[2022年03月] 無料DCPP-01試験問題をゲット!DCPP-01実際の無料試験問題
検証済みのDCPP-01問題集と124格別な問題
質問 18
Effective 2013, HIPAA Omnibus rule applies to which of the following?
- A. Covered Entities only
- B. Covered Entities & Business Associates
- C. Federal Health Bodies only
- D. Business Associates only
正解: B
解説:
Section: Privacy Principles and Laws
Explanation:
The final Omnibus Rule becomes effective on March 26, 2013. Covered entities and Business Associates Reference: http://www.hipaasurvivalguide.com/hipaa-omnibus-rule.php
質問 19
When sharing personal information (of the data subject) with third parties for processing, which of the following privacy principles includes informed consent?
- A. Disclosure of information
- B. Collection limitation
- C. Accountability
- D. Purpose limitation
正解: D
質問 20
With respect to privacy monitoring and incident management process, which of the below should be a part of a
standard incident handling process?
I. Incident identification and notification
II. Investigation and remediation
III. Root cause analysis
IV. User awareness training on how to report incidents
Please select the correct option:
- A. III and IV
- B. I and II
- C. All of the above
- D. I, II and III
正解: D
質問 21
A ministry under government of India plans to collect citizens' information related to their education,
medical condition, economic status, caste and religion. As per the privacy requirements mentioned under
Sec 43A of IT (Amendment) Act, 2008, the citizens' 'Consent' would be mandatory for which of the
following elements before their collection?
- A. Sec 43A may not be applicable
- B. Caste and religion
- C. Medical condition
- D. Educational records
正解: C
質問 22
XYZ & Co., an Indian hospital specialized in dealing with cancer treatment has organized a free health checkup camp for women in a specific district, after seeking due permission from competent authorities. During the camp the hospital staffs will be feeding the medical records of these women into the computer connected to hospital network system. Does the said hospital need to notify its privacy policy to the women attending the camp and seek their consent regarding the collection and processing of such information?
- A. Yes, in the any language as per the wishes of said hospital
- B. Yes, in the language such women would understand
- C. No, since the law does not require the same in this case
- D. No, since it is a free checkup camp for their welfare
正解: A
質問 23
Regulations that apply to the processing of personal data of natural persons that fall under the following categories:
- A. Resident of anywhere in the world
- B. EU Citizens
- C. All of the above
- D. EU Residents
正解: D
解説:
Page no 4 of PBok Addendum: The EU GDPR is applicable to all EU residents. The usage of the term 'residents' is to be noted - it means that the resident need not be a citizen of any EU member state. It could be any individual who resides in the EU.
質問 24
Which of the following could be considered as triggers for updating privacy policy?
- A. Change in service provider for an established business process
- B. Regulatory changes
- C. Privacy breach
- D. Recruitment of more employees
正解: B
解説:
Section: Privacy Technologies and Organization Ecosystem
質問 25
Which of the following are needed for projects like DNA profiling, UIDAI, and statistical collection of individuals ?
- A. Established a service which guarantees citizens' privacy only online
- B. None of the above
- C. The need for a comprehensive privacy legislation at national level
- D. Protect the privacy of individuals
正解: C
解説:
Projects like UIDAI (Unique Identification Authority of India), NATGRID (National Intelligence Grid), CCTNS (Crime and Criminal Tracking Network and Systems), CMS (Central Monitoring System) etc in India are taking off - which may have direct impact on privacy of individuals.This necessitates appropriate focus resultant legislations and regulatory measures for privacy to ensure safeguards and controls are put in place to support these kinds of projects.
質問 26
You are part of a team that has been created by Indian government to create India's privacy law based on
recommendations in Justice AP Shah's Report. Which of the following provisions should be addressed in the
law?
- A. Privacy as an explicit fundamental constitutional right
- B. National privacy principles
- C. Offences, penalties and remedies
- D. Setup of a national data controller registry
正解: B
質問 27
With reference to APEC privacy framework, when personal information is to be transferred to another person or organization, whether domestically or internationally, "the ______________ should obtain the consent of the individual and exercise due diligence and take reasonable steps to ensure that the recipient person or organization will protect the information consistently with APEC information privacy principles".
- A. Personal Information Processor
- B. Personal Information Owner
- C. Personal Information Auditor
- D. Personal Information Controller
正解: D
解説:
Section: Privacy Principles and Laws
Explanation/Reference: https://iapp.org/news/a/gdpr-matchup-the-apec-privacy-framework-and-cross-border-privacy-rules/
質問 28
Complete the sentence:
The Gramm-Leach-Bliley Act (GLBA) of US regulates the privacy practices adopted by financial institutions, requiring them to provide adequate security of the customer records. It lays various obligations on the financial institutions but allows such financial institutions to share the non-public information of customers (after properly notifying their consumers in a manner mentioned in the Act) with
- A. Its affiliates without need for obtaining explicit consent from the consumers for sharing their data
- B. Its affiliates after disclosure in initial and annual GLBA privacy notices
- C. Its affiliates only after obtaining explicit consent from the consumers
- D. Its affiliates after obtaining explicit permission of Federal Trade Commission
正解: C
質問 29
Which type of data qualify as Sensitive Personal Data or Information under Section 43A of IT (Amendment) Act, 2008?
- A. Call Data Records (CDRs)
- B. Sexual orientation
- C. Political affiliation
- D. Religion and caste
正解: B
解説:
Section: Privacy Fundamentals
質問 30
Which of the following statements are true about the privacy statement of an organization?
- A. Content of the online privacy statement of an organization will depend upon the applicable laws, and may need to address requirements across geographical boundaries and legal jurisdictions
- B. Online privacy statement is an instrument to demonstrate to stakeholders how the organization gathers, uses, discloses, and manages personal data
- C. India's Information Technology (Amendment) Act, 2008 does not require that privacy policy be published on the website
- D. As per privacy laws generally it is mandatory to mention the phone contact details of the owner of organization in the online privacy statement where customers can reach out in case of a grievance or incident
正解: A
解説:
Section: Privacy Principles and Laws
Explanation/Reference: https://en.wikipedia.org/wiki/Privacy_policy
質問 31
Rashmi recently started working as a customer care representative for a bank. After receiving a customer complaint over the phone, she wrote an email to send to grievance department in the bank. The email included customer's full name, bank account number, residential address, email address and contact number. She picked 2-3 resources/employees from the intranet site of the bank, which belonged to the grievance department and sent the email.
Please select the most ideal scenario from a privacy point of view?
- A. Rashmi should have ascertained who in the grievance team is/are authorized to handle the complaint request and only then should have sent the customer details to the concerned person(s).
- B. Rashmi did the right thing by sharing all customer details to parties identified from company intranet.
- C. none of the above
- D. Rashmi should have included some of the customer information in the email and send to grievance team.
正解: D
解説:
Section: Privacy Fundamentals
質問 32
What is not a best practice for maintaining privacy while sharing any personal information on social networking?
- A. Make it public to increase transparency
- B. Share it among a closed group
- C. Publishing on need basis
- D. Classify it private/secret while sharing
正解: C
解説:
Section: Privacy Fundamentals
質問 33
Which of the following does not fall under the category of Personal Financial Information (PFI)?
- A. Loan account Information
- B. Bank account Information
- C. Credit card number with expiry date
- D. Income tax return file acknowledgement number
正解: D
解説:
Section: Privacy Fundamentals
質問 34
Collection of Personal data for a specified objective is the hallmark of which Privacy Principle?
- A. Purpose Limitation
- B. Storage limitation
- C. Use Limitation
- D. Accountability
正解: A
解説:
Section: Privacy Fundamentals
Explanation/Reference: https://www.futurelearn.com/info/courses/general-data-protection-regulation/0/steps/32412
質問 35
A Privacy Impact Assessment (PIA) should ideally accomplish which of the following goals?
- A. To comply with ISO 27001:2013 standard
- B. To determine the risks and effects of collecting, storing and distributing personal information
- C. To evaluate processes for handling personal information for mitigating potential privacy risks
- D. To acknowledge the organization's role in collecting personal identifiable information
正解: C
解説:
Section: Privacy Technologies and Organization Ecosystem
Explanation/Reference: https://www.state.gov/privacy/pias/index.htm
質問 36
Which among the following is the Canadian privacy law?
- A. IT Act of Canada
- B. COPPA
- C. HIPAA
- D. PIPEDA
正解: D
質問 37
As part of the environment scanning to identify security risks to personal information, which of the following environments would be least relevant for the organization?
- A. Service provider's environment
- B. Organization's own environment
- C. Client's environment
- D. Government agencies' environment which seek lawful access to personal data
正解: D
質問 38
......
最新100%合格率保証-素晴らしいDCPP-01試験問題PDF:https://www.jpntest.com/shiken/DCPP-01-mondaishu