New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

CTPRP Exam Questions Tutorials

Page: 9 / 9
Total 125 questions

Certified Third-Party Risk Professional (CTPRP) Questions and Answers

Question 33

Which statement is TRUE regarding the onboarding process far new hires?

Options:

A.

New employees and contractors should not be on-boarded until the results of applicant screening are approved

B.

it is not necessary to have employees, contractors, and third party users sign confidentiality or non-disclosure agreements

C.

All job roles should require employees to sign non-compete agreements

D.

New employees and contactors can opt-out of having to attend security and privacy awareness training if they hold existing certifications

Question 34

Which set of procedures is typically NOT addressed within data privacy policies?

Options:

A.

Procedures to limit access and disclosure of personal information to third parties

B.

Procedures for handling data access requests from individuals

C.

Procedures for configuration settings in identity access management

D.

Procedures for incident reporting and notification

Question 35

Which of the following actions reflects the first step in developing an emergency response plan?

Options:

A.

Conduct an assessment that includes an inventory of the types of events that have the greatest potential to trigger an emergency response plan

B.

Consider work-from-home parameters in the emergency response plan

C.

incorporate periodic crisis management team tabletop exercises to test different scenarios

D.

Use the results of continuous monitoring tools to develop the emergency response plan

Question 36

Which statement BEST reflects the factors that help you determine the frequency of cyclical assessments?

Options:

A.

Vendor assessments should be conducted during onboarding and then be replaced by continuous monitoring

B.

Vendor assessment frequency should be based on the level of risk and criticality of the vendor to your operations as determined by their vendor risk score

C.

Vendor assessments should be scheduled based on the type of services/products provided

D.

Vendor assessment frequency may need to be changed if the vendor has disclosed a data breach

Page: 9 / 9
Total 125 questions