Personally Identifiable Information (PII) v4.0 Exam Latest updated Graded A+

Document Content and Description Below

Which action requires an organization to carry out a Privacy Impact Assessment? A. Storing paper-based records B. Collecting PII to store in a new information system C. Collecting any CUI. includ ... ing but not limited to PII D. Collecting PII to store in a National Security System - ANSWER B. Collecting PII to store in a new information system What is the purpose of a Privacy Impact Assessment (PIA)? A. Determine whether paper-based records are stored securely B. Determine whether information must be disclosed according to the Freedom of Information Act (FOIA) C. Determine whether the collection and maintenance of PII is worth the risk to individuals D. Determine whether Protected Health Information (PHI) is held by a covered entity - ANSWER C. Determine whether the collection and maintenance of PII is worth the risk to individuals T or F? Information that can be combined with other information to link solely to an individual is considered PII. - ANSWER True What guidance identifies federal information security controls? A. DoD 5400.11-R: DoD Privacy Program B. The Freedom of Information Act (FOIA) C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information D. The Privacy Act of 1974 - ANSWER C. OMB Memorandum M-17-12: Preparing for and Responding to a Breach of Personally Identifiable Information An organization that fails to protect PII can face consequences including: A. Remediation costs B. Loss of trust C. Legal liability D. All of the above - ANSWER D. All of the above If someone tampers with or steals and individual's PII, they could be exposed to which of the following? A. Embarrassment B. Fraud C. Identity theft D. All of the above - ANSWER D. All of the above Which of the following is not an example of PII? A. Fingerprints B. Driver's license number C. Social Security number D. Pet's nickname - ANSWER D. Pet's nickname What law establishes the federal government's legal responsibility for safeguarding PII? A. OMB Memorandum M-12-12: Preparing for and Responding to a Breach of Personally Identifiable Information B. DoD 5400.11-R: DoD Privacy Program C. The Privacy Act of 1974 D. The Freedom of Information Act (FOIA) - ANSWER C. The Privacy Act of 1974 An organization with existing system of records decides to start using PII for a new purpose outside the "routine use" defined in the System of Records Notice (SORN). Is this a permitted use? A. Yes B. No - ANSWER B. No Which of the following is responsible for the most recent PII data breaches? A. Physical breaking and entry B. Insider threat C. Phishing D. Reconstruction of improperly disposed documents - ANSWER C. Phishing Which of the following is not an example of an administrative safeguard that organizations use to protect PII? A. Conduct risk assessments B. Reduce the volume and use of Social Security Numbers C. List all potential future uses of PII in the System of Records Notice (SORN) D. Ensure employees are trained to properly use and protect electronic records - ANSWER C. List all potential future uses of PII in the System of Records Notice (SORN) Within what timeframe must DoD organizations report PII breaches to the United States Computer Emergency Readiness Team [Show More]

Last updated: 3 years ago

Preview 1 out of 5 pages