최신 CTPRP 무료덤프 - Shared Assessments Certified Third-Party Risk Professional (CTPRP)

A. Providing and sampling complete personnel files to demonstrate unique screening results

B. Requiring evidence of drug testing

C. Reviewing evidence of web search of social media sites

D. Requesting evidence of the performance of pre-employment screening when permitted by law

A. Status updates on localized events based on geolocation

B. Reports that identify changes in vendor financial viability

C. Alerts on legal and regulatory actions involving the vendor

D. Metrics that track SLAs for performance management

A. Hybrid Cloud

B. Public Cloud

C. Community Cloud

D. Private Cloud

A. Assets should be classified based on criticality or data sensitivity

B. Each asset should include an organizational owner who is responsible for the asset throughout its life cycle

C. Asset inventories should track the flow or distribution of items used to fulfill products and Services across production lines

D. Asset inventories should include connections to external parties, networks, or systems that process data

A. Change in vendor location or use of new fourth parties

B. Change at outsourcer due to M&A

C. Change in scope of existing work (e.g., new data or system access)

D. Change in regulation that impacts service provider requirements

A. The capability of the vendor to apply priority patching of high-risk systems

B. Established procedures for testing of patches, service packs, and hot fixes prior to installation

C. A documented process to gain approvals for use of open source applications

D. The existence of a formal process for evaluation and prioritization of known vulnerabilities

A. The importance to the outsourcer's recovery objectives may trigger a higher risk tier

B. The geographic area where the vendor is located may trigger specific regulatory obligations

C. The type and volume of personal data processed may trigger a higher risk rating based on the criticality of the systems

D. Network connectivity or remote access may trigger a higher vendor risk classification only for third parties that process personal information

A. The assessor decided that the critical gaps should be discussed in the closing meeting so that the vendor can begin to implement corrective actions immediately

B. The assessor determined that all gaps should be logged and communicated that if the gaps were corrected immediately they would not need to be included in the findings report

C. The assessor determined that gaps should be analyzed, documented, reviewed for compensating controls, and submitted to the business owner to approve risk treatment plan

D. The assessor concluded that all gaps should be logged and treated as high severity findings since the assessment was performed on a critical vendor

A. Initiating an investigation of the unauthorized disclosure of data

B. Requiring periodic changes to the vendor's contract for breach notification

C. Assessing the vendor's Business Impact Analysis (BIA) for resuming operations

D. Implementing processes for emergency change control approvals

A. Change in network

B. Update to application

C. Change in systems

D. Change to administrator access