Free CIPM Exam Dumps

Question 11

SCENARIO
Please use the following to answer the next QUESTION:
John is the new privacy officer at the prestigious international law firm – A&M LLP. A&M LLP is very proud of its reputation in the practice areas of Trusts & Estates and Merger & Acquisition in both U.S. and Europe.
During lunch with a colleague from the Information Technology department, John heard that the Head of IT, Derrick, is about to outsource the firm's email continuity service to their existing email security vendor – MessageSafe. Being successful as an email hygiene vendor, MessageSafe is expanding its business by leasing cloud infrastructure from Cloud Inc. to host email continuity service for A&M LLP.
John is very concerned about this initiative. He recalled that MessageSafe was in the news six months ago due to a security breach. Immediately, John did a quick research of MessageSafe's previous breach and learned that the breach was caused by an unintentional mistake by an IT administrator. He scheduled a meeting with Derrick to address his concerns.
At the meeting, Derrick emphasized that email is the primary method for the firm's lawyers to communicate with clients, thus it is critical to have the email continuity service to avoid any possible email downtime. Derrick has been using the anti-spam service provided by MessageSafe for five years and is very happy with the quality of service provided by MessageSafe. In addition to the significant discount offered by MessageSafe, Derrick emphasized that he can also speed up the onboarding process since the firm already has a service contract in place with MessageSafe. The existing on-premises email continuity solution is about to reach its end of life very soon and he doesn't have the time or resource to look for another solution. Furthermore, the off- premises email continuity service will only be turned on when the email service at A&M LLP's primary and secondary data centers are both down, and the email messages stored at MessageSafe site for continuity service will be automatically deleted after 30 days.
Which of the following is NOT an obligation of MessageSafe as the email continuity service provider for A&M LLP?

A. Privacy compliance.
B. Security commitment.
C. Certifications to relevant frameworks.
D. Data breach notification to A&M LLP.

Correct Answer:C

Question 12

What is a key feature of the privacy metric template adapted from the National Institute of Standards and Technology (NIST)?

A. It provides suggestions about how to collect and measure data.
B. It can be tailored to an organization's particular needs.
C. It is updated annually to reflect changes in government policy.
D. It is focused on organizations that do business internationally.

Correct Answer:A

Question 13

An organization's business continuity plan or disaster recovery plan does NOT typically include what?

A. Recovery time objectives.
B. Emergency response guidelines.
C. Statement of organizational responsibilities.
D. Retention schedule for storage and destruction of information.

Correct Answer:D

Question 14

In addition to regulatory requirements and business practices, what important factors must a global privacy strategy consider?

A. Monetary exchange.
B. Geographic features.
C. Political history.
D. Cultural norms.

Correct Answer:B

Question 15

In privacy protection, what is a "covered entity"?

A. Personal data collected by a privacy organization.
B. An organization subject to the privacy provisions of HIPAA.
C. A privacy office or team fully responsible for protecting personal information.
D. Hidden gaps in privacy protection that may go unnoticed without expert analysis.

Correct Answer:B