IAPP CIPP/A Exam - Topic 1 Question 20 Discussion

Actual exam question for IAPP's CIPP/A exam

Question #: 20
Topic #: 1

In Hong Kong's revised Breach Guidance Note of 2015, what course of action did the Commissioner recommend that companies take immediately after experiencing a breach?

AProceed under the assumption that the breach is a threat to personal safety.

BEnlist the aid of law enforcement to determine the cause of the breach.

CQuickly issue a notification to the data subjects affected by the breach.

DImmediately gather essential information in relation to the breach.

Show Suggested Answer

Suggested Answer: B

https://www.pcpd.org.hk/english/resources_centre/publications/files/ DataBreachHandling2015_e.pdf

by Ruthann at May 08, 2022, 06:33 PM

Limited Time Offer

25%

Off

Get Premium CIPP/A Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Franchesca

6 months ago

Surprised they didn't prioritize personal safety more!

upvoted 0 times

...

Marylyn

6 months ago

I thought they’d suggest involving law enforcement first.

upvoted 0 times

...

Lyndia

6 months ago

Totally agree, quick notifications are key!

upvoted 0 times

...

Staci

7 months ago

Wait, isn't that a bit too reactive?

upvoted 0 times

...

Anna

7 months ago

The Commissioner said to gather essential info right away!

upvoted 0 times

...

Kenia

7 months ago

I vaguely recall that law enforcement involvement was mentioned, but I can't remember if it was an immediate action or something that comes later. Was that option B?

upvoted 0 times

...

Hannah

7 months ago

I feel like we discussed the need to assess threats to safety first, which might point to option A, but I’m not completely confident.

upvoted 0 times

...

Aron

7 months ago

I remember something about notifying affected individuals quickly, but I’m not sure if that was the first step. Could it be option C?

upvoted 0 times

...

Jina

7 months ago

I think the Commissioner emphasized the importance of gathering information right away, so maybe it's option D?

upvoted 0 times

...

Tomas

7 months ago

This is a tough one, but I'm going to give it my best shot. I'll start by eliminating any options that I'm confident are incorrect, then try to reason through the remaining choices.

upvoted 0 times

...

Verda

7 months ago

This looks like a tricky one. I'm not sure if I should go with the internal audit reports or the risk assessments. Hmm, maybe I should think about the threat models too.

upvoted 0 times

...

Hermila

7 months ago

Ah, I think I've got it! Configuring an AS path prepend on the peer to ASN 4567 should do the trick and make that link the preferred path.

upvoted 0 times

...

Alesia

7 months ago

Okay, I've got this. The answer is 0750 - that gives the owner full access, the group read and list access, and no access for others.

upvoted 0 times

...

Talia

7 months ago

I'm a bit confused by this one. I know tracing analysis is used for performance, but I'm not certain if it's specifically for distributed applications. I'll have to guess on this one.

upvoted 0 times

...