Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Iapp Discussions
exam questions

Exam CIPM All Questions

View all questions & answers for the CIPM exam
Go to Exam

Exam CIPM topic 1 question 97 discussion

Actual exam question from IAPP's CIPM
Question #: 97
Topic #: 1
[All CIPM Questions]

SCENARIO -
Please use the following to answer the next question:
Penny has recently joined Ace Space, a company that sells homeware accessories online, as its new privacy officer. The company is based in California but thanks to some great publicity from a social media influencer last year, the company has received an influx of sales from the EU and has set up a regional office in Ireland to support this expansion. To become familiar with Ace Space’s practices and assess what her privacy priorities will be, Penny has set up meetings with a number of colleagues to hear about the work that they have been doing and their compliance efforts.
Penny’s colleague in Marketing is excited by the new sales and the company’s plans, but is also concerned that Penny may curtail some of the growth opportunities he has planned. He tells her “I heard someone in the breakroom talking about some new privacy laws but I really don’t think it affects us. We’re just a small company. I mean we just sell accessories online, so what’s the real risk?” He has also told her that he works with a number of small companies that help him get projects completed in a hurry. “We’ve got to meet our deadlines otherwise we lose money. I just sign the contracts and get Jim in finance to push through the payment. Reviewing the contracts takes time that we just don’t have.”
In her meeting with a member of the IT team, Penny has learned that although Ace Space has taken a number of precautions to protect its website from malicious activity, it has not taken the same level of care of its physical files or internal infrastructure. Penny’s colleague in IT has told her that a former employee lost an encrypted USB key with financial data on it when he left. The company nearly lost access to their customer database last year after they fell victim to a phishing attack. Penny is told by her IT colleague that the IT team “didn’t know what to do or who should do what. We hadn’t been trained on it but we’re a small team though, so it worked out OK in the end.” Penny is concerned that these issues will compromise Ace Space’s privacy and data protection.
Penny is aware that the company has solid plans to grow its international sales and will be working closely with the CEO to give the organization a data “shake up”. Her mission is to cultivate a strong privacy culture within the company.
Penny has a meeting with Ace Space’s CEO today and has been asked to give her first impressions and an overview of her next steps.
To help Penny and her CEO with their objectives, what would be the most helpful approach to address her IT concerns?

  • A. Roll out an encryption policy
  • B. Undertake a tabletop exercise
  • C. Ensure inventory of IT assets is maintained
  • D. Host a town hall discussion for all IT employees
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by emily0922 at Aug. 16, 2023, 10:46 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
c4c7b78
4 months, 2 weeks ago
Selected Answer: C
A is the least likely to have an effect. A tabletop exercise will only be effective if there are proper procedures defined (“we don’t know what to do or who should do what”). As a manager I would lean toward D but the most likely correct answer is C.
upvoted 1 times
...
MaritzTee
5 months, 3 weeks ago
Selected Answer: B
This approach will help the IT team simulate a real-world scenario, such as a data breach or phishing attack, and practice their response in a controlled environment. It will highlight gaps in their knowledge, response procedures, and coordination, enabling them to improve their readiness for actual incidents. Given the previous issues with phishing attacks and the loss of encrypted USB keys, this practical exercise will be invaluable in ensuring the IT team knows what to do and who should do what in case of future incidents. While the other options are beneficial, they do not directly address the immediate need for the IT team to be prepared for and effectively respond to security incidents, which is a critical concern identified by Penny.
upvoted 2 times
...
DPRamone
8 months, 3 weeks ago
Selected Answer: C
Everything starts with an up-to-date asset inventory and classification. You can't protect what you don't know you have.
upvoted 1 times
...
[Removed]
1 year, 2 months ago
Selected Answer: B
Should be B
upvoted 2 times
...
Ssourav
1 year, 3 months ago
Selected Answer: B
given the information provided in the scenario, undertaking a tabletop exercise would be the most effective approach for several reasons: Identifying Response Gaps: A tabletop exercise allows a company to walk through a hypothetical, but realistic, situation to determine how they would respond. This can help highlight any gaps in the response process. Training: Since Penny's IT colleague mentioned they "didn’t know what to do or who should do what" during a previous phishing attack, a tabletop exercise would serve as an effective training tool, giving the team clarity on roles, responsibilities, and actions to take during an incident. Building Confidence: By running through these simulations, the IT team can become more confident in their abilities to handle real-world situations when they arise. While the other options are valid in their own contexts, given the specific concerns Penny has learned about Ace Space's IT practices, the tabletop exercise directly addresses the identified issues and provides the most immediate benefits.
upvoted 2 times
...
emily0922
1 year, 3 months ago
I suggest B
upvoted 1 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel