New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

Exactprep CTPRP Questions

Page: 6 / 9
Total 125 questions

Certified Third-Party Risk Professional (CTPRP) Questions and Answers

Question 21

Physical access procedures and activity logs should require all of the following EXCEPT:

Options:

A.

Require multiple access controls for server rooms and data centers

B.

Require physical access logs to be retained indefinitely for audit purposes

C.

Record successful and unsuccessful attempts including investigation of unsuccessful access attempts

D.

Include a process to trigger review of the logs after security events

Question 22

When defining due diligence requirements for the set of vendors that host web applications which of the following is typically NOT part of evaluating the vendor's patch

management controls?

Options:

A.

The capability of the vendor to apply priority patching of high-risk systems

B.

Established procedures for testing of patches, service packs, and hot fixes prior to installation

C.

A documented process to gain approvals for use of open source applications

D.

The existence of a formal process for evaluation and prioritization of known vulnerabilities

Question 23

Which type of contract termination is MOST likely to occur after failure to remediate assessment findings?

Options:

A.

Regulatory/supervisory termination

B.

Termination for convenience

C.

Normal termination

D.

Termination for cause

Question 24

Which statement BEST represents the primary objective of a third party risk assessment:

Options:

A.

To assess the appropriateness of non-disclosure agreements regarding the organization's systems/data

B.

To validate that the vendor/service provider has adequate controls in place based on the organization's risk posture

C.

To determine the scope of the business relationship

D.

To evaluate the risk posture of all vendors/service providers in the vendor inventory

Page: 6 / 9
Total 125 questions