New Year Special 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: save70

PDF CTPRP Study Guide

Page: 4 / 9
Total 125 questions

Certified Third-Party Risk Professional (CTPRP) Questions and Answers

Question 13

You are updating program requirements due to shift in use of technologies by vendors to enable hybrid work. Which statement is LEAST likely to represent components of an Asset

Management Program?

Options:

A.

Asset inventories should include connections to external parties, networks, or systems that process data

B.

Each asset should include an organizational owner who is responsible for the asset throughout its life cycle

C.

Assets should be classified based on criticality or data sensitivity

D.

Asset inventories should track the flow or distribution of items used to fulfill products and Services across production lines

Question 14

Which of the following BEST describes the distinction between a regulation and a standard?

Options:

A.

A regulation must be adhered to by all companies subject to its requirements, but companies “can voluntarily choose to follow standards.

B.

There is no distinction, regulations and standards are the same and have equal impact

C.

Standards are always a subset of a regulation

D.

A standard must be adhered to by companies based on the industry they are in, while regulations are voluntary.

Question 15

Which statement BEST describes the methods of performing due diligence during third party risk assessments?

Options:

A.

Inspecting physical and environmental security controls by conducting a facility tour

B.

Reviewing status of findings from the questionnaire and defining remediation plans

C.

interviewing subject matter experts or control owners, reviewing compliance artifacts, and validating controls

D.

Reviewing and assessing only the obligations that are specifically defined in the contract

Question 16

Which statement is TRUE regarding the use of questionnaires in third party risk assessments?

Options:

A.

The total number of questions included in the questionnaire assigns the risk tier

B.

Questionnaires are optional since reliance on contract terms is a sufficient control

C.

Assessment questionnaires should be configured based on the risk rating and type of service being evaluated

D.

All topic areas included in the questionnaire require validation during the assessment

Page: 4 / 9
Total 125 questions