New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Changed CTPRP Exam Questions

Page: 8 / 9
Total 125 questions

Certified Third-Party Risk Professional (CTPRP) Questions and Answers

Question 29

Which policy requirement is typically NOT defined in an Asset Management program?

Options:

A.

The Policy states requirements for the reuse of physical media (e.9., devices, servers, disk drives, etc.)

B.

The Policy requires that employees and contractors return all company data and assets upon termination of their employment, contract or agreement

C.

The Policy defines requirements for the inventory, identification, and disposal of equipment “and/or physical media

D.

The Policy requires visitors (including other tenants and maintenance personnel) to sign-in and sign-out of the facility, and to be escorted at all times

Question 30

When evaluating compliance artifacts for change management, a robust process should include the following attributes:

Options:

A.

Approval, validation, auditable.

B.

Logging, approvals, validation, back-out and exception procedures

C.

Logging, approval, back-out.

D.

Communications, approval, auditable.

Question 31

For services with system-to-system access, which change management requirement

MOST effectively reduces the risk of business disruption to the outsourcer?

Options:

A.

Approval of the change by the information security department

B.

Documenting sufficient time for quality assurance testing

C.

Communicating the change to customers prior ta deployment to enable external acceptance testing

D.

Documenting and legging change approvals

Question 32

Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:

Options:

A.

Personally identifiable financial information includes only consumer report information

B.

Public personal information includes only web or online identifiers

C.

Personally identifiable information and personal data are similar in context, but may have different legal definitions based upon jurisdiction

D.

Personally Identifiable Information and Protected Healthcare Information require the exact same data protection safequards

Page: 8 / 9
Total 125 questions