Certified Protection Professional CPP Practice Exam
**Question 1.** Which security management principle emphasizes continuous
evaluation and enhancement of security processes?
A) Risk avoidance
B) Continuous improvement
C) Asset protection
D) Incident response
Answer: B
Explanation: Continuous improvement involves regularly assessing and refining
security measures to keep them effective.
**Question 2.** In a quantitative risk assessment, which component is expressed
as a monetary value?
A) Threat probability
B) Vulnerability rating
C) Impact cost
D) Asset value
Answer: C
Explanation: Impact cost quantifies the financial consequence of a risk event.
**Question 3.** Which ASIS International standard focuses specifically on physical
security of assets?
A) ISO 27001
,Certified Protection Professional CPP Practice Exam
B) ASIS ESP-1
C) ISO 22301
D) ASIS PSP
Answer: B
Explanation: ASIS ESP-1 provides guidelines for physical security programs.
**Question 4.** When collaborating across functions, which technique best
ensures shared security objectives?
A) Hierarchical reporting
B) Cross‑functional workshops
C) Isolated departmental plans
D) Sole authority of security manager
Answer: B
Explanation: Workshops foster communication and alignment among different
departments.
**Question 5.** Which risk‑management strategy is most appropriate for a
low‑probability, high‑impact event that cannot be transferred?
A) Acceptance
B) Avoidance
C) Transfer
D) Spreading
,Certified Protection Professional CPP Practice Exam
Answer: A
Explanation: Acceptance is used when the cost of mitigation exceeds the benefit.
**Question 6.** A security program uses cost‑benefit analysis to justify a new
access‑control system. Which metric is most directly compared?
A) Return on Investment (ROI)
B) Threat likelihood
C) Employee turnover
D) Incident frequency
Answer: A
Explanation: ROI measures the financial return of the security investment relative
to its cost.
**Question 7.** Which external liaison activity is essential during a natural
disaster response?
A) Negotiating vendor contracts
B) Coordinating with emergency services
C) Conducting internal audits
D) Updating internal policies
Answer: B
Explanation: Liaising with emergency services ensures coordinated response and
resource sharing.
, Certified Protection Professional CPP Practice Exam
**Question 8.** Adult learning theory suggests that security awareness training
should be:
A) Lecture‑only
B) Interactive and problem‑based
C) Mandatory without feedback
D) Delivered annually only
Answer: B
Explanation: Adults learn best through active participation and real‑world
relevance.
**Question 9.** Which metric best indicates the effectiveness of a security
awareness program?
A) Number of cameras installed
B) Percentage of employees passing phishing tests
C) Total security budget
D) Number of security incidents reported
Answer: B
Explanation: Phishing test results directly measure employee awareness and
behavior.
**Question 10.** In budgeting, which accounting principle requires expenses to
be recorded in the period they are incurred?
**Question 1.** Which security management principle emphasizes continuous
evaluation and enhancement of security processes?
A) Risk avoidance
B) Continuous improvement
C) Asset protection
D) Incident response
Answer: B
Explanation: Continuous improvement involves regularly assessing and refining
security measures to keep them effective.
**Question 2.** In a quantitative risk assessment, which component is expressed
as a monetary value?
A) Threat probability
B) Vulnerability rating
C) Impact cost
D) Asset value
Answer: C
Explanation: Impact cost quantifies the financial consequence of a risk event.
**Question 3.** Which ASIS International standard focuses specifically on physical
security of assets?
A) ISO 27001
,Certified Protection Professional CPP Practice Exam
B) ASIS ESP-1
C) ISO 22301
D) ASIS PSP
Answer: B
Explanation: ASIS ESP-1 provides guidelines for physical security programs.
**Question 4.** When collaborating across functions, which technique best
ensures shared security objectives?
A) Hierarchical reporting
B) Cross‑functional workshops
C) Isolated departmental plans
D) Sole authority of security manager
Answer: B
Explanation: Workshops foster communication and alignment among different
departments.
**Question 5.** Which risk‑management strategy is most appropriate for a
low‑probability, high‑impact event that cannot be transferred?
A) Acceptance
B) Avoidance
C) Transfer
D) Spreading
,Certified Protection Professional CPP Practice Exam
Answer: A
Explanation: Acceptance is used when the cost of mitigation exceeds the benefit.
**Question 6.** A security program uses cost‑benefit analysis to justify a new
access‑control system. Which metric is most directly compared?
A) Return on Investment (ROI)
B) Threat likelihood
C) Employee turnover
D) Incident frequency
Answer: A
Explanation: ROI measures the financial return of the security investment relative
to its cost.
**Question 7.** Which external liaison activity is essential during a natural
disaster response?
A) Negotiating vendor contracts
B) Coordinating with emergency services
C) Conducting internal audits
D) Updating internal policies
Answer: B
Explanation: Liaising with emergency services ensures coordinated response and
resource sharing.
, Certified Protection Professional CPP Practice Exam
**Question 8.** Adult learning theory suggests that security awareness training
should be:
A) Lecture‑only
B) Interactive and problem‑based
C) Mandatory without feedback
D) Delivered annually only
Answer: B
Explanation: Adults learn best through active participation and real‑world
relevance.
**Question 9.** Which metric best indicates the effectiveness of a security
awareness program?
A) Number of cameras installed
B) Percentage of employees passing phishing tests
C) Total security budget
D) Number of security incidents reported
Answer: B
Explanation: Phishing test results directly measure employee awareness and
behavior.
**Question 10.** In budgeting, which accounting principle requires expenses to
be recorded in the period they are incurred?
