CTP CTP Security & Risk Management

Question 1

Which security principle dictates that users and systems should only be granted the minimum level of access required to perform their job functions?

Accepted Answer

Principle of least privilege

Answer

Defense in depth

Answer

Security by obscurity

Answer

Zero trust escalation

Question 2

In risk management, what does the formula Risk = Likelihood × Impact represent?

Accepted Answer

A qualitative method to prioritize risks by combining their probability and consequence

Answer

A formula for calculating the monetary cost of a security breach only

Answer

A compliance requirement from NIST for federal agencies

Answer

A method to calculate software defect density

Question 3

What is the purpose of a penetration test in a technical security program?

Accepted Answer

To simulate real-world attacks to identify exploitable vulnerabilities before malicious actors do

Answer

To monitor network traffic for anomalies on a continuous basis

Answer

To encrypt all data at rest using industry-standard algorithms

Answer

To automate patch deployment across all managed systems

Question 4

Which cryptographic concept ensures that a sender cannot later deny having sent a message?

Accepted Answer

Non-repudiation

Answer

Confidentiality

Answer

Availability

Answer

Integrity

Question 5

A CTP professional is implementing a disaster recovery plan. What does RTO (Recovery Time Objective) define?

Accepted Answer

The maximum acceptable time to restore a system after a failure

Answer

The maximum acceptable data loss measured in time

Answer

The total cost of downtime per hour for the business

Answer

The redundancy level required for critical servers

Question 6

What is a threat model, and how is it used in secure system design?

Accepted Answer

A structured analysis of potential threats, attack surfaces, and mitigations for a system

Answer

A list of known malware signatures updated by antivirus vendors

Answer

A compliance checklist required for SOC 2 audits

Answer

A network diagram showing firewall placement