CTPRP EXAM PAPER 2026 FULL QUESTIONS
AND SOLUTIONS 100% CORRECT
◉ True - e.g., HIPAA and OFAC. Answer: T/F - It is possible to be
subject to regulations from different industry sectors
◉ False - in many instances state requirements may be more
stringent than federal. Answer: T/F - Federal regulations always
supersede state regulations
◉ Audits should ensure compliance with:. Answer: Corporate, Legal,
Regulatory, Industry requirements
◉ Risk Assessment and Treatment. Answer: Describes the vendor's
risk assessment program, and its maturity and operating
effectiveness.
◉ True. Answer: T/F - A risk assessment program should be
approved by management and communicated to all appropriate
constituents
◉ Different names for data. Answer: Protected Health Information,
Electronic Health Records, Personally Identifiable Financial
,Information, Cardholder Data, Personal Data, Personal Information,
Consumer Financial Information
◉ Personally Identifiable Information (PII). Answer: any
information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an
individual's identity, such as name, or biometric records and (2) any
other information that is linked or linkable to an individual, such as
medical, educational, financial and employment information
◉ Basic PII. Answer: physical - last name, first name, phone #'s,
street address
◉ Sensitive PII. Answer: PII used in conjunction with basic PII (i.e.,
SS card, Driver's License, DOB)
◉ Card Holder Data(CHD)/Payment Card Industry(PCI) data.
Answer: credit or debit card info that includes the Primary Account
Number (PAN), which is the payment card number (credit or debit)
that identifies the issuer and the particular cardholder account
◉ IaaS (Infrastructure as a Service). Answer: Organization
outsources the equipment used to support operations, including
storage, hardware, servers and networking components.
, ◉ PaaS (Platform as a Service). Answer: Hardware and software
infrastructure for the development of business applications. Most
commonly used by application developers.
◉ SaaS (Software as a Service). Answer: Business application
delivered over the Internet in which users interact iwth the
application through a web browser.
◉ private cloud. Answer: infrastructure is managed and operated
exclusively for one company in order to keep a consistent level of
security privacy, and governance control.
◉ hybrid cloud. Answer: combination of public and private cloud
computing environments shared between them
◉ community cloud. Answer: collaborative effort in which
infrastructure is shared between several organizations from a
specific community with common concerns
◉ public cloud. Answer: owned by a cloud vendor and is accessible
to the general public or a large industry group
◉ components of a cloud vendor assessment program. Answer: -
review of audit form attestation reports
- security services documentation
AND SOLUTIONS 100% CORRECT
◉ True - e.g., HIPAA and OFAC. Answer: T/F - It is possible to be
subject to regulations from different industry sectors
◉ False - in many instances state requirements may be more
stringent than federal. Answer: T/F - Federal regulations always
supersede state regulations
◉ Audits should ensure compliance with:. Answer: Corporate, Legal,
Regulatory, Industry requirements
◉ Risk Assessment and Treatment. Answer: Describes the vendor's
risk assessment program, and its maturity and operating
effectiveness.
◉ True. Answer: T/F - A risk assessment program should be
approved by management and communicated to all appropriate
constituents
◉ Different names for data. Answer: Protected Health Information,
Electronic Health Records, Personally Identifiable Financial
,Information, Cardholder Data, Personal Data, Personal Information,
Consumer Financial Information
◉ Personally Identifiable Information (PII). Answer: any
information about an individual maintained by an agency, including
(1) any information that can be used to distinguish or trace an
individual's identity, such as name, or biometric records and (2) any
other information that is linked or linkable to an individual, such as
medical, educational, financial and employment information
◉ Basic PII. Answer: physical - last name, first name, phone #'s,
street address
◉ Sensitive PII. Answer: PII used in conjunction with basic PII (i.e.,
SS card, Driver's License, DOB)
◉ Card Holder Data(CHD)/Payment Card Industry(PCI) data.
Answer: credit or debit card info that includes the Primary Account
Number (PAN), which is the payment card number (credit or debit)
that identifies the issuer and the particular cardholder account
◉ IaaS (Infrastructure as a Service). Answer: Organization
outsources the equipment used to support operations, including
storage, hardware, servers and networking components.
, ◉ PaaS (Platform as a Service). Answer: Hardware and software
infrastructure for the development of business applications. Most
commonly used by application developers.
◉ SaaS (Software as a Service). Answer: Business application
delivered over the Internet in which users interact iwth the
application through a web browser.
◉ private cloud. Answer: infrastructure is managed and operated
exclusively for one company in order to keep a consistent level of
security privacy, and governance control.
◉ hybrid cloud. Answer: combination of public and private cloud
computing environments shared between them
◉ community cloud. Answer: collaborative effort in which
infrastructure is shared between several organizations from a
specific community with common concerns
◉ public cloud. Answer: owned by a cloud vendor and is accessible
to the general public or a large industry group
◉ components of a cloud vendor assessment program. Answer: -
review of audit form attestation reports
- security services documentation
