Question 1

Which factor is MOST important when scoping assessments of cloud-based third parties that access, process, and retain personal data?

Options :

A :

The geographic location of the vendor-s outsourced datacenters since assessments are only required for international data transfers

B :

The identification of the type of cloud hosting deployment or service model in order to confirm responsibilities between the third party and the cloud hosting provider

C :

The definition of requirements for backup capabilities for power generation and redundancy in the resilience plan

D :

The contract terms for the configuration of the environment which may prevent conducting the assessment

Answer: B

Question 2

Which of the following factors is LEAST likely to trigger notification obligations in incident response?

Options :

A : Regulatory requirements

B : Data classification or sensitivity

C : Encryption of data

D : Contractual terms

Answer: C

Question 3

Which type of contract provision is MOST important in managing Fourth-Nth party risk after contract signing and on-boarding due diligence is complete?

Options :

A : Subcontractor notice and approval

B : Indemnification and liability

C : Breach notification

D : Right to audit

Answer: A

Question 4

Which statement BEST reflects the factors that help you determine the frequency of cyclical assessments?

Options :

A :

Vendor assessments should be conducted during onboarding and then be replaced by continuous monitoring

B :

Vendor assessment frequency should be based on the level of risk and criticality of the vendor to your operations as determined by their vendor risk score

C : Vendor assessments should be scheduled based on the type of services/products provided

D : Vendor assessment frequency may need to be changed if the vendor has disclosed a data breach

Answer: B

Question 5

Which statement is TRUE regarding artifacts reviewed when assessing the Cardholder Data Environment (CDE) in payment card processing?

Options :

A : The Data Security Standards (DSS) framework should be used to scope the assessment

B :

The Report on Compliance (ROC) provides the assessment results completed by a qualified security assessor that includes an onsite audit

C : The Self-Assessment Questionnaire (SAQ) provides independent testing of controls

D : A System and Organization Controls (SOC) report is sufficient if the report addresses the same location

Answer: B

Higher Test Marks with Free Online CTPRP Exam Practice

Buying Options: