Question 1

The BEST time in the SDLC process for an application service provider to perform Threat Modeling analysis is:

Options :

A : Before the application design and development activities begin

B : After the application vulnerability or penetration test is completed

C : After testing and before the deployment of the final code into production

D : Prior to the execution of a contract with each client

Answer: A

Question 2

Which requirement is the MOST important for managing risk when the vendor contract terminates?

Options :

A : The responsibility to perform a financial review of outstanding invoices

B : The commitment to perform a final assessment based upon due diligence standards

C : The requirement to ensure secure data destruction and asset return

D : The obligation to define contract terms for transition services

Answer: C

Question 3

Which of the following BEST describes the distinction between a regulation and a standard?

Options :

A : A regulation must be adhered to by all companies subject to its requirements, but companies “can voluntarily choose to follow standards.

B : There is no distinction, regulations and standards are the same and have equal impact

C : Standards are always a subset of a regulation

D : A standard must be adhered to by companies based on the industry they are in, while regulations are voluntary.

Answer: A

Question 4

Information classification of personal information may trigger specific regulatory obligations. Which statement is the BEST response from a privacy perspective:

Options :

A : Personally identifiable financial information includes only consumer report information

B : Public personal information includes only web or online identifiers

C : Personally identifiable information and personal data are similar in context, but may have different legal definitions based upon jurisdiction

D : Personally Identifiable Information and Protected Healthcare Information require the exact same data protection safequards

Answer: C

Question 5

Which of the following factors is LEAST likely to trigger notification obligations in incident response?

Options :

A : Regulatory requirements

B : Data classification or sensitivity

C : Encryption of data

D : Contractual terms

Answer: C

Free CTPRP Mock Exam – Practice Online Confidently

Buying Options: