Question 1

Which requirement is the MOST important for managing risk when the vendor contract terminates?

Options :

A : The responsibility to perform a financial review of outstanding invoices

B : The commitment to perform a final assessment based upon due diligence standards

C : The requirement to ensure secure data destruction and asset return

D : The obligation to define contract terms for transition services

Answer: C

Question 2

Which statement is TRUE regarding artifacts reviewed when assessing the Cardholder Data Environment (CDE) in payment card processing?

Options :

A : The Data Security Standards (DSS) framework should be used to scope the assessment

B :

The Report on Compliance (ROC) provides the assessment results completed by a qualified security assessor that includes an onsite audit

C : The Self-Assessment Questionnaire (SAQ) provides independent testing of controls

D : A System and Organization Controls (SOC) report is sufficient if the report addresses the same location

Answer: B

Question 3

Which factor is MOST important when scoping assessments of cloud-based third parties that access, process, and retain personal data?

Options :

A :

The geographic location of the vendor-s outsourced datacenters since assessments are only required for international data transfers

B :

The identification of the type of cloud hosting deployment or service model in order to confirm responsibilities between the third party and the cloud hosting provider

C :

The definition of requirements for backup capabilities for power generation and redundancy in the resilience plan

D :

The contract terms for the configuration of the environment which may prevent conducting the assessment

Answer: B

Question 4

Which of the following statements is FALSE about Data Loss Prevention Programs?

Options :

A :

DLP programs include the policy, tool configuration requirements, and processes for the identification, blocking or monitoring of data

B : DLP programs define the consequences for non-compliance to policies

C : DLP programs define the required policies based on default tool configuration

D : DLP programs include acknowledgement the company can apply controls to remove any data

Answer: C

Question 5

Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:

Options :

A : Personally identifiable financial information includes only consumer report information

B : Public personal information includes only web or online identifiers

C :

Personally identifiable information and personal data are similar in context, but may have different legal definitions based upon jurisdiction

D :

Personally Identifiable Information and Protected Healthcare Information require the exact same data protection safequards

Answer: C

Higher Test Marks with Free Online CTPRP Exam Practice

Buying Options: