2. What is the role of a 'Service Level Agreement (SLA)' in third-party contracts?

3. What is the role of "sandboxing" in protecting against supply chain attacks?

4. Which of the following is an example of a physical security measure in supply chain security?

5. Which of the following is MOST important to determine when defining risk management strategies?

6. Which of the following risk management roles is part of first line of defense?

7. According to the three lines of defense model, where would the data ethics function MOST likely reside in an enterprise?

8. Who holds the primary responsibility for overseeing the enterprise risk management process within an organization?

10. Which of the following factors should be assessed after the likelihood of a loss event has been determined?

11. What is a common method to mitigate software supply chain risks?

12. In the SDLC,_________ is vital for identifying vulnerabilities, shaping secure system design, and guiding cybersecurity investments. It enables early detection and mitigation of potential threats, fostering the development of robust, secure systems.

13. Which of the following best describes the principle of least privilege in the context of third-party access management?

14. Why is continuous monitoring important in third-party cyber risk management?

18. Which of the following best describes a fourth-party risk?

1. In an audit of financial statements, _________is the risk that the procedures performed by the auditor will not detect a misstatement that exists and that could be material, individually or in combination with other misstatements.

2. Which among the below is an international standard for protecting personal information in cloud storage?

3. Who is NOT a food regulatory driver ?

4. ESG is a framework that holistically assesses the sustainability of a business or investment. Investment groups, business continuity planners, enterprise risk management personnel, and Third-Party Risk Management (TPRM) programs utilize ESG to manage sustainability risks. When utilized in a TPRM context, personnel use ESG to evaluate specific risks. What does ESG stand for ?

5. What is the security model based on the principle of maintaining strict access controls without extending trust to anyone even those users already inside the network perimeter ?

6. What is an event that has a very low likelihood of occurrence, but could have extremely serious consequences when it does occur ?

7. Which category of risk involves the potential loss of data resulting from unauthorized access or cyberattacks?

8. Which of the following entities is primarily responsible for overseeing the enterprise risk management or risk management process?

9. Which of the following events are examples of key risk-changing events that should be monitored throughout the life of a third-party relationship ?

10. In which of the following attacks, the attackers injected a backdoor into a software update of the application, wherein the application is a popular networking tool used by many high profile companies and government agencies. The backdoor allowed attackers remote access to thousands of corporate and government servers. The global-scale attack led to many data breaches and security incidents.

11. Which of the following aspects should a third-party risk management program be aligned with in an organization?

12. Which of the following best defines inherent risk in the context of third-party relationships?

13. Which of the following is NOT a security risk commonly faced by eCommerce businesses?

14. Which of the following best describes the legal principle of non-repudiation in eCommerce?

15. In the context of third-party risk management, what does the term "four eyes principle" refer to?

1. In the context of third-party risk management, what does the term "four eyes principle" refer to?

4. Which of the following is NOT a typical component of third-party risk management?

5. What role does continuous monitoring play in third-party risk management?

6. Which of the following is NOT a category of third-party risk?

7. ___________ is described as “the amount of risk that an organization is willing to accept to achieve its objectives.”

8. Which of the following controls is an example of non-technical controls?

9. Which of the following risk management roles is part of first line of defense?

10. True or False:

Inherent risk is current risk level given the existing set of controls rather than the hypothetical notion of an absence of any controls.

Residual risk would then be whatever risk level remain after additional controls are applied.

11. According to the three lines of defense model, where would the data ethics function MOST likely reside in an enterprise?

12. What is the key difference between qualitative and quantitative risk analysis?

13. What is the purpose of a risk register?

14. In the risk management process, what does the term "mitigation" refer to?

15. What does the acronym "SWOT" stand for in risk analysis?

16. What is the difference between a risk and an issue in project management?

17. Which type of risk refers to the potential loss of data due to unauthorized access or cyberattacks?