CIPM LATEST EVALUATION EXAM QUESTIONS
AND ANSWERS SURE A+
✔✔Detective Control - ✔✔A control designed to identify issues after they occur
✔✔Corrective Control - ✔✔A control designed to fix or remediate issues
✔✔Risk Assessment - ✔✔The process of identifying and evaluating risks
✔✔Risk Mitigation - ✔✔Reducing the likelihood or impact of identified risks
✔✔Privacy Notice - ✔✔An external statement explaining how personal data is collected
and used
✔✔Policy - ✔✔A high-level rule defining what must be done and why
✔✔Procedure - ✔✔Detailed steps outlining how to perform a task
✔✔Privacy Program Manager - ✔✔The individual responsible for executing the privacy
program
✔✔Accountability (Leadership) - ✔✔Senior leadership holds ultimate responsibility for
compliance
✔✔Privacy Training - ✔✔Education to improve employee awareness and reduce
privacy risks
✔✔Escalation - ✔✔Raising an issue to higher authority for resolution
✔✔Audit - ✔✔A formal review of compliance with policies and regulations
✔✔Data Inventory - ✔✔A record of all personal data collected and processed
, ✔✔Data Mapping - ✔✔Tracking how personal data flows through systems and
processes
✔✔DPIA (Data Protection Impact Assessment) - ✔✔A risk assessment for high-risk
data processing activities
✔✔High-Risk Processing - ✔✔Processing activities that significantly impact individual
privacy
✔✔Data Controller - ✔✔The entity that determines the purpose and means of
processing personal data
✔✔Data Processor - ✔✔An entity that processes personal data on behalf of a controller
✔✔Vendor Risk Management - ✔✔Ensuring third parties comply with privacy
requirements
✔✔Encryption - ✔✔Transforming data into a secure, unreadable format
✔✔Anonymization - ✔✔Irreversibly removing identifying information from data
✔✔Pseudonymization - ✔✔Replacing identifying data with artificial identifiers
✔✔Least Privilege - ✔✔Granting users only the minimum access necessary
✔✔Data Breach - ✔✔Unauthorized access, disclosure, or loss of personal data
✔✔Breach Containment - ✔✔The first step in incident response to stop further data
exposure
✔✔DSAR (Data Subject Access Request) - ✔✔A request from an individual to access
their personal data
✔✔DSAR Timeline - ✔✔Typically one month under GDPR to respond to requests
✔✔Right to Deletion - ✔✔The right of individuals to have their personal data erased
✔✔Right to Access - ✔✔The right to view personal data held about an individual
✔✔Right to Portability - ✔✔The right to transfer personal data between organizations
✔✔KPI (Key Performance Indicator) - ✔✔A metric used to measure program
performance
AND ANSWERS SURE A+
✔✔Detective Control - ✔✔A control designed to identify issues after they occur
✔✔Corrective Control - ✔✔A control designed to fix or remediate issues
✔✔Risk Assessment - ✔✔The process of identifying and evaluating risks
✔✔Risk Mitigation - ✔✔Reducing the likelihood or impact of identified risks
✔✔Privacy Notice - ✔✔An external statement explaining how personal data is collected
and used
✔✔Policy - ✔✔A high-level rule defining what must be done and why
✔✔Procedure - ✔✔Detailed steps outlining how to perform a task
✔✔Privacy Program Manager - ✔✔The individual responsible for executing the privacy
program
✔✔Accountability (Leadership) - ✔✔Senior leadership holds ultimate responsibility for
compliance
✔✔Privacy Training - ✔✔Education to improve employee awareness and reduce
privacy risks
✔✔Escalation - ✔✔Raising an issue to higher authority for resolution
✔✔Audit - ✔✔A formal review of compliance with policies and regulations
✔✔Data Inventory - ✔✔A record of all personal data collected and processed
, ✔✔Data Mapping - ✔✔Tracking how personal data flows through systems and
processes
✔✔DPIA (Data Protection Impact Assessment) - ✔✔A risk assessment for high-risk
data processing activities
✔✔High-Risk Processing - ✔✔Processing activities that significantly impact individual
privacy
✔✔Data Controller - ✔✔The entity that determines the purpose and means of
processing personal data
✔✔Data Processor - ✔✔An entity that processes personal data on behalf of a controller
✔✔Vendor Risk Management - ✔✔Ensuring third parties comply with privacy
requirements
✔✔Encryption - ✔✔Transforming data into a secure, unreadable format
✔✔Anonymization - ✔✔Irreversibly removing identifying information from data
✔✔Pseudonymization - ✔✔Replacing identifying data with artificial identifiers
✔✔Least Privilege - ✔✔Granting users only the minimum access necessary
✔✔Data Breach - ✔✔Unauthorized access, disclosure, or loss of personal data
✔✔Breach Containment - ✔✔The first step in incident response to stop further data
exposure
✔✔DSAR (Data Subject Access Request) - ✔✔A request from an individual to access
their personal data
✔✔DSAR Timeline - ✔✔Typically one month under GDPR to respond to requests
✔✔Right to Deletion - ✔✔The right of individuals to have their personal data erased
✔✔Right to Access - ✔✔The right to view personal data held about an individual
✔✔Right to Portability - ✔✔The right to transfer personal data between organizations
✔✔KPI (Key Performance Indicator) - ✔✔A metric used to measure program
performance
