- Home
- Shared Assessments
- Certified Third-Party Risk Professional (CTPRP)
- SharedAssessments.CTPRP.v2024-06-07.q56
- Question 8
Valid CTPRP Dumps shared by ExamDiscuss.com for Helping Passing CTPRP Exam! ExamDiscuss.com now offer the newest CTPRP exam dumps, the ExamDiscuss.com CTPRP exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CTPRP dumps with Test Engine here:
Access CTPRP Dumps Premium Version
(375 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 8/56
Your company has been alerted that an IT vendor began utilizing a subcontractor located in a country restricted by company policy. What is the BEST approach to handle this situation?
Correct Answer: D
This answer is the best approach because it aligns with the principles of third-party risk management, which include ensuring compliance with company policies, contractual obligations, and regulatory requirements. By asking the vendor to replace the subcontractor, the company is exercising its right to terminate or modify the relationship if the vendor fails to meet the agreed-upon standards or poses unacceptable risks. This also minimizes the potential impact of the vendor's non-compliance on the company's reputation, operations, and data security. The other options are less effective because they either ignore the issue, compromise the company's policy, or rely on the vendor's self-assessment without verification. References:
* Third Party Risk Management Framework, Module 3: Program Governance, Section 3.2: Policies and Procedures, p. 14
* Third Party Risk Management Framework, Module 4: Program Components, Section 4.3: Contracting, p. 24
* Third Party Risk Management Framework, Module 5: Program Implementation, Section 5.2: Ongoing Monitoring, p. 32
* Best-Practices Guidance for Third-Party Risk, Section: Defend Against Privileged User Risks, p. 2
* Five Best Practices to Manage and Control Third-Party Risk, Section: Best Practices for Controlling Third-Party Vendor Risks, p. 3
* Third Party Risk Management Framework, Module 3: Program Governance, Section 3.2: Policies and Procedures, p. 14
* Third Party Risk Management Framework, Module 4: Program Components, Section 4.3: Contracting, p. 24
* Third Party Risk Management Framework, Module 5: Program Implementation, Section 5.2: Ongoing Monitoring, p. 32
* Best-Practices Guidance for Third-Party Risk, Section: Defend Against Privileged User Risks, p. 2
* Five Best Practices to Manage and Control Third-Party Risk, Section: Best Practices for Controlling Third-Party Vendor Risks, p. 3
- Question List (56q)
- Question 1: When evaluating remote access risk, which of the following i...
- Question 2: An organization has experienced an unrecoverable data loss e...
- Question 3: Which factor in patch management is MOST important when cond...
- Question 4: The BEST way to manage Fourth-Nth Party risk is:...
- Question 5: The set of shared values and beliefs that govern a company's...
- Question 6: Which of the following topics is LEAST important when evalua...
- Question 7: When measuring the operational performance of implementing a...
- Question 8: Your company has been alerted that an IT vendor began utiliz...
- Question 9: Data loss prevention in endpoint security is the strategy fo...
- Question 10: Which of the following statements is TRUE regarding the acco...
- Question 11: You are updating the inventory of regulations that impact yo...
- Question 12: Upon completion of a third party assessment, a meeting shoul...
- Question 13: Which activity BEST describes conducting due diligence of a ...
- Question 14: Which of the following indicators is LEAST likely to trigger...
- Question 15: Which approach for managing end-user device security is typi...
- Question 16: Which of the following would be a component of an arganizati...
- Question 17: Which cloud deployment model is primarily focused on the app...
- Question 18: Which of the following factors is LEAST likely to trigger no...
- Question 19: Which set of procedures is typically NOT addressed within da...
- Question 20: Which risk treatment approach typically requires a negotiati...
- Question 21: Which requirement is NOT included in IT asset end-of-life (E...
- Question 22: If a system requires ALL of the following for accessing its ...
- Question 23: An outsourcer's vendor risk assessment process includes all ...
- Question 24: Which factor is MOST important when scoping assessments of c...
- Question 25: Which policy requirement is typically NOT defined in an Asse...
- Question 26: Which of the following BEST describes the distinction betwee...
- Question 27: Which of the following components is NOT typically included ...
- Question 28: Which statement is TRUE regarding the use of questionnaires ...
- Question 29: Which factor is the LEAST important attribute when classifyi...
- Question 30: All of the following processes are components of controls ev...
- Question 31: You are updating program requirements due to shift in use of...
- Question 32: Which factor is less important when reviewing application ri...
- Question 33: Which statement reflects a requirement that is NOT typically...
- Question 34: You receive a call from a vendor that two laptops and a tabl...
- Question 35: Select the risk type that is defined as: "A third party may ...
- Question 36: When conducting an assessment of a third party's physical se...
- Question 37: For services with system-to-system access, which change mana...
- Question 38: The following statements reflect user obligations defined in...
- Question 39: A set of principles for software development that address th...
- Question 40: Which statement is NOT an example of the purpose of internal...
- Question 41: Which of the following changes to the production environment...
- Question 42: Which of the following data safeguarding techniques provides...
- Question 43: Your organization has recently acquired a set of new global ...
- Question 44: Which example is typically NOT included in a Business Impact...
- Question 45: Which factor describes the concept of criticality of a servi...
- Question 46: When updating TPRM vendor classification requirements with a...
- Question 47: Once a vendor questionnaire is received from a vendor what i...
- Question 48: Which of the following actions is an early step when trigger...
- Question 49: Which of the following components are typically NOT part of ...
- Question 50: Which example BEST represents the set of restrictive areas t...
- Question 51: Which statement is FALSE regarding the primary factors in de...
- Question 52: Which statement is TRUE regarding the tools used in TPRM ris...
- Question 53: Which statement is NOT an accurate reflection of an organiza...
- Question 54: An IT change management approval process includes all of the...
- Question 55: What attribute is MOST likely to be included in the software...
- Question 56: At which level of reporting are changes in TPRM program metr...
[×]
Download PDF File
Enter your email address to download SharedAssessments.CTPRP.v2024-06-07.q56.pdf