers to offer the program
in an online format. The online program saved the cost of a trainer and allowed participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne Silva-Hayes expanded the training and
offered it company-wide. Employees who completed the program received certification as a Pacific Suites Hospitality Supervisor. By 2001, the
program had grown to provide industry-wide training. Personnel at hotels across the country could sign up and pay to take the course online. As
the program became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training (PHT). The sole focus of
PHT was developing and marketing a variety of online courses and course progressions providing a number of professional certifications in the
hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for courses, and take end-of-course
certification tests. When a user opened a new account, all information was saved by default, including the user’s name, date of birth, contact
information, credit card information, employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check their course status, review and reprint
their certifications, and sign up and pay for new courses. Between 2002 and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from e-learning providers. By 2011, Pacific
Suites was out of the online certification business and PHT was dissolved. The training program’s systems and records remained in Pacific Suites’
digital archives, un-accessed and unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling the
archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their attention to crucial day-to-day operations.
They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system exposed the credit card information
of hundreds of hotel guests. While targeting the financial data on the reservation site, hackers also discovered the archived training course data
and registration accounts of Pacific Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of
recent hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports. Pacific Suites quickly notified
credit card companies and recent hotel guests of the breach, attempting to prevent serious harm. Technical security engineers faced a challenge
in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing information. Pacific Suites has
procedures in place for data access and storage, but those procedures were not implemented when PHT was formed. When the PHT database
was acquired by Pacific Suites, it had no owner or oversight. By the time technical security engineers determined what private information was
compromised, at least 8,000 credit card holders were potential victims of fraudulent activity.
What must Pacific Suite’s primary focus be as it manages this security breach?
A. Minimizing the amount of harm to the affected individuals Most Voted
B. Investigating the cause and assigning responsibility
C. Determining whether the affected individuals should be notified
D. Maintaining operations and preventing publicity
Correct Answer: A
Community vote distribution
A (100%)
Question #128 Topic 1
A Human Resources director at a company reported that a laptop containing employee payroll data was lost on the train. Which action should the
company take IMMEDIATELY?
A. Report the theft to law enforcement
B. Wipe the hard drive remotely Most Voted
C. Report the theft to the senior management
D. Perform a multi-factor risk analysis
Correct Answer: D
Community vote distribution
B (100%)
Question #129 Topic 1
Read the following steps:
Perform frequent data back-ups.
Perform test restorations to verify integrity of backed-up data.
Maintain backed-up data offline or on separate servers.
These steps can help an organization recover from what?
A. Phishing attacks
B. Authorization errors
C. Ransomware attacks Most Voted
D. Stolen encryption keys
Correct Answer: C
Community vote distribution
C (100%)
Question #130 Topic 1
The General Data Protection Regulation (GDPR) specifies fines that may be levied against data controllers for certain infringements. Which of the
following will be subject to administrative fines of up to 10 000 000 EUR, or in the case of an undertaking, up to 2% of the total worldwide annual
turnover of the preceding financial year?
A. Failure to demonstrate that consent was given by the data subject to the processing of their personal data where it is used as the basis for
processing
B. Failure to implement technical and organizational measures to ensure data protection is enshrined by design and default Most Voted
C. Failure to process personal information in a manner compatible with its original purpose
D. Failure to provide the means for a data subject to rectify inaccuracies in personal data
Correct Answer: B
Community vote distribution
B (67%) A (25%) 8%
Question #131 Topic 1
SCENARIO -
Please use the following to answer the next question.
Manasa is a product manager at Omnipresent Omnimedia, where she is responsible for leading the development of the company’s flagship
product, the Handy Helper. The Handy Helper is an application that can be used in the home to manage family calendars, do online shopping, and
schedule doctor appointments. After having had a successful launch in the United States, the Handy Helper is about to be made available for
purchase worldwide.
The packaging and user guide for the Handy Helper indicate that it is a “privacy friendly” product suitable for the whole family, including children,
but does not provide any further detail or privacy notice. In order to use the application, a family creates a single account, and the primary user
has access to all information about the other users. Upon start up, the primary user must check a box consenting to receive marketing emails
from Omnipresent Omnimedia and selected marketing partners in order to be able to use the application.
Sanjay, the head of privacy at Omnipresent Omnimedia, was working on an agreement with a European distributor of Handy Helper when he fielded
many questions about the product from the distributor. Sanjay needed to look more closely at the product in order to be able to answer the
questions as he was not involved in the product development process.
In speaking with the product team, he learned that the Handy Helper collected and stored all of a user’s sensitive medical information for the
medical appointment scheduler. In fact, all of the user’s information is stored by Handy Helper for the additional purpose of creating additional
products and to analyze usage of the product. This data is all stored in the cloud and is encrypted both during transmission and at rest.
Consistent with the CEO’s philosophy that great new product ideas can come from anyone, all Omnipresent Omnimedia employees have access to
user data under a program called “Eureka.” Omnipresent Omnimedia is hoping that at some point in the future, the data will reveal insights that
could be used to create a fully automated application that runs on artificial intelligence, but as of yet, Eureka is not well-defined and is considered
a long-term goal.
What security controls are missing from the Eureka program?
A. Storage of medical data in the cloud is not permissible under the General Data Protection Regulation (GDPR)
B. Data access is not limited to those who “need to know” for their role Most Voted
C. Collection of data without a defined purpose might violate the fairness principle
D. Encryption of the data at rest prevents European users from having the right of access and the right of portability of their data
Correct Answer: B
Community vote distribution
B (100%)
Question #132 Topic 1
What is the main purpose in notifying data subjects of a data breach?
A. To avoid financial penalties and legal liability
B. To enable regulators to understand trends and developments that may shape the law
C. To ensure organizations have accountability for the sufficiency of their security measures
D. To allow individuals to take any actions required to protect themselves from possible consequences Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #133 Topic 1
Under the General Data Protection Regulation (GDPR), which situation would be LEAST likely to require a Data Protection Impact Assessment
(DPIA)?
A. A health clinic processing its patients’ genetic and health data
B. The use of a camera system to monitor driving behavior on highways
C. A Human Resources department using a tool to monitor its employees’ internet activity
D. An online magazine using a mailing list to send a generic daily digest to marketing emails Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #134 Topic 1
Under the General Data Protection Regulation (GDPR), which of the following situations would LEAST likely require a controller to notify a data
subject?
A. An encrypted USB key with sensitive personal data is stolen Most Voted
B. A direct marketing email is sent with recipients visible in the ‘cc’ field
C. Personal data of a group of individuals is erroneously sent to the wrong mailing list
D. A hacker publishes usernames, phone numbers and purchase history online after a cyber-attack
Correct Answer: A
Community vote distribution
A (100%)
Question #135 Topic 1
SCENARIO -
Please use the following to answer the next question:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in
California but thanks to some great publicity from a social media influencer last year, the company has received an influx of sales from the EU and
has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space’s practices and assess what her privacy
priorities will be, Penny has set up meetings with a number of colleagues to hear about the work that they have been doing and their compliance
efforts.
Penny’s colleague in Marketing is excited by the new sales and the company’s plans, but is also concerned that Penny may curtail some of the
growth opportunities he has planned. He tells her “I heard someone in the breakroom talking about some new privacy laws but I really don’t think
it affects us. We’re just a small company. I mean we just sell accessories online, so what’s the real risk?” He has also told her that he works with a
number of small companies that help him get projects completed in a hurry. “We’ve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don’t have.”
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website
from malicious activity, it has not taken the same level of care of its physical files or internal infrastructure. Penny’s colleague in IT has told her
that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer
database last year after they fell victim to a phishing attack. Penny is told by her IT colleague that the IT team “didn’t know what to do or who
should do what. We hadn’t been trained on it but we’re a small team though, so it worked out OK in the end.” Penny is concerned that these issues
will compromise Ace Space’s privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a
data “shake up”. Her mission is to cultivate a strong privacy culture within the company.
Penny has a meeting with Ace Space’s CEO today and has been asked to give her first impressions and an overview of her next steps.
To establish the current baseline of Ace Space’s privacy maturity, Penny should consider all of the following factors EXCEPT?
A. Ace Space’s documented procedures
B. Ace Space’s employee training program
C. Ace Space’s vendor engagement protocols
D. Ace Space’s content sharing practices on social media Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #136 Topic 1
SCENARIO -
Please use the following to answer the next question:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in
California but thanks to some great publicity from a social media influencer last year, the company has received an influx of sales from the EU and
has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space’s practices and assess what her privacy
priorities will be, Penny has set up meetings with a number of colleagues to hear about the work that they have been doing and their compliance
efforts.
Penny’s colleague in Marketing is excited by the new sales and the company’s plans, but is also concerned that Penny may curtail some of the
growth opportunities he has planned. He tells her “I heard someone in the breakroom talking about some new privacy laws but I really don’t think
it affects us. We’re just a small company. I mean we just sell accessories online, so what’s the real risk?” He has also told her that he works with a
number of small companies that help him get projects completed in a hurry. “We’ve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don’t have.”
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website
from malicious activity, it has not taken the same level of care of its physical files or internal infrastructure. Penny’s colleague in IT has told her
that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer
database last year after they fell victim to a phishing attack. Penny is told by her IT colleague that the IT team “didn’t know what to do or who
should do what. We hadn’t been trained on it but we’re a small team though, so it worked out OK in the end.” Penny is concerned that these issues
will compromise Ace Space’s privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a
data “shake up”. Her mission is to cultivate a strong privacy culture within the company.
Penny has a meeting with Ace Space’s CEO today and has been asked to give her first impressions and an overview of her next steps.
What is the best way for Penny to understand the location, classification and processing purpose of the personal data Ace Space has?
A. Analyze the data inventory to map data flows Most Voted
B. Audit all vendors’ privacy practices and safeguards
C. Conduct a Privacy Impact Assessment for the company
D. Review all cloud contracts to identify the location of data servers used
Correct Answer: A
Community vote distribution
A (100%)
Question #137 Topic 1
SCENARIO -
Please use the following to answer the next question:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in
California but thanks to some great publicity from a social media influencer last year, the company has received an influx of sales from the EU and
has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space’s practices and assess what her privacy
priorities will be, Penny has set up meetings with a number of colleagues to hear about the work that they have been doing and their compliance
efforts.
Penny’s colleague in Marketing is excited by the new sales and the company’s plans, but is also concerned that Penny may curtail some of the
growth opportunities he has planned. He tells her “I heard someone in the breakroom talking about some new privacy laws but I really don’t think
it affects us. We’re just a small company. I mean we just sell accessories online, so what’s the real risk?” He has also told her that he works with a
number of small companies that help him get projects completed in a hurry. “We’ve got to meet our deadlines otherwise we lose money. I just sign
the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don’t have.”
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website
from malicious activity, it has not taken the same level of care of its physical files or internal infrastructure. Penny’s colleague in IT has told her
that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer
database last year after they fell victim to a phishing attack. Penny is told by her IT colleague that the IT team “didn’t know what to do or who
should do what. We hadn’t been trained on it but we’re a small team though, so it worked out OK in the end.” Penny is concerned that these issues
will compromise Ace Space’s privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a
data “shake up”. Her mission is to cultivate a strong privacy culture within the company.
Penny has a meeting with Ace Space’s CEO today and has been asked to give her first impressions and an overview of her next steps.
What information will be LEAST crucial from a privacy perspective in Penny’s review of vendor contracts?
A. Audit rights
B. Liability for a data breach
C. Pricing for data security protections Most Voted
D. The data a vendor will have access to
Correct Answer: C
Community vote distribution
C (100%)
Question #138 Topic 1
Which of the documents below assists the Privacy Manager in identifying and responding to a request from an individual about what personal
information the organization holds about them with whom the information is shared?
A. Risk register
B. Privacy policy
C. Records retention schedule
D. Personal information inventory Most Voted
Correct Answer: D
Community vote distribution
D (75%) B (25%)
Question #139 Topic 1
Which of the following is the optimum first step to take when creating a Privacy Officer governance model?
A. Involve senior leadership. Most Voted
B. Provide flexibility to the General Counsel Office.
C. Develop internal partnerships with IT and information security.
D. Leverage communications and collaboration with public affairs teams.
Correct Answer: A
Community vote distribution
A (100%)
Question #140 Topic 1
Which of the following helps build trust with customers and stakeholders?
A. Only publish what is legally necessary to reduce your liability.
B. Enable customers to view and change their own personal information within a dedicated portal.
C. Publish your privacy policy using broad language to ensure all of your organization’s activities are captured.
D. Provide a dedicated privacy space with the privacy policy, explanatory documents and operation frameworks. Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #141 Topic 1
Which of the following is NOT an important factor to consider when developing a data retention policy?
A. Technology resource.
B. Business requirement.
C. Organizational culture. Most Voted
D. Compliance requirement
Correct Answer: C
Community vote distribution
A (50%) C (50%)
Question #142 Topic 1
When supporting the business and data privacy program expanding into a new jurisdiction, it is important to do all of the following EXCEPT?
A. Identify the stakeholders.
B. Appoint a new Privacy Officer (PO) for that jurisdiction. Most Voted
C. Perform an assessment of the laws applicable in that new jurisdiction.
D. Consider culture and whether the privacy framework will need to account for changes in culture.
Correct Answer: B
Community vote distribution
B (100%)
Question #143 Topic 1
When building a data privacy program, what is a good starting point to understand the scope of privacy program needs?
A. Perform Data Protection Impact Assessments (DPIAs).
B. Perform Risk Assessments
C. Complete a Data Inventory. Most Voted
D. Review Audits.
Correct Answer: C
Community vote distribution
C (100%)
Question #144 Topic 1
Which of the following actions is NOT required during a data privacy diligence process for Merger & Acquisition (M&A) deals?
A. Revise inventory of applications that house personal data and data mapping.
B. Update business processes to handle Data Subject Requests (DSRs). Most Voted
C. Compare the original use of personal data to post-merger use.
D. Perform a privacy readiness assessment before the deal.
Correct Answer: B
Community vote distribution
B (100%)
Question #145 Topic 1
When devising effective employee policies to address a particular issue, which of the following should be included in the first draft?
A. Rationale for the policy. Most Voted
B. Points of contact for the employee.
C. Roles and responsibilities of the different groups of individuals.
D. Explanation of how the policy is applied within the organization.
Correct Answer: A
Community vote distribution
A (100%)
Question #146 Topic 1
Your company wants to convert paper records that contain customer personal information into electronic form, upload the records into a new
third-party marketing tool and then merge the customer personal information in the marketing tool with information from other applications.
As the Privacy Officer, which of the following should you complete to effectively make these changes?
A. A Record of Authority.
B. A Personal Data Inventory.
C. A Privacy Threshold Analysis (PTA).
D. A Privacy Impact Assessment (PIA). Most Voted
Correct Answer: D
Community vote distribution
D (100%)
Question #147 Topic 1
A minimum requirement for carrying out a Data Protection Impact Assessment (DPIA) would include?
A. Processing on a large scale of special categories of data. Most Voted
B. Monitoring of a publicly accessible area on a large scale.
C. Assessment of the necessity and proportionality.
D. Assessment of security measures.
Correct Answer: A
Community vote distribution
A (100%)
Question #148 Topic 1
Which of the following best supports implementing controls to bring privacy policies into effect?
A. The internal audit department establishing the audit controls which test for policy effectiveness.
B. The legal department or outside counsel conducting a thorough review of the privacy program and policies.
C. The Chief Information Officer as part of the Senior Management Team creating enterprise privacy policies to ensure controls are available.
D. The information technology (IT) group supporting and enhancing the privacy program and privacy policy by developing processes and
controls. Most Voted
Correct Answer: A
Community vote distribution
D (100%)
Question #149 Topic 1
What is most critical when outsourcing data destruction service?
A. Obtain a certificate of data destruction. Most Voted
B. Confirm data destruction must be done on-site.
C. Conduct an annual in-person audit of the provider’s facilities.
D. Ensure that they keep an asset inventory of the original data.
Correct Answer: D
Community vote distribution
A (100%)
Question #150 Topic 1
Data retention and destruction policies should meet all of the following requirements EXCEPT?
A. Data destruction triggers and methods should be documented.
B. Personal information should be retained only for as long as necessary to perform its stated purpose.
C. Documentation related to audit controls (third-party or internal) should be saved in a non-permanent format by default. Most Voted
D. The organization should be documenting and reviewing policies of its other functions to ensure alignment (e.g. HR, business development,
finance, etc.).
Correct Answer: C
Community vote distribution
C (100%)
Previous Questions Next Questions
Get IT Certification
Unlock free, top-quality video courses on ExamTopics with a simple
registration. Elevate your learning journey with our expertly curated content.
Register now to access a diverse range of educational resources designed for
your success. Start learning today with ExamTopics!
Start Learning for free
You might also like
- The Power of Digital Identity: Winning Customer Trust and Transforming ExperienceFrom EverandThe Power of Digital Identity: Winning Customer Trust and Transforming ExperienceNo ratings yet
- Smiling Security: The Cybersecurity Manager's Road to SuccessFrom EverandSmiling Security: The Cybersecurity Manager's Road to SuccessNo ratings yet
- Dokumen - Tips Schopenhauer Arthur Parerga y Paraliponema Vol INo ratings yetDokumen - Tips Schopenhauer Arthur Parerga y Paraliponema Vol I511 pages
- Business Technology Development Strategy Bundle: Artificial Intelligence, Blockchain Technology and Machine Learning Applications for Business SystemsFrom EverandBusiness Technology Development Strategy Bundle: Artificial Intelligence, Blockchain Technology and Machine Learning Applications for Business Systems5/5 (1)
- Artificial Intelligence Business Applications: Artificial Intelligence Marketing and Sales ApplicationsFrom EverandArtificial Intelligence Business Applications: Artificial Intelligence Marketing and Sales Applications5/5 (1)
- Ethics in Information Technology,: Intellectual PropertyNo ratings yetEthics in Information Technology,: Intellectual Property20 pages
- 8 Steps to Better Security: A Simple Cyber Resilience Guide for BusinessFrom Everand8 Steps to Better Security: A Simple Cyber Resilience Guide for BusinessNo ratings yet
- Business Models for the Social Mobile Cloud: Transform Your Business Using Social Media, Mobile Internet, and Cloud ComputingFrom EverandBusiness Models for the Social Mobile Cloud: Transform Your Business Using Social Media, Mobile Internet, and Cloud ComputingNo ratings yet
- Ain - Dumps.2022 Feb 04.by - Alvis.100q.vceNo ratings yetAin - Dumps.2022 Feb 04.by - Alvis.100q.vce12 pages
- Cloud Computing Security Issues and Challenges100% (1)Cloud Computing Security Issues and Challenges6 pages
- Iapp - Actualtests.cipm - Practice.test.2022 Oct 26.by - Reuben.113q.vceNo ratings yetIapp - Actualtests.cipm - Practice.test.2022 Oct 26.by - Reuben.113q.vce15 pages
- Writing Your Dissertation in Fifteen Minutes A Day A Guide To Starting100% (1)Writing Your Dissertation in Fifteen Minutes A Day A Guide To Starting7 pages
- 08.8 Anonymization and Pseudonymization Policy Preview enNo ratings yet08.8 Anonymization and Pseudonymization Policy Preview en3 pages
- Tutorial Letter 204/0/2020: Information SecurityNo ratings yetTutorial Letter 204/0/2020: Information Security7 pages
- Cloud Computing Security Issues and Challenges: Krešimir Popović, Željko HocenskiNo ratings yetCloud Computing Security Issues and Challenges: Krešimir Popović, Željko Hocenski6 pages
- Hoffner V State of Minnesota Blue Earth County Order For Declaratory Judgment and Permanent Injunction MGDPANo ratings yetHoffner V State of Minnesota Blue Earth County Order For Declaratory Judgment and Permanent Injunction MGDPA23 pages
- Eurostem: An Ethical Framework For Stem Cell ResearchNo ratings yetEurostem: An Ethical Framework For Stem Cell Research9 pages
- Boost Admit Card - Bansal Classes PVT LTD - Kota (Rajasthan)No ratings yetBoost Admit Card - Bansal Classes PVT LTD - Kota (Rajasthan)1 page
- Activity#3 (TBL Hub) : Tubosa, Aldrin T. Laguindab, Abdul Mahid Waren O. Cunanan, Jericho PNo ratings yetActivity#3 (TBL Hub) : Tubosa, Aldrin T. Laguindab, Abdul Mahid Waren O. Cunanan, Jericho P8 pages
- Totalitarian Paranoia in The Post-Orwellian Surveillance StateNo ratings yetTotalitarian Paranoia in The Post-Orwellian Surveillance State34 pages
- Moral and Ethical Issues During Teaching Practice: Hifsa Batool Senior Special Education TeacherNo ratings yetMoral and Ethical Issues During Teaching Practice: Hifsa Batool Senior Special Education Teacher18 pages
- Ubiquitous Computing Systems: Reading 1: Weiser, M. 1991. The Computer For The 21St CenturyNo ratings yetUbiquitous Computing Systems: Reading 1: Weiser, M. 1991. The Computer For The 21St Century10 pages
- Oxford Learner's Dictionaries - Find Definitions, Translations, and Grammar Explanations at Oxford Learner's DictionariesNo ratings yetOxford Learner's Dictionaries - Find Definitions, Translations, and Grammar Explanations at Oxford Learner's Dictionaries5 pages
- Sparx Learning - Privacy Policy For Schools 24.9.24No ratings yetSparx Learning - Privacy Policy For Schools 24.9.245 pages