CTPRP Exam Questions And 100% Correct Answers
|Graded A+ (2026/2027)
Privacy Management Framework should: - Answer --maintain personal data inventory
-maintain data privacy policy & notices
-maintain training and awareness program
-manage info security risk
-manage third party risk
-maintain procedures for inquiries and complaints
-maintain data privacy breach mgmt program
-monitor data handling practices
background and employment verification - Answer --education
-identity verification (SSN)
-certification and license verification
-social media sites
-optional based on industry (OFAC, drug testing, credit check, finger printing)
out of wallet authentication - Answer --information about a user not readily available in
financial data bases
-negatively impacted by growth in social media
1|Page
,multi-factor authentication - Answer --requires that additional (multiple) credentials be
provided
-often requires something the user knows and something they possess as credentials
end user device - Answer -any electronic device that accesses your data
mobile data protection - Answer --data encryption
-backup/restore
-data tracking
Server security evaluation should include: - Answer --system types (windows, unix, virtual, etc.)
-system operations
-system hardening
-security operations
Network security - Answer -includes all equipment and/or software used in the movement of
data inside and outside of the corporate environment
Network security review should include: - Answer --network device hardening standards
-approval process when connecting new devices or firewall rule changes
-outbound scans for malware, malicious/blacklisted sites, data policy violations
2|Page
, data communication and transfer types - Answer --FTP
-SFTP
-Secure connect
connectivity types - Answer --point to point connection
-multipoint connection
-wireless
-remote terminal technology (RDP, Citrix, etc.)
third party risk management - Answer -process for identifying and managing the risks created
when hiring a third party to provide goods and/or services
first line of defense - Answer -lines of business who utilize the outsourced services and has
ownership of the risks the busienss unit will accept
second line of defense - Answer -groups within the company who provide risk oversight (risk
management, compliance, legal, etc.)
third line of defense - Answer -independent assurance providers - internal/external audit
3|Page
|Graded A+ (2026/2027)
Privacy Management Framework should: - Answer --maintain personal data inventory
-maintain data privacy policy & notices
-maintain training and awareness program
-manage info security risk
-manage third party risk
-maintain procedures for inquiries and complaints
-maintain data privacy breach mgmt program
-monitor data handling practices
background and employment verification - Answer --education
-identity verification (SSN)
-certification and license verification
-social media sites
-optional based on industry (OFAC, drug testing, credit check, finger printing)
out of wallet authentication - Answer --information about a user not readily available in
financial data bases
-negatively impacted by growth in social media
1|Page
,multi-factor authentication - Answer --requires that additional (multiple) credentials be
provided
-often requires something the user knows and something they possess as credentials
end user device - Answer -any electronic device that accesses your data
mobile data protection - Answer --data encryption
-backup/restore
-data tracking
Server security evaluation should include: - Answer --system types (windows, unix, virtual, etc.)
-system operations
-system hardening
-security operations
Network security - Answer -includes all equipment and/or software used in the movement of
data inside and outside of the corporate environment
Network security review should include: - Answer --network device hardening standards
-approval process when connecting new devices or firewall rule changes
-outbound scans for malware, malicious/blacklisted sites, data policy violations
2|Page
, data communication and transfer types - Answer --FTP
-SFTP
-Secure connect
connectivity types - Answer --point to point connection
-multipoint connection
-wireless
-remote terminal technology (RDP, Citrix, etc.)
third party risk management - Answer -process for identifying and managing the risks created
when hiring a third party to provide goods and/or services
first line of defense - Answer -lines of business who utilize the outsourced services and has
ownership of the risks the busienss unit will accept
second line of defense - Answer -groups within the company who provide risk oversight (risk
management, compliance, legal, etc.)
third line of defense - Answer -independent assurance providers - internal/external audit
3|Page
