Question 1

Which of the following statements is FALSE about Data Loss Prevention Programs?

Options :

A :

DLP programs include the policy, tool configuration requirements, and processes for the identification, blocking or monitoring of data

B : DLP programs define the consequences for non-compliance to policies

C : DLP programs define the required policies based on default tool configuration

D : DLP programs include acknowledgement the company can apply controls to remove any data

Answer: C

Question 2

Which of the following factors is LEAST likely to trigger notification obligations in incident response?

Options :

A : Regulatory requirements

B : Data classification or sensitivity

C : Encryption of data

D : Contractual terms

Answer: C

Question 3

Which statement is TRUE regarding the use of questionnaires in third party risk assessments?

Options :

A : The total number of questions included in the questionnaire assigns the risk tier

B : Questionnaires are optional since reliance on contract terms is a sufficient control

C :

Assessment questionnaires should be configured based on the risk rating and type of service being evaluated

D : All topic areas included in the questionnaire require validation during the assessment

Answer: C

Question 4

Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:

Options :

A : Personally identifiable financial information includes only consumer report information

B : Public personal information includes only web or online identifiers

C :

Personally identifiable information and personal data are similar in context, but may have different legal definitions based upon jurisdiction

D :

Personally Identifiable Information and Protected Healthcare Information require the exact same data protection safequards

Answer: C

Question 5

Which factor is MOST important when scoping assessments of cloud-based third parties that access, process, and retain personal data?

Options :

A :

The geographic location of the vendor-s outsourced datacenters since assessments are only required for international data transfers

B :

The identification of the type of cloud hosting deployment or service model in order to confirm responsibilities between the third party and the cloud hosting provider

C :

The definition of requirements for backup capabilities for power generation and redundancy in the resilience plan

D :

The contract terms for the configuration of the environment which may prevent conducting the assessment

Answer: B

Higher Test Marks with Free Online CTPRP Exam Practice

Buying Options: