CTPRP FINAL EXAMINATION QUESTIONS WITH SOLUTIONS GRADED A+2025/2026

CTPRP FINAL EXAMINATION QUESTIONS WITH SOLUTIONS
GRADED A+2025/2026
✔✔incident response - ✔✔-detection, investigation and forensic evidence integrity
-event containment, post mortem and remediation
-management communication and reporting

✔✔incident notification plan - ✔✔-law enforcement
-regulators
-clients
-service providers
-employees
-external stakeholders
-media

✔✔threat management - ✔✔managed thorugh the use of both automated and manual
scanning tools

✔✔top ten vulnerabilities (OWASP) - ✔✔-Injection
-Broken Authentication
-Sensitive Data Exposure
-XML External Entities (XXE)
-Broken Access Control
-Security Misconfiguration
-Cross-Site Scripting (XSS)
-Insecure Deserialization
-Using Components with Known Vulnerabilities
-Insufficient Logging & Monitoring

✔✔threat modeling - ✔✔-vulnerability testing
-penetration testing
-data input validation
-validation checks

✔✔phishing - ✔✔targeted emails trying to get the user to click a link or download a
program

✔✔business risks - ✔✔-human capital
-strategic
-reputational
-technology
-operational
-legal
-external
-financial

, ✔✔risk governance plan - ✔✔enables the organization to identify, quantify and prioritize
risks based on the risk acceptance levels relevant to the organization

✔✔information security policy - ✔✔approved by mgmt and serves as foundation for the
info security controls of an organization (includes incident mgmt and exception process)

✔✔administrative info sec controls - ✔✔HR, BCP, third party risk, asset mgmt, data
classification, firewalls, malicious code preventions, outboud filtering, security
monitoring

✔✔technical info sec controls - ✔✔network access, user access, operating systems,
application development

✔✔Compliance standards and policies should include: - ✔✔-regulatory, statutory,
and/or contractual obligations
-corporate governance
-ethics & business practices
-marketing and selling practices
-operational compliance requirements

✔✔audits should ensure compliance with: - ✔✔-corporate
-legal
-regulatory
-industry requirements

✔✔Privacy Management Framework should: - ✔✔-maintain personal data inventory
-maintain data privacy policy & notices
-maintain training and awareness program
-manage info security risk
-manage third party risk
-maintain procedures for inquiries and complaints
-maintain data privacy breach mgmt program
-monitor data handling practices

✔✔background and employment verification - ✔✔-education
-identity verification (SSN)
-certification and license verification
-social media sites
-optional based on industry (OFAC, drug testing, credit check, finger printing)

✔✔out of wallet authentication - ✔✔-information about a user not readily available in
financial data bases
-negatively impacted by growth in social media