Question 1

The BEST time in the SDLC process for an application service provider to perform Threat Modeling analysis is:

Options :

A : Before the application design and development activities begin

B : After the application vulnerability or penetration test is completed

C : After testing and before the deployment of the final code into production

D : Prior to the execution of a contract with each client

Answer: A

Question 2

Which statement is TRUE regarding artifacts reviewed when assessing the Cardholder Data Environment (CDE) in payment card processing?

Options :

A : The Data Security Standards (DSS) framework should be used to scope the assessment

B :

The Report on Compliance (ROC) provides the assessment results completed by a qualified security assessor that includes an onsite audit

C : The Self-Assessment Questionnaire (SAQ) provides independent testing of controls

D : A System and Organization Controls (SOC) report is sufficient if the report addresses the same location

Answer: B

Question 3

Which factor is MOST important when scoping assessments of cloud-based third parties that access, process, and retain personal data?

Options :

A :

The geographic location of the vendor-s outsourced datacenters since assessments are only required for international data transfers

B :

The identification of the type of cloud hosting deployment or service model in order to confirm responsibilities between the third party and the cloud hosting provider

C :

The definition of requirements for backup capabilities for power generation and redundancy in the resilience plan

D :

The contract terms for the configuration of the environment which may prevent conducting the assessment

Answer: B

Question 4

Which of the following factors is LEAST likely to trigger notification obligations in incident response?

Options :

A : Regulatory requirements

B : Data classification or sensitivity

C : Encryption of data

D : Contractual terms

Answer: C

Question 5

Which of the following BEST describes the distinction between a regulation and a standard?

Options :

A :

A regulation must be adhered to by all companies subject to its requirements, but companies “can voluntarily choose to follow standards.

B : There is no distinction, regulations and standards are the same and have equal impact

C : Standards are always a subset of a regulation

D :

A standard must be adhered to by companies based on the industry they are in, while regulations are voluntary.

Answer: A

Smartly Prepare Exam with Free Online CTPRP Practice Test

Buying Options: