1. Home
  2. CIPM Exam

Smartly Prepare Exam with Free Online CIPM Practice Test

We offer the latest CIPM practice test designed for free and effective online Certified Information Privacy Manager certification preparation. It's a simulation of the real CIPM exam experience, built to help you understand the structure, complexity, and topics you'll face on exam day.

Exam Code: CIPM
Exam Questions: 278
Certified Information Privacy Manager
Updated: 10 Jul, 2025
Viewing Page : 1 - 28
Practicing : 1 - 5 of 278 Questions
Question 1

SCENARIO
Please use the following to answer the next question:
As the Director of data protection for Consolidated Records Corporation, you are justifiably pleased with your
accomplishments so far. Your hiring was precipitated by warnings from regulatory agencies following a series of
relatively minor data breaches that could easily have been worse. However, you have not had a reportable
incident for the three years that you have been with the company. In fact, you consider your program a model
that others in the data storage industry may note in their own program development.
You started the program at Consolidated from a jumbled mix of policies and procedures and worked toward
coherence across departments and throughout operations. You were aided along the way by the program's
sponsor, the vice president of operations, as well as by a Privacy Team that started from a clear understanding
of the need for change.
Initially, your work was greeted with little confidence or enthusiasm by the company's "old guard" among both
the executive team and frontline personnel working with data and interfacing with clients. Through the use of
metrics that showed the costs not only of the breaches that had occurred, but also projections of the costs that
easily could occur given the current state of operations, you soon had the leaders and key decision-makers
largely on your side. Many of the other employees were more resistant, but face-to-face meetings with each
department and the development of a baseline privacy training program achieved sufficient "buy-in" to begin
putting the proper procedures into place.
Now, privacy protection is an accepted component of all current operations involving personal or protected data
and must be part of the end product of any process of technological development. While your approach is not
systematic, it is fairly effective.
You are left contemplating:
What must be done to maintain the program and develop it beyond just a data breach prevention program?
How can you build on your success?
What are the next action steps?
What stage of the privacy operational life cycle best describes the company's current privacy program?

Options :
Answer: D
Question 2

SCENARIO
Please use the following to answer the next question:
Richard McAdams recently graduated law school and decided to return to the small town of Lexington, Virginia
to help run his aging grandfather's law practice. The elder McAdams desired a limited, lighter role in the
practice, with the hope that his grandson would eventually take over when he fully retires. In addition to hiring
Richard, Mr. McAdams employs two paralegals, an administrative assistant, and a part-time IT specialist who
handles all of their basic networking needs. He plans to hire more employees once Richard gets settled and
assesses the office's strategies for growth.
Immediately upon arrival, Richard was amazed at the amount of work that needed to done in order to
modernize the office, mostly in regard to the handling of clients' personal data. His first goal is to digitize all the
records kept in file cabinets, as many of the documents contain personally identifiable financial and medical
data. Also, Richard has noticed the massive amount of copying by the administrative assistant throughout the
day, a practice that not only adds daily to the number of files in the file cabinets, but may create security issues
unless a formal policy is firmly in place Richard is also concerned with the overuse of the communal copier/
printer located in plain view of clients who frequent the building. Yet another area of concern is the use of the
same fax machine by all of the employees. Richard hopes to reduce its use dramatically in order to ensure that
personal data receives the utmost security and protection, and eventually move toward a strict Internet faxing
policy by the year's end.
Richard expressed his concerns to his grandfather, who agreed, that updating data storage, data security, and
an overall approach to increasing the protection of personal data in all facets is necessary Mr. McAdams
granted him the freedom and authority to do so. Now Richard is not only beginning a career as an attorney, but
also functioning as the privacy officer of the small firm. Richard plans to meet with the IT employee the following
day, to get insight into how the office computer system is currently set-up and managed.
Which of the following policy statements needs additional instructions in order to further protect the personal
data of their clients? 

Options :
Answer: B
Question 3

SCENARIO
Please use the following to answer the next question:
Martin Briseño is the director of human resources at the Canyon City location of the U.S. hotel chain Pacific
Suites. In 1998, Briseño decided to change the hotel’s on-the-job mentoring model to a standardized training
program for employees who were progressing from line positions into supervisory positions. He developed a
curriculum comprising a series of lessons, scenarios, and assessments, which was delivered in-person to small
groups. Interest in the training increased, leading Briseño to work with corporate HR specialists and software
engineers to offer the program in an online format. The online program saved the cost of a trainer and allowed
participants to work through the material at their own pace.
Upon hearing about the success of Briseño’s program, Pacific Suites corporate Vice President Maryanne SilvaHayes expanded the training and offered it company-wide. Employees who completed the program received
certification as a Pacific Suites Hospitality Supervisor. By 2001, the program had grown to provide industry-wide
training. Personnel at hotels across the country could sign up and pay to take the course online. As the program
became increasingly profitable, Pacific Suites developed an offshoot business, Pacific Hospitality Training
(PHT). The sole focus of PHT was developing and marketing a variety of online courses and course
progressions providing a number of professional certifications in the hospitality industry.
By setting up a user account with PHT, course participants could access an information library, sign up for
courses, and take end-of-course certification tests. When a user opened a new account, all information was
saved by default, including the user’s name, date of birth, contact information, credit card information,
employer, and job title. The registration page offered an opt-out choice that users could click to not have their
credit card numbers saved. Once a user name and password were established, users could return to check
their course status, review and reprint their certifications, and sign up and pay for new courses. Between 2002
and 2008, PHT issued more than 700,000 professional certifications.
PHT’s profits declined in 2009 and 2010, the victim of industry downsizing and increased competition from elearning providers. By 2011, Pacific Suites was out of the online certification business and PHT was dissolved.
The training program’s systems and records remained in Pacific Suites’ digital archives, un-accessed and
unused. Briseño and Silva-Hayes moved on to work for other companies, and there was no plan for handling
the archived data after the program ended. After PHT was dissolved, Pacific Suites executives turned their
attention to crucial day-to-day operations. They planned to deal with the PHT materials once resources allowed.
In 2012, the Pacific Suites computer network was hacked. Malware installed on the online reservation system
exposed the credit card information of hundreds of hotel guests. While targeting the financial data on the
reservation site, hackers also discovered the archived training course data and registration accounts of Pacific
Hospitality Training’s customers. The result of the hack was the exfiltration of the credit card numbers of recent
hotel guests and the exfiltration of the PHT database with all its contents.
A Pacific Suites systems analyst discovered the information security breach in a routine scan of activity reports.
Pacific Suites quickly notified credit card companies and recent hotel guests of the breach, attempting to
prevent serious harm. Technical security engineers faced a challenge in dealing with the PHT data.
PHT course administrators and the IT engineers did not have a system for tracking, cataloguing, and storing
information. Pacific Suites has procedures in place for data access and storage, but those procedures were not
implemented when PHT was formed. When the PHT database was acquired by Pacific Suites, it had no owner
or oversight. By the time technical security engineers determined what private information was compromised, at
least 8,000 credit card holders were potential victims of fraudulent activity.
In the Information Technology engineers had originally set the default for customer credit card information to
“Do Not Save,” this action would have been in line with what concept?

Options :
Answer: B
Question 4

SCENARIO
Please use the following to answer the next question:
Henry Home Furnishings has built high-end furniture for nearly forty years. However, the new owner, Anton, has
found some degree of disorganization after touring the company headquarters. His uncle Henry had always
focused on production – not data processing – and Anton is concerned. In several storage rooms, he has found
paper files, disks, and old computers that appear to contain the personal data of current and former employees
and customers. Anton knows that a single break-in could irrevocably damage the company's relationship with
its loyal customers. He intends to set a goal of guaranteed zero loss of personal information.
To this end, Anton originally planned to place restrictions on who was admitted to the physical premises of the
company. However, Kenneth – his uncle's vice president and longtime confidante – wants to hold off on Anton's
idea in favor of converting any paper records held at the company to electronic storage. Kenneth believes this
process would only take one or two years. Anton likes this idea; he envisions a password-protected system that
only he and Kenneth can access.
Anton also plans to divest the company of most of its subsidiaries. Not only will this make his job easier, but it
will simplify the management of the stored data. The heads of subsidiaries like the art gallery and kitchenware
store down the street will be responsible for their own information management. Then, any unneeded subsidiary
data still in Anton's possession can be destroyed within the next few years.
After learning of a recent security incident, Anton realizes that another crucial step will be notifying customers.
Kenneth insists that two lost hard drives in question are not cause for concern; all of the data was encrypted
and not sensitive in nature. Anton does not want to take any chances, however. He intends on sending notice
letters to all employees and customers to be safe.
Anton must also check for compliance with all legislative, regulatory, and market requirements related to
privacy protection. Kenneth oversaw the development of the company's online presence about ten years ago,
but Anton is not confident about his understanding of recent online marketing laws. Anton is assigning another
trusted employee with a law background the task of the compliance assessment. After a thorough analysis,
Anton knows the company should be safe for another five years, at which time he can order another check.
Documentation of this analysis will show auditors due diligence.
Anton has started down a long road toward improved management of the company, but he knows the effort is
worth it. Anton wants his uncle's legacy to continue for many years to come.
Which important principle of Data Lifecycle Management (DLM) will most likely be compromised if Anton
executes his plan to limit data access to himself and Kenneth?

Options :
Answer: B
Question 5

Which item below best represents how a Privacy Group can effectively communicate with functional areas?  

Options :
Answer: B
Viewing Page : 1 - 28
Practicing : 1 - 5 of 278 Questions

© Copyrights FreePDFQuestions 2025. All Rights Reserved

We use cookies to ensure that we give you the best experience on our website (FreePDFQuestions). If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the FreePDFQuestions.