1. What is your top priority when evaluating a proactive monitoring solution to protect third-party organizations from cyber threats?

2. What from the below should be included in a vendor’s security policies from a TPRM perspective?

3. Your company has multiple vendors that are classified as high-risk due to the nature of the services they provide (e.g., data processing and financial services). You have limited resources for risk management. How should your company prioritize its risk management efforts with multiple high-risk vendors?

4. Your company, a financial services provider, has recently learned that one of its key vendors, responsible for data storage, has experienced a data breach. Sensitive customer information may have been compromised. What immediate steps should your company take in response to the vendor’s data breach?

7. Which of the following best describes a fourth-party risk?

8. A third-party logistics vendor responsible for delivering products has consistently failed to meet the agreed-upon performance metrics outlined in the SLA, leading to customer complaints. How should your organization address the consistent underperformance of a third-party logistics vendor?

9. During a routine financial review, you discover that one of your major vendors, responsible for supplying critical components, is showing signs of financial instability and may be at risk of bankruptcy. What should your company do to manage the risk posed by this financially unstable vendor?

11. A third-party vendor your company uses is suddenly involved in a public scandal related to unethical business practices. This vendor is not directly linked to your core operations, but their involvement could damage your company’s reputation. What action should you take if a third-party vendor is involved in a public scandal that could damage your company’s reputation?

12. You discover that a critical vendor in your supply chain lacks strong cybersecurity measures. They handle sensitive customer data for your company, making them a high-risk third party. What should your organization do to manage the risk of a vendor lacking strong cybersecurity protocols?

13. Your company is onboarding a new vendor to handle a major aspect of operations, but the due diligence and risk assessment processes are taking longer than expected. However, operations depend on this vendor being integrated as soon as possible. What should be the priority when the due diligence process for onboarding a vendor is delayed?

14. You realize that your contract with a critical vendor, which includes essential service-level agreements (SLAs) for performance, is set to expire in one week. Renewing the contract requires a new risk assessment. What should your next step be if a contract with a critical vendor is about to expire?

15. What is the primary focus of Supply Chain Security in the context of TPRM?

16. A new regulatory requirement mandates that all third-party vendors handling customer data comply with specific privacy standards. You find that one of your current third-party vendors is not compliant. What is the most appropriate course of action when a third-party vendor is not compliant with a regulatory standard?

17. You are conducting a routine review of your vendors and need to classify them based on risk. A vendor that handles sensitive financial data has been flagged for operational issues in the past year. How should you classify a vendor handling sensitive financial data with past operational issues in terms of risk?

18. Fill in the blanks:
___risk is a banking term describing the level of risk in a bank's portfolio arising from ____ to a single counterparty, sector or country.

19. What is the weakest link in cybersecurity?

20. What is the principle of least privilege?