CIPP Guide

Your Guide to the CIPP

CIPP Prep Materials

Glossary Tests

Revision 2.0.35
CIPP Guide's CIPP Prep Materials

Published by Jon-Michael Brook, Clearwater, FL.

Copyright 2007 - 2010 Jon-Michael Brook and the CIPP Guide

No part of this publication may be reproduced, stored in a retrieval system or transmitted in

any form or by any means, electronic, mechanical, photocopying, recording, scanning or
otherwise, except as permitted under Sections 107 or 108 of the 1976 United States
Copyright Act, without either the prior written permission of the Publisher. Requests to the
Publisher for permission should be addressed to the Permissions Department, 2541
Estancia Blvd, Clearwater, FL 33761, (727) 564-9101, fax (440) 445-7338, or by email at
publisher@cippguide.org.
Trademarks: The CIPPGuide Sleuth Logo, Your Guide to the CIPP, cippguide.org,
cippguide.com,and related trade dress are trademarks or registered trademarks of Jon-
Michael C. Brook, the CIPPguide and/or its affiliates in the United States and other
countries, and may not be used without written permission. All other trademarks are the
property of their respective owners. Jon-Michael C. Brook is not associated with any
product or vendor outside of the CIPP Guide mentioned in this book.

LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND

THE AUTHOR MAKE NO REPRESENTATIONS OR WARRANTIES WITH
RESPECT TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF
THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING
WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR
PURPOSE. NO WARRANTY MAY BE CREATED OR EXTENDED BY SALES OR
PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES CONTAINED
HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS
SOLD WITH THE UNDERSTANDING THAT THE PUBLISHER IS NOT
ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR OTHER
PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED,
THE SERVICES OF A COMPETENT PROFESSIONAL PERSON SHOULD BE
SOUGHT. NEITHER THE PUBLISHER NOR THE AUTHOR SHALL BE LIABLE
FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION
OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A
POTENTIAL SOURCE OF FURTHER INFORMATION DOES NOT MEAN THAT
THE AUTHOR OR THE PUBLISHER ENDORSES THE INFORMATION THE
ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET
WEBSITES LISTED IN THIS WORK MAY HAVE CHANGED OR DISAPPEARED
BETWEEN WHEN THIS WORK WAS WRITTEN AND WHEN IT IS READ.

CIPP__Glossary_Tests Page 1
 Table
of
Contents

CIPP Prep Materials:

Glossary Tests
The CIPP Exam
The CIPP Exam..................................................................................................................i
Introduction......................................................................................................................1
CIPP Glossary Tests 1........................................................................................................3
CIPP Glossary Tests 2........................................................................................................9
CIPP Glossary Tests 3.......................................................................................................23
CIPP Glossary Tests 4.......................................................................................................29
CIPP Glossary Tests 5.......................................................................................................35
CIPP Glossary Tests 6.......................................................................................................41
CIPP Glossary Tests 7.......................................................................................................47

i v. 2.0.35
 Introduction

CIPP Prep Materials

Glossary Tests
Introduction

This booklet consolidates all of the tests from the CIPPguide website as of its date of
publication. Each chapter corresponds to a roughly 25 question test on site. At the end of
each chapter includes the answers. Explanations may be found on the website in the
interactive test engine. Best of luck on the exam!

1 v2.0.35
CIPP__Glossary_Tests 2
 CIPP
Glossary Tests
1

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 1
Questions
1. Access is a fair information principle under which an individual must be allowed
to:

A. see how a company uses its personal information

B. view what personal information a company may have on record
C. correct any wrong personal information an entity may have on record
D. ask the company to remove personal information from its record

2. This type of software program filters content on Web pages to prevent

advertisements from appearing on the page:

A. spambot
B. firewall
C. adblocker
D. spyware

3. According to the EU Data Protection Directive, an adequate country has which of

the following characteristics ?

A. is an ally of the EU
B. has signed a contract with the EU Data Protective Directive
C. has laws about individual rights that are similar to those of the EU Data
Protection Directive
D. has no limitations on transfers with countries in the European Economic Area

4. Which of the following are not considered adequate countries by the EU Data
Protection Directive ?

A. the US

3 v2.0.35
B. Switzerland
C. Argentina
D. Canada

5. The following are not examples of affiliate entities:

A. parent companies
B. Competitors
C. Sister companies
D. Subsidiaries

6. Affirmative Consent is:

A. a form of parental control

B. when a customer agrees to the privacy practices of a company
C. when a customer uses their credit card to purchase a product or service
D. when a customer voluntarily agrees to receive communication from an entity

7. A form of marketing in which a related entity may advertise the services of

another company to increase traffic and share in profits is:

A. spam
B. affiliate programs
C. pop Ups
D. consumer direction

8. Aggregate information includes:

A. Website traffic counts

B. consumer's age, gender, or race
C. domain names
D. consumer's name

9. When an individual's personal information cannot directly be linked back to his

identity, he is:

A. hidden
B. behind a firewall
C. anonymous
D. performing an illegal act

10. An anonymizer provides the following services:

A. allows the user to surf the internet without being traced

B. removes personal information from data collected by an entity
C. blocks cookies from being placed on a user's computer
D. an individual who uses the internet anonymously

CIPP__Glossary_Tests 4
11. How is authentication different from authorization?

A. authentication is the process in which a user is allowed access to information,

and authorization is the process through which a user proves his identity
B. authentication is when a user agrees to the terms of a company, and
authorization is the process through which a user proves his identity
C. authentication is the process through which a user proves his identity, and
authorization is when a user agrees to the terms of a company
D. authentication is the process through which a user proves his identity, and
authorization is the process through which a user is allowed access to information

12. What forms of messaging does the Australian SPAM Act of 2003 restrict?

A. commercial messaging sent from Australia

B. commercial messaging through text messages (SMS/MMS) and instant messages
C. commercial messaging sent to Australia
D. all of the above

13. Which of the following are characteristics of a banner ad?

A. an advertisement typically placed at the top of a Web page

B. a message placed at the top of a Web page giving visitors a brief overview of
its contents
C. when clicked will usually direct the user to another Web site offering products
or services
D. the owner of a Web page on which a banner ad appears has paid for the placement
of the ad

14. Examples of biometric identifiers include:

A. fingerprint patterns
B. DNA
C. facial characteristics
D. all of the above

15. -------- are the routine activities undertaken by a company to ensure to their
customers, retailers, warehouses and related groups that the company's services
continue to run without interruption.

16. Business need, as related to an employee, is defined as:

A. the minimum number of employees needed to run a particular company

B. the activities performed by a company that require access to personal employee
information
C. any expenses related to the creation of the product or service
D. the total amount of debt a company owns

5 v2.0.35
17. Activities for which a company may use personal information about a customer
(business need as related to a customer) include:

A. completing a transaction
B. sending "opt in" marketing communications
C. selling customer information to other entities
D. notifying consumers of an emergency in which the risk to their safety is greater
than the risk to their privacy

18. The California Data Breach Notification Law requires:

A. California companies to pass an annual inspection of their information security

systems
B. California companies to submit a press release to the public when there is a
security breach to their systems
C. companies to notify California residents when their personal information may
have been accessed by an unauthorized third party through a security breach and may
be at risk for identity theft.
D. companies to have 24/7 security personnel to respond immediately to security
breaches and notify the proper authorities

19. Which of the following is NOT true about the CAN-SPAM Act of 2003?

A. requires entities to get permission to send marketing emails that would qualify
as spam
B. is regulated by the Federal Trade Commission
C. requires commercial email to contain an unsubscribe function which they must
honor
D. requires commercial email to contain notice of adult related content and subject
lines representative of the offer it contains

20. -------- is a form of temporary storage in which a copy of a Web page is saved
to the user's computer or server to allow for faster accessing times

A. cookie
B. caching
C. duplication
D. HTML

21. -------- are functions undertaken by a company to manage communications with

consumers to increase efficacy

A. customer relations
B. customer relationship management
C. customer communications
D. customer contact management

CIPP__Glossary_Tests 6
22. This high-level business executive is in charge of making sure the company
complies with all privacy laws and regulations.

A. privacy manager
B. Chief Executive Officer
C. Chief Privacy Officer
D. Chief Information Officer

23. Choice is defined as:

A. an individual's ability to decide between different products or services

B. an individual's ability to regulate how their personal information may be used
by a company
C. an inalienable right
D. an individual's ability to navigate the Web freely

24. The Children's Online Privacy Protection Act of 1998 (COPPA) requires all Web
sites geared towards children to include a privacy policy stating any personal
information that may be collected, how and when parental consent should be
obtained, and the responsibility the Web site has towards the safety and privacy of
the child. This law applies to children under the age of:

A. 10
B. 18
C. 15
D. 13

25. A Web beacon is otherwise known as which of the following?

A. Web bug
B. clear GIF
C. spy graphic
D. tracker GIF

7 v2.0.35
Answers
1. A, B, C
2. C
3. C, D
4. A
5. B
6. D
7. B
8. A, B, C
9. C
10. A, C
11. D
12. D
13. A, C, D
14. D
15. business continuity
16. B
17. A, B, D
18. C
19. A
20. B
21. D
22. C
23. B
24. D
25. A, B, D

CIPP__Glossary_Tests 8
 CIPP Glossary
Tests
2

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 2
Questions
1. This is the action of gathering personal information about an individual either
from the individual themselves or from a third party that shares or sells the
information:

A. collection
B. information gathering
C. information database management
D. personal data management

2. Which of the following are examples of commercial contact?

A. a personal email soliciting help from a knowledgeable source

B. a company email offering consumer discounts
C. a government email detailing new policy
D. a company email telling customers about a new product or service

3. Which of the following are examples of confidential information?

A. phone number
B. national ID number
C. salary information
D. age

9 v2.0.35
CIPP__Glossary_Tests 10
11 v2.0.35
CIPP__Glossary_Tests 12
13 v2.0.35
CIPP__Glossary_Tests 14
15 v2.0.35
CIPP__Glossary_Tests 16
17 v2.0.35
16. This is the name for the formal language, originally created by IBM, that was
proposed at the World Wide Web 2003 consortium to be used in writing privacy
policies dealing with data in IT systems for businesses and other entities:

A. Universal Computer Language (UCL)

B. Customer Identification Database (CID)
C. Enterprise Privacy Authorization Language (EPAL)
D. International Privacy Data Language (IPDL)

17. What is the name for the networking card inside a computer, which contains a
personal signifier identifying that computer?

A. IP address
B. ethernet adapter address
C. router address
D. network address

18. What is the name of the most important legislation enacted by the European
Commission in 1996, regulating information privacy and use of personal data?

A. EEA Information Privacy Program

B. International Data Privacy Directive
C. the EU Data Protection Directive
D. the European Privacy Act

19. Which of the following are data protection principles addressed in the E.U Data
Protection Directive?

A. transparency
B. data quality
C. business identity authentication
D. proportionality

20. The name for the economic association of European Countries that includes all
of the EU plus Iceland, Norway, and Liechtenstein, creating a single market?

A. the EU Economic Region

B. the EU Data Protection Directive
C. the European Economy Association
D. the European Economic Area

21. What is the primary interest of the European Union?

A. integration between regions

B. standardization of laws between member states regarding trade and commerce
C. freedom of movement of goods, services, capital, and people
D. all of the above

CIPP__Glossary_Tests 18
22. What is the purpose of the European Works Council?

A. allow workers in multi-national companies in the EU to have direct communication

with upper management
B. streamline when, how, and what information is shared with workers in
multinational companies
C. allow workers to have representation in unions.
D. create strict trading guidelines for multinational companies

23. This US law regulates the collection, use and sharing of personal data. It
forms the basis of consumer rights in the United States. It specifically places
strict regulations on the use of consumer reports:

A. the Federal Trade Commission

B. the Fair Credit Reporting Act
C. the Data Commissioner Act
D. the US Data Protection Directive

24. Which of the following are one of the five principles established by the
Federal Trade Commission to govern fair information practices?

A. Regulation/Control
B. Notice/Awareness
C. Integrity/Security
D. Access/Participation

25. What does the fair information principle of notice/awareness entail?

A. through what means and for what purpose data is collected

B. the identity of the entity collecting the information
C. steps taken by the entity to ensure privacy and confidentiality
D. notification to the individual every time their personal data is used

19 v2.0.35
Answers

1. D
2. A, B, C
3. B
4. A, C
5. B
6. D
7. A, B, D
8. C
9. C
10. D
11. B
12. D
13. C
14. A, B, D
15. C
16. C
17. B
18. C
19. A, B, D
20. D
21. D
22. A, B, C
23. B
24. B, C, D
25. A, B, C

CIPP__Glossary_Tests 20
 CIPP Glossary
Tests
4

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 4

Questions
1. Which of the following is included under the Integrity/security fair information
principle?

A. the use of reputable sources

B. creating a standardized policy for the authorization and access of data between
companies
C. taking steps against the destruction and unauthorized disclosure and access to
data.
D. establishing a set span of time for which information is relevant

2. This US office enforces a number of different consumer protection, anti-trust,

and privacy laws. It fights to prevent fraud and promote competitive markets:

A. the US Data Commissioner's Office

B. the Consumer Protection Agency
C. the Department of Justice
D. the Federal Trade Commission

3. This is part of a network or computer system which restricts access to a

computer on a network from outside computers. It has the power to control or deny
access as well as encrypt and decrypt data.

A. router
B. firewall
C. ethernet adapter
D. encryption software

4. This is the term for the software that adds animation and interactivity on Web
pages:

21 v2.0.35
A. HTML
B. Java Script
C. Flash
D. Python

5. The general data protective directive was created by what governing body?

A. the US
B. the EU
C. Canada
D. Australia

6. Testing for changes in employee or applicant DNA to monitor the effects of

exposure to hazardous work sites is called:

A. genetic screening
B. mandatory drug testing
C. mandatory DNA testing
D. genetic monitoring

7. Testing job applicants for genetic abnormalities, medical conditions or

inheritable traits is called:

A. genetic screening
B. mandatory drug testing
C. mandatory DNA
D. genetic monitoring

8. The Gramm-Leach Biley Act (GLBA) is also known under what name?

A. the EU Data Protection Directive

B. the CAN-SPAM Act of 2003
C. the Financial Services Modernization Act of 1999.
D. the Children's Online Privacy Protection Act

9. Which of the following changes were made under the Gramm-Leach Biley Act?

A. Requires financial companies to adequately secure information

B. Requires financial companies to provide consumers with privacy statements
C. Requires financial companies to offer consumers the ability to opt out of
receiving non-affiliated third party offers.
D. Requires financial companies to notify consumers every time their personal data
is accessed.

10. This is a string of numbers which creates a universally unique ID to identify

information such as a computer, file or user:

CIPP__Glossary_Tests 22
A. IP address
B. customer ID
C. Social Security Number
D. Global Unique Identifier (GUID)

11. To what major US industry do the HIPAA laws primarily apply?

A. health care
B. financial
C. information technology
D. internet businesses

12. Which of the following were new regulations instituted under HIPAA?

A. disclosure of medical information to non-medical professionals only with a

warrant
B. a new privacy rule to protect patient medical records
C. a new security rule which laid out physical, administrative, and technical rules
for protecting data
D. new privacy rules for all employers offering group health care plans

13. This is any computer connected to the internet or a network which holds
specific resources other computers within that network may need for accessing data
or information:

A. router
B. ethernet
C. host
D. database

14. Which of the following is an identifier for a computer and the organization
which owns it - specifically within a network?

A. Internet Protocol (IP) Address

B. Globally Unique Identifier (GUID)
C. MAC address
D. Hostname

15. Which of the following is the name for a feature within an electronic document
that, when activated, will bring the user to another location, either in the same
document or a new one (used widely on the internet) ?

A. Internet Protocol (IP) address

B. hyperlink
C. clear GIF
D. URL

23 v2.0.35
16. This is the standard computer language used in building Web pages.

A. Hypertext Markup Language (HTML)

B. Java
C. Hypertext Transfer Protocol (HTTP)
D. Flash

17. Which of the following are characteristics of Hypertext Transfer Protocol

(HTTP)

A. used on the World Wide Web

B. is untraceable
C. a protocol used for hyperlinked documents
D. usually use Port 80 to connect with the host of a network

18. This is when someone other than the data subject uses their personal
information "such as name, address, Social Security Number, etc." to commit fraud:

A. mistaken identity
B. misuse of information
C. identity fraud
D. identity theft

19. When collecting data, what information must be given to the individual from
the collector?

A. why data is being collected

B. who is collecting the data
C. any additional entities that may have access to the data
D. all of the above

20. If a data subject refuses to answer a required question during data collection
do they forfeit their right to access?

A. yes
B. no
C. depends on the situation
D. only if they have a criminal record

21. Which of the following are considered part of information security?

A. evaluating security threats and taking countermeasures

B. preventing unauthorized use of personal data
C. hiring only licensed processors to access the information
D. making sure that collected data is complete and correct

22. This is a set of rules used by computers to communicate packets of data across
networks:

CIPP__Glossary_Tests 24
A. HTML
B. Internet Protocol (IP)
C. HTTP
D. encryption

23. 333.333.22.1; 163.45.729.22 - the above are examples of what type of address?

A. GUID
B. MAC
C. IP
D. LAN

24. What is the difference between a static and dynamic IP address

A. a computer with a static IP address has the same address every time. A computer
with a dynamic IP address is temporarily assigned an address for each individual
session
B. a static IP address does not change within one session while a dynamic IP
address changes many times within a session to mask activities
C. a static IP address is temporarily assigned for each individual session. A
computer with a dynamic address has the same address every time.
D. None of the above

25. When an entity cuts all ties with a customer with the intent of never resuming
contact:

A. communication termination
B. account deletion
C. customer termination
D. isolation

25 v2.0.35
Answers

1. A, C
2. D
3. B
4. C
5. B
6. D
7. A
8. C
9. A, B, C
10. D
11. A
12. B, C, D
13. C
14. D
15. B
16. A
17. A, C, D
18. D
19. D
20. B
21. A, B, D
22. B
23. C
24. A
25. D

CIPP__Glossary_Tests 26
 CIPP Glossary
Tests
5

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 5

Questions
1. Javascript is defined as:

A. another name for Java

B. a feature on a Web page designed to track user activities
C. a scripting language used to create Web content that is more dynamic with better
user interface
D. the most widely used programming language used on the internet

2. An entity that has the power to hear and rule on a court case is said to have
---- . (lower case)

3. This is a list of customers, still in the process of ceasing communication, that

should not be contacted but have not yet been removed from the general
communication list.

A. end-communication list
B. suppression list
C. Do Not Call registry
D. No-contact database

4. Which of the following is information that may be included in a log file?

A. first and last name of computer owner

B. how a visitor navigated to the page
C. bytes sent and received
D. IP address of computer user

27 v2.0.35
5. What is a member state?

A. any of the 50 states

B. any US region or state which can vote in presidential elections
C. full members of the European Union
D. all countries in the European Union plus potential candidates

6. A situation in which neither person who sends or receives information is allowed

to dispute the transferred information is called:

A. non-repudiation
B. conflict resolution
C. compromise
D. waived right to access

7. This is when an individual does not have the ability to opt out of receiving
communications from an entity

A. customer fraud
B. required communication
C. no-opt
D. waived right to access

8. This is a document stating an entity's practices - especially those concerned

with information privacy:

A. notice
B. alert
C. privacy message
D. privacy document

9. Which of the following are typically included in a privacy notice?

A. a data subject's rights with regard to their information

B. for what purposes personal data is used
C. the exact types of information collected
D. the name of any third party entities a company may use to process information

10. What is the definition of notification?

A. the act of giving notice to customers regarding privacy practices

B. any communication notifying customers about new services
C. notifying customers about any unauthorized access to their personal data
D. in the EU and EMEA, countries that store or process personal data must be
registered with the office governing data protection.

11. This is the form of consumer agreement in which an individual actively chooses
to receive communications from an entity:

CIPP__Glossary_Tests 28
A. voluntary communication
B. opt-in
C. opt-out
D. messaging sign-up

12. This is the form of consumer agreement in which communication from an entity is
sent because a consumer has not yet expressed a wish to no longer receive
communication

A. involuntary communication
B. opt-in
C. opt-out
D. spam

13. This is when information is automatically collected from Web users when they
access a Web page:

A. information gathering
B. Web-related collection
C. internet collection
D. passive collection

14. This is a string of numbers, letters, or characters generated by a user to

access a computer, document, application or site

A. access code
B. password
C. username
D. secret code

15. What is the name of legislation passed in 2001 which gave the US government
increased access to personal data and electronic activities?

A. CAN-SPAM Act
B. the Patriot Act
C. the Gramm-Leach Biley Act
D. HIPAA

16. What new requirement did the Patriot Act place on financial institutions
regarding personal data?

A. stricter security systems to prevent unauthorized access

B. disallowed business with individuals the government had classified as suspicious
C. required to share all personal data with the US government
D. required to report transactions which might relate to suspicious activity to the
US government

29 v2.0.35
17. This is any individual with natural rights or any entity, such as a
corporation with legal rights:

A. person
B. being
C. man
D. protected individual

18. This is any data connected with an individual:

A. personally identifiable information

B. personal data
C. data records
D. information

19. This is any data that can be used to identify and individual

A. personally identifiable information

B. personal data
C. data records
D. information

20. This is the major data protection law in Canada:

A. CAN SPAM Act

B. Data Protection Directive
C. Personal Information Protection and Electronic Document Act of 2001 (PIPEDA)
D. the Gramm-Leach Bliley Act

21. Which of the following is considered personal information according to PIPEDA?

A. name of employee in an organization

B. information about an identifiable individual
C. title of an Employee in an Organization
D. home telephone number of an employee

22. Which of the following are part of the standards regarding information
collection under PIPEDA?

A. accuracy
B. child protection
C. individual access
D. accountability

23. Which of the following includes personally identifiable information?

A. IP address

CIPP__Glossary_Tests 30
B. Web site preferences tracked by cookies
C. email address
D. name

24. -------- is when an entity, posing as a trustworthy source, attempts to collect

account information and other personal data from an individual in order to commit
fraud. Usually done by scam emails.

A. criminal activity
B. fraudulent collection
C. phishing
D. identity theft

25. This was written by the World Wide Web Consortium to set standards for the
creation and use of privacy friendly applications on the internet:

A. list of deceptive trade practices

B. Platform for Privacy Preferences Project (P3P)
C. digital certificates
D. TRUSTe

31 v2.0.35
Answers

1. C
2. jurisdiction
3. B
4. B, C, D
5. C
6. A
7. C
8. A
9. A, B, C
10. D
11. B
12. C
13. D
14. B
15. B
16. D
17. A
18. B
19. A
20. C
21. A, D
22. A, C, D
23. B, C, D
24. C
25. B

CIPP__Glossary_Tests 32
 CIPP Glossary
Tests
6

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 6

Questions
1. This is when one government's laws override the laws of an inferior government:

A. bypass
B. pretexting
C. legislative overruling
D. preemption

2. Pretexting is:

A. Web site popups

B. creating an invented scenario to collect personal information from individuals
C. sending scam emails
D. spam

3. What is Pretty Good Privacy (PGP)

A. customer management software

B. customer relations software
C. encryption software
D. database management software

4. What is Primary Use?

A. use of a computer or database by the network manager or primary user

B. use of an individual's name
C. using information only for the purposes it was originally collected
D. the top purpose for which a consumer uses a product

33 v2.0.35
5. The ability to withhold or limit the amount of information an individual may
share about his or herself is considered:

A. privacy
B. evasion
C. disguise
D. freedom of speech

6. This is a legal document stating an entity's practices regarding use and

disclosure of personal information.

A. notification
B. mission statement
C. privacy statement
D. personal data objective

7. Which of the following are privacy seal programs?

A. TRUSTe
B. BBBonline
C. phishing
D. Webtrust

8. This is any activity performed with personal data:

A. database management
B. use and disclosure
C. customer management
D. processing of personal data

9. Profile Information such as an individual's car, zip code, or favorite movie is:

A. not considered personally identifiable information

B. considered personally identifiable information
C. considered public information
D. not protected under privacy law

10. This set of rules governs how data is formatted and transmitted, particularly
within a network.

A. HTTP
B. HTML
C. Protocol
D. Encryption Management

11. What are the advantages of using a proxy server?

A. anonymity

CIPP__Glossary_Tests 34
B. privacy
C. restricting access to the Web
D. faster loading times

12. What is the purpose Public Key Infrastructure (PKI)?

A. to control encryption methods

B. to create a set of privacy standards
C. to verify the identify of entities involved in a transaction using encryption
D. to reduce SPAM

13. This is information that can be found in newspapers, telephone directives and
other resources widely available:

A. public record
B. local listings
C. unprotected information
D. publicly available information

14. This is information the government may collect and maintain, made available to
the public:

A. public record
B. government listings
C. legitimate information
D. publicly available information

15. A recipient is:

A. the person who sends data

B. a third party to whom data is sent
C. an authority to whom data is sent
D. And authority that sends data

16. A register is:

A. where a transaction is processed

B. a listing of publicly available information
C. an official customer record
D. a database of customers

17. What are some of the differences between US and EU data protection regulations?

A. the EU may sometimes require pre-approval before the transmission of data and
the US does not
B. the EU requires one governing privacy authority for each member, while the US
uses a combination of different regulations and authorities

35 v2.0.35
C. the EU limits transmission of data with other countries while the US does not
D. the US is not as concerned with privacy policy as the EU

18. What is Safe Harbor?

A. a policy allowing unrestricted information transmission between the EU and the

US
B. an EU directive regulating the transmission of data to adequate countries, of
which the US is not included
C. a policy adopted by the EU detailing standards US companies must meet in order
to complete uninterrupted business with entities in the EU.
D. a US policy regarding protective regulations for children using Web sites.

19. What is secure sockets layer?

A. another name for HTML

B. another name for encryption
C. a protocol used in the transfer and exchange of hypertext documents
D. a protocol that dictates the use of encryption for communication on the
internet.

20. This consists of all the policies standards and technology that protect
information and support business function.

A. encryption
B. security controls
C. database management
D. customer relations management

21. Which of the following is considered sensitive personal information under the
EU Data Protection Directive?

A. religious beliefs
B. race
C. criminal convictions
D. telephone number

22. Any unsolicited electronic messages are called:

A. opt-out email
B. subscription email
C. scam email
D. spam

23. This is a software that may be downloaded to an individual's computer without

their knowledge and used to collect personal information, particularly financial
account information:

CIPP__Glossary_Tests 36
A. Web beacon
B. phishing
C. spyware
D. cookies

24. This is a form of authentication in which a public key of a user is linked with
a private key of a user and used to encrypt and decrypt information to allow for
secure transactions.

A. public certificate
B. strong authentication
C. transaction encryption
D. cryptography

25. Which of the following is another name for opt-in email?

A. affirmative consent
B. subscription
C. passive consent
D. preemption

37 v2.0.35
Answers

1. D
2. B
3. C
4. C
5. A
6. C
7. A, B, D
8. D
9. B
10. C
11. A, C, D
12. C
13. D
14. A
15. B
16. C
17. A, B, C
18. C
19. D
20. B
21. A, B, C
22. D
23. C
24. B
25. A, B

CIPP__Glossary_Tests 38
 CIPP Glossary
Tests
7

CIPP Prep Materials

Glossary Tests
CIPP Glossary Tests 7

Questions
1. This is the term for transmitting personal data between companies or countries
in order to complete business or customer transactions.

A. Safe Harbor communication

B. electronic communication
C. file sharing
D. transfer

2. Which of the following is the practice of processing personally identifiable

information so that it can be seen and understood by the data subject?

A. access
B. notice
C. transparency
D. participation

3. This company is the world's largest privacy seal program and serves as a
mediator in privacy disputes for US companies:

A. Better Business Bureau

B. TRUSTe
C. Federal Trade Commission
D. Safe Harbor

4. This is a system in which the user has access and control over all actions:

A. any business operating with a TRUSTe certification

B. total access
C. open access

39 v2.0.35
D. trusted system

5. Which of the following is another name for opt-out?

A. Suppression
B. Subscription
C. Unsubscribe
D. Active Consent

6. Which of the following are considered forms of verifiable parental consent?

A. credit card verification

B. a downloadable form that can be signed and returned by fax or mail.
C. creating a parental account with the same site
D. Social Security Number verification

7. This is the system of interlinked hypertext documents used for sharing

information on the internet.

A. Internet Explorer
B. HTML
C. HTTP
D. World Wide Web

8. What is the main function of a Web client or Web browser?

A. to navigate and display information from the World Wide Web.

B. to encrypt personal information during internet transactions
C. to transfer files from one computer to another
D. to store cookies of Web sites visited

9. This is a feature on a Web page containing blank fields for users to enter
information.

A. blank document
B. Web form
C. personal information collector
D. clear GIF

10. This computer is connected to the internet and receives HTTP requests from
other computers to view HTML documents, such as Web pages:

A. proxy server
B. Web database
C. Web server
D. network router

CIPP__Glossary_Tests 40
Answers

1. D
2. C
3. B
4. D
5. C
6. A, B
7. D
8. A
9. B
10. C

41 v2.0.35