CIPPUS Exam Prep Free practice test →

Free CIPPUS Practice Questions

10 free, exam-style Pass Your CIPP/US First Try (CIPPUS) practice questions with answers and explanations. No signup required. Work through them below, then take the full free CIPPUS practice test to study every exam domain.

Question 1

Under the FTC Act Section 5, what constitutes an 'unfair' practice in data collection?

  1. Practices causing substantial injury not outweighed by benefits
  2. Any data sharing without notice
  3. Collecting data without encryption
  4. Using data for marketing only
Show answer & explanation

Correct answer: A - Practices causing substantial injury not outweighed by benefits

Question 2

Scenario: A company misrepresents its data security in its privacy policy, leading to a breach. The FTC investigates. What is the primary basis for enforcement? The policy claimed 'bank-level security' but used weak measures.

  1. Deceptive acts or practices
  2. Unfair competition
  3. Breach of contract
  4. Strict liability
Show answer & explanation

Correct answer: A - Deceptive acts or practices

Question 3

What age threshold requires parental consent under COPPA for online data collection?

  1. Under 13
  2. Under 16
  3. Under 18
  4. Under 21
Show answer & explanation

Correct answer: A - Under 13

Question 4

Scenario: An app targeted at children collects geolocation data without verifiable parental consent. What law is violated? The app is for users aged 8-12 and shares data with advertisers.

  1. COPPA
  2. TCPA
  3. HIPAA
  4. FERPA
Show answer & explanation

Correct answer: A - COPPA

Question 5

Which of the following is NOT considered personal information under COPPA?

  1. Favorite color alone
  2. Name
  3. Email address
  4. Persistent identifier linked to device
Show answer & explanation

Correct answer: A - Favorite color alone

Question 6

What does the FTC consider a 'deceptive' practice in privacy notices?

  1. Misleading statements about data use
  2. Collecting anonymous data
  3. Sharing with affiliates only
  4. Using opt-out mechanisms
Show answer & explanation

Correct answer: A - Misleading statements about data use

Question 7

Scenario: A website for kids under 13 uses behavioral advertising without parental notice. What COPPA requirement is missing? The site tracks user activity across sessions.

  1. Direct notice to parents
  2. Data minimization
  3. Encryption standards
  4. Annual audits
Show answer & explanation

Correct answer: A - Direct notice to parents

Question 8

Under COPPA, what is required for verifiable parental consent?

  1. Methods like credit card verification or signed form
  2. Simple email confirmation
  3. User self-certification
  4. No consent if data is anonymized
Show answer & explanation

Correct answer: A - Methods like credit card verification or signed form

Question 9

What FTC action can result from repeated unfair privacy practices?

  1. Consent decrees with monitoring
  2. Immediate shutdown
  3. Criminal charges
  4. State AG referral only
Show answer & explanation

Correct answer: A - Consent decrees with monitoring

Question 10

Scenario: An online service collects voice recordings from children without consent. Is this COPPA-compliant? The service is a game app for ages 10-12.

  1. No, voice is personal information
  2. Yes, if de-identified
  3. Yes, for internal use
  4. No, but only if shared
Show answer & explanation

Correct answer: A - No, voice is personal information

Ready for the real thing?

Practice hundreds more CIPPUS questions with instant scoring, weak-area drills, and full exam simulations.

Start the free practice test See pricing