CIPP/US Certification exam 2023 with100% correct answers

/ Exams & Certification / By

How many states allow Telephonic Notification? – correct answer20: Arizona, Colorado, Connecticut,
Delaware, Idaho, Indiana, Maryland, Mississippi, Montana, Nebraska, Ohio, Oklahoma, South Carolina,
Utah, Virginia, West Virginia.
With specific requirements: Michigan, Pennsylvania, Vermont, New York
What does substitute notice require? – correct answer1. Posting on website homepage

  1. Statewide media posting
  2. E-mail notice when possible
    What is the threshold for substitute notice in most/many states? – correct answerIf the cost would be
    more than 250K or more than 500K people are affected.
    What states do not have data breach laws? – correct answerAlabama, New Mexico, South Dakota
    How many states do not have Data Destruction Laws? – correct answer(20) Alabama, Idaho, Iowa,
    Louisiana, Maine, Mississippi, Missouri, Minnesota, Nebraska, New Hampshire, New Mexico, North
    Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Virginia, West Virginia, Wyoming, DC
    How many states have state agency notification requirements? – correct answer(21) California,
    Connecticut, Florida, Hawaii, Indiana, Iowa, Louisiana, Maine, Maryland, Massachusetts, Missouri,
    Montana, New Hampshire, New Jersey, New York, North Carolina, South Carolina, Vermont, Virginia,
    Washington, Puerto Rico
    How many states require Consumer Reporting Agency notification for data breach? – correct answer(29)
    Alaska, Colorado, DC, Florida, Georgia, Hawaii, Indiana, Kansas, Maine, Maryland, Massachusetts,
    Michigan, Minnesota, Missouri, Nevada, New Hampshire, New Jersey, New York, North Carolina, Ohio,
    Oregon, Pennsylvania, South Carolina Tennessee, Texas, Vermont, Virginia, West Virginia, Wisconsin
    How many states that have all of the following: data breach law, data destruction law, requirement to
    notify state, requirement to notify consumer reporting agency? – correct answer(9) Florida, Indiana,
    Maryland, Massachusetts, New Jersey, New York, North Carolina, South Carolina, Vermont
    What states have private sector data security laws? – correct answer1. Arkansas
  3. California
  4. Connecticut
  5. Florida
  6. Indiana
  7. Kansas
  8. Maryland
  9. Massachusetts
  10. Minnesota
  11. Nevada
  12. Oregon
  13. Rhode Island
  14. Texas
  15. Utah
    What is Connecticut’s Data Security Requirement for state contractors? – correct answerApplies to:
    Contractors: an individual, business or other entity that is receiving confidential information from a state
    contracting agency or agent of the state pursuant to a written agreement to provide goods or services to
    the state.
    Requires: Implement and maintain a comprehensive data-security program (as specified/detailed in
    statute) including encryption of all sensitive personal data transmitted wirelessly or via a public Internet
    connection, or contained on portable electronic devices has to be encrypted as well.
    What does Massachusetts’ Data Security Law require? – correct answer1. Designate head of InfoSec
  16. Anticipate and mitigate risks
  17. Security program rules
  18. Penalties for violations of rules
  19. Prevent access by former employees
  20. Contractually obligate vendors to same or similar procedures
  21. Restrict physical access
  22. Monitor effectiveness of program
  23. Review program at least 1x per year
  24. Document responses to incidents
    What is the definition of PII under Massachusetts law? – correct answer”a Massachusetts resident’s first
    name and last name or first initial and last name in combination with any one or more of the following
    data elements that relate to such resident:

    (a) Social Security number;
    (b) driver’s license number or state-issued identification card number; or
    (c) financial account number, or credit or debit card number, with or without any required security code,
    access code, personal identification number or password, that would permit access to a resident’s
    financial account.”
    The Massachusetts Standards exclude from the definition any information lawfully obtained from
    publicly available information or from government records available to the general public.[2]
    What are Massachusetts requirements for system security? – correct answer1. Secure control of user
    identifiers and passwords for authentication purposes;
  25. Lock-out processes for inactive users or unsuccessful log-in attempts;
  26. Limiting access to personal information to those persons who are reasonably required to know such
    information;
  27. Up-to-date firewall protection and operating system security patches for systems connected to the
    Internet;
  28. Up-to-date versions of system security agent software, including malware protection, patches, and
    virus definitions; and
  29. Education and training of employees on the proper use of the computer security system.[7]
    Similarities between state data breach laws? – correct answer1. Definition of personal information
  30. Covered entities
  31. Definition of security breach
  32. Level of harm requiring notification
  33. Whom to notify
  34. When to notify
  35. Contents of notification
  36. How to notify
  37. Exceptions to notify
  38. Penalties and rights of action
    What is the definition of personal information in Connecticut? – correct answerFirst name or initial and
    last name with:
  39. SSN
  40. Driver’s license or state ID
  41. Account number in combination with a security code, password, etc.
    What states include medical information in definition of personal information? – correct answer1.
    Arkansas
  42. California
  43. Missouri
  44. Texas
  45. Virginia
    What additional information does Oregon and Wyoming include in PII? – correct answerAny state or
    federal identification number.
    Which states include biometric data in the PII definition? – correct answer1. Iowa
  46. Nebraska
  47. North Carolina
  48. Wisconsin
    What state includes mother’s maiden name in PII definition? – correct answerNorth Dakota
    What state includes tax information and work evaluations in PII definition? – correct answerPuerto Rico
    Which states do not exclude publicly available information from definition of PII? – correct answer1.
    Idaho
  49. Louisiana
  50. Michigan
    What callers are not covered by the DNC registry? – correct answer1. Political organizations,
  51. Charities calling on own behalf,
  52. Telephone surveyors, or
  53. Companies with which a consumer has an existing business relationship.
    Who must comply with the Telemarketing Sales Rule (TSR)? – correct answerThe TSR regulates
    “telemarketing” — defined in the Rule as “a plan, program, or campaign . . . to induce the purchase of
    goods or services or a charitable contribution” involving more than one interstate telephone call. (The
    FCC regulates both intrastate and interstate calling.) With some important exceptions, any businesses or
    individuals that take part in “telemarketing” must comply with the TSR. This is true whether, as
    “telemarketers,” they initiate or receive phone calls to or from consumers, or as “sellers,” they provide,
    offer to provide, or arrange to provide goods or services to consumers in exchange for payment. It
    makes no difference whether a company makes or receives calls using low-tech equipment or the
    newest technology. Similarly, it makes no difference whether the calls are made from outside the United
    States; so long as they are made to consumers in the United States. Those making the calls, unless

Related Posts

Scroll to Top