CTPRP Practice Test Video Answer

1. B
Third-party risk management evaluates and mitigates risks from external vendors and service providers.

2. C
The OCC provides direct regulatory guidance for third-party risk management in financial services.

3. A
The SOC 2 Type II report provides assurance over a vendor’s control environment and processes.

4. C
Continuous monitoring tracks performance, compliance, and risk posture over time.

5. C
Encryption ensures the confidentiality and integrity of sensitive data handled by vendors.

6. C
Adults learn best through experiential, problem-centered learning.

7. A
Operational risk arises when vendors fail to perform expected services.

8. B
SLAs define performance standards and metrics.

9. B
Likelihood measures the probability of risk occurrence.

10. B
Residual risk is what remains after implementing controls.

11. B
Centralized TPRM frameworks improve visibility and consistency.

12. C
Collaborative communication ensures understanding and stakeholder engagement.

13. B
The first step is identifying all vendors to create a comprehensive inventory.

14. B
ISO 27001 is the standard for assessing information security maturity.

15. B
Guided practice and feedback enhance skill and confidence.

16. B
Exit assessments recover data and ensure continuity post-contract.

17. C
Vendor insolvency poses financial risk.

18. B
Tabletop exercises test incident response effectiveness.

19. B
Scenario-based learning improves engagement and retention.

20. A
A risk appetite statement defines acceptable risk levels.

21. C
Compliance risk involves potential legal or regulatory penalties.

22. A
Due diligence precedes contract execution.

23. B
Senior management defines governance and risk appetite.

24. B
Contracts outline each party’s responsibilities.

25. B
Continuous monitoring tracks deviations in risk and performance.

26. C
Criticality depends on business dependence on the vendor.

27. B
A risk register documents risks, controls, and mitigations.

28. B
BCP reviews confirm readiness during disruptions.

29. B
Curriculum must align with objectives and job relevance.

30. C
Post-training application measures effectiveness.

31. B
Subcontractors must maintain equivalent control standards.

32. B
Active listening fosters mutual understanding.

33. A
SAQs assess vendor control maturity.

34. B
Documentation ensures regulatory compliance.

35. B
Pre- and post-assessments objectively measure learning gains.

36. B
Mentors guide, model, and provide feedback.

37. C
Insurance or contracts can transfer certain risks.

38. B
Integration ensures seamless data and reporting.

39. B
The second line provides risk oversight and compliance.

40. C
Operational risk arises when vendors fail to sustain operations.