Which statement provides the BEST description of inherent risk?
A. inherent risk is the amount of risk an organization can incur when there is an absence of controls
B. Inherent risk is the level of risk triggered by outsourcing & product or service
C. Inherent risk is the amount of risk an organization can accept based on their risk tolerance
D. Inherent risk is the level of risk that exists with all of the necessary controls in place
Which of the following would be a component of an arganization’s Ethics and Code of Conduct Program?
A. Participation in the company's annual privacy awareness program
B. A disciplinary process for non-compliance with key policies, including formal termination or change of status process based on non-compliance
C. Signing acknowledgement of Acceptable Use policy for use of company assets
D. A process to conduct periodic access reviews of critical Human Resource files
The primary disadvantage of Single Sign-On (SSO) access control is:
A. The impact of a compromise of the end-user credential that provides access to multiple systems is greater
B. A single password is easier to guess and be exploited
C. Users store multiple passwords in a single repository limiting the ability to change the password
D. Vendors must develop multiple methods to integrate system access adding cost and complexity
Which factor in patch management is MOST important when conducting postcybersecurity incident analysis related to systems and applications?
A. Configuration
B. Log retention
C. Approvals
D. Testing
Which of the following data types would be classified as low risk data?
A. Sanitized customer data used for aggregated profiling
B. Non personally identifiable, but sensitive to an organizations significant process
C. Government-issued number, credit card number or bank account information
D. Personally identifiable data but stored in a test environment cloud container
Which of the following BEST describes the distinction between a regulation and a standard?
A. A regulation must be adhered to by all companies subject to its requirements, but companies “can voluntarily choose to follow standards.
B. There is no distinction, regulations and standards are the same and have equal impact
C. Standards are always a subset of a regulation
D. A standard must be adhered to by companies based on the industry they are in, while regulations are voluntary.
Which of the following methods of validating pre-employment screening attributes is appropriate due to limitations of international or state regulation?
A. Reviewing evidence of web search of social media sites
B. Providing and sampling complete personnel files to demonstrate unique screening results
C. Requiring evidence of drug testing
D. Requesting evidence of the performance of pre-employment screening when permitted by law
Which set of procedures is typically NOT addressed within data privacy policies?
A. Procedures to limit access and disclosure of personal information to third parties
B. Procedures for handling data access requests from individuals
C. Procedures for configuration settings in identity access management
D. Procedures for incident reporting and notification
Select the risk type that is defined as: “A third party may not be able to meet its obligations due to inadequate systems or processes”.
A. Reliability risk
B. Performance risk
C. Competency risk
D. Availability risk
Which type of contract termination is MOST likely to occur after failure to remediate assessment findings?
A. Regulatory/supervisory termination
B. Termination for convenience
C. Normal termination
D. Termination for cause
The BEST way to manage Fourth-Nth Party risk is:
A. Include a provision in the vender contract requiring the vendor to provide notice and obtain written consent before outsourcing any service
B. Include a provision in the contract prohibiting the vendor from outsourcing any service which includes access to confidential data or systems
C. Incorporate notification and approval contract provisions for subcontracting that require evidence of due diligence as defined by a TPRM program
D. Require the vendor to maintain a cyber-insurance policy for any service that is outsourced which includes access to confidential data or systems
Which of the following factors is MOST important when assessing the risk of shadow IT in organizational security?
A. The organization maintains adequate policies and procedures that communicate required controls for security functions
B. The organization requires security training and certification for security personnel
C. The organization defines staffing levels to address impact of any turnover in security roles
D. The organization's resources and investment are sufficient to meet security requirements
| Page 2 out of 11 Pages |
| 1234 |
| CTPRP Practice Test Home |
Real-World Scenario Mastery: Our CTPRP practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before Certified Third-Party Risk Professional (CTPRP) exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CTPRP practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved