Free Online Shared Assessments CTPRP Practice Test

Prepare Your Shared Assessments CTPRP Exam Questions with Free online CTPRP Practice Test. Get Brilliant Certified Third-Party Risk Professional (CTPRP) Exam Results with Valid CTPRP Exam Dumps.

Page: 1 / 26

Total 126 Questions | Updated On: May 16, 2024

Add To Cart

Question 1

Which statement is TRUE regarding the use of questionnaires in third party risk assessments?

A : The total number of questions included in the questionnaire assigns the risk tier

B : Questionnaires are optional since reliance on contract terms is a sufficient control

C : Assessment questionnaires should be configured based on the risk rating and type of service being evaluated

D : All topic areas included in the questionnaire require validation during the assessment

Answer: C

Question 2

Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:

A : Personally identifiable financial information includes only consumer report information

B : Public personal information includes only web or online identifiers

C : Personally identifiable information and personal data are similar in context, but may have different legal definitions based upon jurisdiction

D : Personally Identifiable Information and Protected Healthcare Information require the exact same data protection safequards

Answer: C

Question 3

Which statement is FALSE regarding the primary factors in determining vendor risk classification?

A : The geographic area where the vendor is located may trigger specific regulatory obligations

B : The importance to the outsourcer's recovery objectives may trigger a higher risk tier

C : The type and volume of personal data processed may trigger a higher risk rating based on the criticality of the systems

D : Network connectivity or remote access may trigger a higher vendor risk classification only for third parties that process personal information

Answer: D

Question 4

Which statement is TRUE regarding artifacts reviewed when assessing the Cardholder Data Environment (CDE) in payment card processing?

A : The Data Security Standards (DSS) framework should be used to scope the assessment

B : The Report on Compliance (ROC) provides the assessment results completed by a qualified security assessor that includes an onsite audit

C : The Self-Assessment Questionnaire (SAQ) provides independent testing of controls

D : A System and Organization Controls (SOC) report is sufficient if the report addresses the same location

Answer: B

Question 5

Which of the following statements is FALSE about Data Loss Prevention Programs?

A : DLP programs include the policy, tool configuration requirements, and processes for the identification, blocking or monitoring of data

B : DLP programs define the consequences for non-compliance to policies

C : DLP programs define the required policies based on default tool configuration

D : DLP programs include acknowledgement the company can apply controls to remove any data

Answer: C

Page: 1 / 26

Total 126 Questions | Updated On: May 16, 2024

Add To Cart