[2022年最新] 高合格率なDCPP-01テストアンサーかつDSCI DCPP-01テストPDF
完璧DCPP-01問題集試験問題と解答でパス保証されます
質問 30
A ministry under government of India plans to collect citizens' information related to their education, medical condition, economic status, caste and religion. As per the privacy requirements mentioned under Sec 43A of IT (Amendment) Act, 2008, the citizens' 'Consent' would be mandatory for which of the following elements before their collection?
- A. Caste and religion
- B. Sec 43A may not be applicable
- C. Educational records
- D. Medical condition
正解: D
解説:
Section: Privacy Principles and Laws
質問 31
Which of the following statement about Personally Identifiable Information (PII) is true?
- A. None of the above
- B. PII is any information about a legal entity including details of its registration or any information that
may allow its easy identification - C. PII is a subset of Sensitive Personal Information
- D. PII is necessarily a single data element, not a combination of data elements, which can uniquely identify
an individual
正解: B
質問 32
According to IT (Amendment) Act,2008, who should designate a grievance officer to redress grievance(s) of provider of information?
- A. Third party agency collecting personal information
- B. Data processor
- C. Body corporate, which determines the means and purpose of data processing
- D. Natural person sharing his/her information
正解: A
質問 33
From the following list, identify the technology aspects that are specially designed for upholding the privacy:
i. Data minimization
ii. Intrusion prevention system
iii. Data scrambling
iv. Data loss prevention
v. Data portability
vi. Data obfuscation
vii. Data encryption
viii. Data mirroring
Please select the correct set of aspects from below options:
- A. Only i., ii., vi. and vii
- B. Only i., iii., vii. and viii
- C. Only ii., v., vi., vii. and viii
- D. Only i., ii., iii., vii. and viii
正解: A
質問 34
Regarding the "Data Minimization" principle, please select the correct statement from the following:
- A. The purpose of data collection is to analyze and minimize it into useful information.
- B. Retaining collected data as long as necessary to achieve purposes
- C. Limiting the amount of data collected for specific purposes
- D. Objecting to the collection of personal information by the data subject
正解: C
質問 35
Under which of the following conditions can a company in India may transfer sensitive personal information
(SPI) to any other company or a person in India, or located in any other country?
- A. Transfer of information is allowed to those who ensure the same level of data protection that is adhered
to by the company as provided for under the Indian laws - B. The transfer of information is allowed only after taking approval of Chief Information Commissioner of
India - C. The transfer of information is allowed only after taking approval of DeitY (Department of Electronics &
Information Technology) in India - D. The transfer may be allowed only if it is necessary for the performance of the lawful contract or where
the data subject has consented to data transfer
正解: A
質問 36
Effective 2013, HIPAA Omnibus rule applies to which of the following?
- A. Business Associates only
- B. Covered Entities & Business Associates
- C. Federal Health Bodies only
- D. Covered Entities only
正解: B
解説:
Explanation
The final Omnibus Rule becomes effective on March 26, 2013. Covered entities and Business Associates
Reference: http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php
質問 37
As part of the environment scanning to identify security risks to personal information, which of the following
environments would be least relevant for the organization?
- A. Government agencies' environment which seek lawful access to personal data
- B. Organization's own environment
- C. Client's environment
- D. Service provider's environment
正解: A
質問 38
The Qatar Concerning Privacy and Protection of Personal Data Act, 2016 applies to:
- A. Personal data that is electronically or manually processed
- B. Only personal data that is electronically processed
- C. Only personal data that is manually processed
正解: B
解説:
Section: Privacy Principles and Laws
Explanation/Reference: https://www.motc.gov.qa/en/documents/document/qatar-issues-personal-data-privacy-law-5
質問 39
With respect to privacy notice, what are the responsibilities of data controller?
- A. Providing the notice before or during data collection
- B. Providing notice after the data collection
- C. Identifying and communication the purposes for which data will be collected, used, and disclosed
- D. Providing notice at every instance of data processing
正解: C
質問 40
With respect to privacy monitoring and incident management process, which of the below should be a part of a
standard incident handling process?
I. Incident identification and notification
II. Investigation and remediation
III. Root cause analysis
IV. User awareness training on how to report incidents
Please select the correct option:
- A. I, II and III
- B. I and II
- C. All of the above
- D. III and IV
正解: A
質問 41
Which of the following privacy regulation advocates de-identification of personal information?
- A. EU Data Protection Directive
- B. Australia's ANPP
- C. IT Act of India
- D. Canada's PIPEDA
正解: A
質問 42
A US IT company has created a cloud based application for Canadian consumers only, with servers located in
Vancouver, Canada. The application allows its users to publish their short stories, essays or e-books. The
purpose of the application, i.e. literary work, is clearly stated in the terms and conditions which are
mandatorily acknowledged by each user. With respect to this application, the company must ensure
compliance with:
- A. US Consumer Privacy Bill of Rights
- B. EU Data Protection Directive
- C. PIPEDA
- D. None of the above
正解: D
質問 43
Which of the following mechanisms or steps are likely to be taken by an organization for implementing privacy program?
i Deploying physical and technology safeguards to protect personal information assets ii. Privacy consideration in product and service design iii. Privacy implementation to focus only on projects impacted by privacy breaches iv. Benchmarking against industry peers' privacy implementation v. Installing privacy enhancing tools and technologies for the projects dealing with organization's intellectual property Please select the correct set of statements from the below options:
- A. All except iii
- B. All
- C. Only i, ii and iv
- D. Only i, and ii
正解: A
質問 44
After the rules were notified under section 43A of the IT (Amendment) Act, 2008, a clarification was issued by the government which exempted the service providers, which get access to/processes Sensitive Personal Data or information (SPDI) under contractual agreement with a legal entity located within or outside Indi a. Which privacy principle provisions notified under Sec 43A were exempted for the service providers?
- A. Privacy policy (which is published)
- B. Disclosure of information
- C. Access and Correction
- D. Consent
正解: D
質問 45
......
DCPP-01試験問題高合格率なDCPP-01問題集PDF:https://www.jpntest.com/shiken/DCPP-01-mondaishu