Download from unlimited killexams.com CPP Cram Guide
We have a vast collection of valid and approved Certified Protection Professional real questions. Killexams.com provides the latest and most recent CPP Cram Guide, covering almost all exam topics. With the help of their CPP Exam Questions database, there is no need to risk your opportunity by reading research books or wasting time burning through 10-20 hours to ace their CPP real questions and answers.

If you want to find a reliable and updated source of CPP Exam Questions, don't waste your time with outdated and invalid materials from other providers on the web. Instead, trust killexams.com, where you can download 100% free CPP Pass Guides test questions and see for yourself. After that, register and get a 3-month subscription to download the latest and most valid CPP Exam Questions, containing actual CPP test questions and answers. To prepare for your test, you can also get the CPP VCE test system.

At killexams.com, they have a team of experts who gather genuine CPP test questions and update them regularly to ensure that you pass the ASIS CPP test and get a great job. You can download the latest CPP test questions for free, and they guarantee that they are valid and up-to-date. Don't rely on free CPP Pass Guides available on the web, as they may not be reliable or accurate. Instead, choose killexams.com for your CPP test preparation.

Exam : CPP

Exam Name : Certified Protection Professional (ASIS)

Quesitons : 225

Scored Questions : 200

Unscored : 25

Duration : 4 hrs



Security Fundamentals (35%)

TASK 1: Implement and coordinate the organizations security program(s) to protect the organizations assets Knowledge of

1. Security theory and terminology

2. Project management techniques

3. Security industry standards

4. Protection techniques and methods

5. Security program and procedures exam

6. Security principles of planning, organization, and control

TASK 2: Implement methods to improve the security program on a continuous basis through the use of auditing, review, and exam Knowledge of

1. Data collection and intelligence analysis techniques

2. Continuous exam and improvement processes

3. Audit and testing techniques

TASK 3: Develop and coordinate external relations programs with public sector law enforcement or other external organizations to achieve security objectives Knowledge of

1. Roles and responsibilities of external organizations and agencies

1. Local, national, and international public/private partnerships

2. Methods for creating effective working relationships

TASK 4: Develop, implement, and coordinate employee security awareness programs Knowledge of

1. The nature of verbal and non-verbal communication and cultural considerations

2. Security industry standards

3. Training methodologies

4. Communication strategies, techniques, and methods

5. Security awareness program objectives and metrics

TASK 5: Implement and/or coordinate an investigative program

Knowledge of

1. Report preparation for internal purposes and legal proceedings

2. Components of investigative processes

3. Types of investigations (e.g., incident, misconduct, compliance)

4. Internal and external resources to support investigative functions

TASK 6: Provide coordination, assistance, and evidence such as documentation and testimony to support legal proceedings

Knowledge of

1. Required components of effective documentation (e.g., legal, employee, procedural, policy, compliance)

2. Evidence collection and protection techniques

3. Relevant laws and regulations regarding records management, retention, legal holds, and destruction practices (Note: No countryspecific laws will be on the APP exam)

TASK 7: Conduct background investigations for hiring, promotion, and/or retention of individuals

Knowledge of

1. Background investigations and personnel screening techniques

2. Quality and types of information and data sources

3. Criminal, civil, and employment law and procedures

TASK 8: Develop, implement, coordinate, and evaluate policies, procedures, programs and methods to protect individuals in the workplace against human threats (e.g., harassment, violence)

Knowledge of

1. Principles and techniques of policy and procedure development

2. Protection personnel, technology, and processes

3. Regulations and standards governing or affecting the security industry and the protection of people, property, and information

4. Educational and awareness program design and implementation

TASK 9: Conduct and/or coordinate an executive/personnel protection program

Knowledge of

1. Travel security program components

2. Executive/personnel protection program components

3. Protection personnel, technology, and processes

TASK 10: Develop and/or maintain a physical security program for an organizational asset

Knowledge of

1. Resource management techniques

2. Preventive and corrective maintenance for systems

3. Physical security protection equipment, technology, and personnel

4. Security theory, techniques, and processes

5. Fundamentals of security system design

TASK 11: Recommend, implement, and coordinate physical security controls to mitigate security risks

Knowledge of

1. Risk mitigation techniques (e.g., technology, personnel, process, facility design, infrastructure)

2. Physical security protection equipment, technology, and personnel

3. Security survey techniques

TASK 12: Evaluate and integrate technology into security program to meet organizational goals

Knowledge of

1. Surveillance techniques and technology

2. Integration of technology and personnel

3. Plans, drawings, and schematics

4. Information security theory and systems methodology

TASK 13: Coordinate and implement security policies that contribute to an information security program

Knowledge of

1. Practices to protect proprietary information and intellectual property

2. Information protection technology, investigations, and procedures

3. Information security program components (e.g., asset protection, physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities)

4. Information security threats



DOMAIN TWO

Business Operations (22%)

TASK 1: Propose budgets and implement financial controls to ensure fiscal responsibility

Knowledge of

1. Data analysis techniques and cost-benefit analysis

2. Principles of business management accounting, control, and audits

3. Return on Investment (ROI) analysis

4. Fundamental business finance principles and financial reporting

5. Budget planning process

6. Required components of effective documentation (e.g., budget, balance sheet, vendor work order, contracts)

TASK 2: Implement security policies, procedures, plans, and directives to achieve organizational objectives

Knowledge of

1. Principles and techniques of policy/procedure development

2. Guidelines for individual and corporate behavior

3. Improvement techniques (e.g., pilot programs, education, and training)

TASK 3: Develop procedures/techniques to measure and improve departmental productivity

Knowledge of

1. Communication strategies, methods, and techniques

2. Techniques for quantifying productivity/metrics/key performance indicators (KPI)

3. Project management fundamentals tools and techniques

4. Principles of performance evaluations, 360 reviews, and coaching

TASK 4: Develop, implement, and coordinate security staffing processes and personnel development programs in order to achieve organizational objectives

Knowledge of

1. Retention strategies and methodologies

2. Job analysis processes

3. Cross-functional collaboration

4. Training strategies, methods, and techniques

5. Talent management and succession planning

6. Selection, evaluation, and interview techniques for staffing

TASK 5: Monitor and ensure a sound ethical culture in accordance with regulatory requirements and organizational objectives

Knowledge of

1. Interpersonal communications and feedback techniques

2. Relevant laws and regulations

3. Governance and compliance standards

4. Generally accepted ethical principles

5. Guidelines for individual and corporate behavior

TASK 6: Provide advice and assistance in developing key performance indicators and negotiate contractual terms for security vendors/suppliers

Knowledge of

1. Confidential information protection techniques and methods

2. Relevant laws and regulations

3. Key concepts in the preparation of requests for proposals and bid reviews/evaluations

4. Service Level Agreements (SLA) definition, measurement and reporting

5. Contract law, indemnification, and liability insurance principles

6. Monitoring processes to ensure that organizational needs and contractual requirements are being met

7. Vendor qualification and selection process



DOMAIN THREE

Risk Management (25%)

TASK 1: Conduct initial and ongoing risk exam processes

Knowledge of

1. Risk management strategies (e.g., avoid, assume/accept, transfer, mitigate)

2. Risk management and business impact analysis methodology

3. Risk management theory and terminology (e.g., threats, likelihood, vulnerability, impact)

TASK 2: Assess and prioritize threats to address potential consequences of incidents

Knowledge of

1. Potential threats to an organization

2. Holistic approach to assessing all-hazard threats

3. Techniques, tools, and resources related to internal and external threats

TASK 3: Prepare, plan, and communicate how the organization will identify, classify, and address risks

Knowledge of

1. Risk management compliance testing (e.g., program audit, internal controls, selfassessment)

2. Quantitative and qualitative risk exams

3. Risk management standards

4. Vulnerability, threat, and impact exams

TASK 4: Implement and/or coordinate recommended countermeasures for new risk treatment strategies

Knowledge of

1. Countermeasures

2. Mitigation techniques

3. Cost-benefit analysis methods for risk treatment strategies

TASK 5: Establish a business continuity or continuity of operations plan (COOP)

Knowledge of

1. Business continuity standards

2. Emergency planning techniques

3. Risk analysis

4. Gap analysis

TASK 6: Ensure pre-incident resource planning (e.g., mutual aid agreements, table-top exercises)

Knowledge of

1. Data collection and trend analysis techniques

2. Techniques, tools, and resources related to internal and external threats

3. Quality and types of information and data sources

4. Holistic approach to assessing all-hazard threats



DOMAIN FOUR

Response Management (18%)

TASK 1: Respond to and manage an incident using best practices

Knowledge of

1. Primary roles and duties in an incident command structure

2. Emergency operations center (EOC) management principles and practices

TASK 2: Coordinate the recovery and resumption of operations following an incident

Knowledge of

1. Recovery assistance resources

2. Mitigation opportunities during response and recovery processes

TASK 3: Conduct a post-incident review Knowledge of

1. Mitigation opportunities during response and recovery processes

2. Post-incident review techniques

TASK 4: Implement contingency plans for common types of incidents (e.g., bomb threat, active shooter, natural disasters)

Knowledge of

1. Short- and long-term recovery strategies

2. Incident management systems and protocols

TASK 5: Identify vulnerabilities and coordinate additional countermeasures for an asset in a degraded state following an incident

Knowledge of

1. Triage/prioritization and damage exam techniques

2. Prevention, intervention, and response

tactics

TASK 6: Assess and prioritize threats to mitigate consequences of incidents

Knowledge of

1. Triage/prioritization and damage exam techniques

2. Resource management techniques

TASK 7: Coordinate and assist with evidence

collection for post-incident review (e.g., documentation, testimony)

Knowledge of

1. Communication techniques and notification protocols

2. Communication techniques and protocols of liaison

TASK 8: Coordinate with emergency services during incident response

Knowledge of

1. Emergency operations center (EOC) concepts and design

2. Emergency operations center (EOC) management principles and practices

3. Communication techniques and protocols of liaison

TASK 9: Monitor the response effectiveness to incident(s)

Knowledge of

1. Post-incident review techniques

2. Incident management systems and protocols

TASK 10: Communicate regular status updates to leadership and other key stakeholders throughout incident

Knowledge of

1. Communication techniques and protocols of liaison

2. Communication techniques and notification protocols

TASK 11: Monitor and audit the plan of how the organization will respond to incidents

Knowledge of

1. Training and exercise techniques

2. Post-incident review techniques



Security Principles and Practices (21%)

TASK 1: Plan, develop, implement, and manage the organizations security program to protect the organizations assets.

Knowledge of

1. Principles of planning, organization, and control

2. Security theory, techniques, and processes

3. Security industry standards

4. Continuous exam and improvement processes

5. Cross-functional organizational collaboration

TASK 2: Develop, manage, or conduct the security risk exam process.

Knowledge of

1. Quantitative and qualitative risk exams

2. Vulnerability, threat, and impact exams

3. Potential security threats (e.g., all hazards, criminal activity)

TASK 3: Evaluate methods to improve the security program on a continuous basis through the use of auditing, review, and exam.

Knowledge of

1. Cost-benefit analysis methods

2. Risk management strategies (e.g., avoid, assume/accept, transfer, spread)

3. Risk mitigation techniques (e.g., technology, personnel, process, facility design)

4. Data collection and trend analysis techniques

TASK 4: Develop and manage external relations programs with public sector law enforcement or other external organizations to achieve security objectives.

Knowledge of

1. Roles and responsibilities of external organization and agencies

2. Methods for creating effective working relationships

3. Techniques and protocols of liaison

4. Local and national public/private partnerships

TASK 5: Develop, implement, and manage employee security awareness programs to achieve organizational goals and objectives.

Knowledge of

1. Training methodologies

2. Communication strategies, techniques, and methods

3. Awareness program objectives and program metrics

4. Elements of a security awareness program (e.g., roles and responsibilities, physical risk, communication risk, privacy)



DOMAIN TWO

Business Principles and Practices (13%)

TASK 1: Develop and manage budgets and financial controls to achieve fiscal responsibility.

Knowledge of

1. Principles of management accounting, control, and audits

2. Business finance principles and financial reporting

3. Return on Investment (ROI) analysis

4. The lifecycle for budget planning purposes

TASK 2: Develop, implement, and manage policies, procedures, plans, and directives to achieve organizational objectives.

Knowledge of

6. Principles and techniques of policy/procedures development

7. Communication strategies, methods, and techniques

8. Training strategies, methods, and techniques
9. Cross-functional collaboration

10. Relevant laws and regulations

TASK 3: Develop procedures/techniques to measure and improve organizational productivity.

Knowledge of

1. Techniques for quantifying productivity/metrics/key performance indicators (KPI)

2. Data analysis techniques and cost-benefit analysis

3. Improvement techniques (e.g., pilot programs, education and training)

TASK 4: Develop, implement, and manage security staffing processes and personnel development programs in order to achieve organizational objectives.

Knowledge of

1. Interview techniques for staffing

2. Candidate selection and evaluation techniques

3. Job analysis processes

4. Pre-employment background screening

5. Principles of performance evaluations, 360 reviews, and coaching

6. Interpersonal and feedback techniques

7. Training strategies, methodologies, and resources

8. Retention strategies and methodologies

9. Talent management and succession planning

TASK 5: Monitor and ensure a sound ethical climate in accordance with regulatory requirements and the organizations directives and standards to support and promote proper business practices.

Knowledge of

1. Good governance standards

2. Guidelines for individual and corporate behavior

3. Generally accepted ethical principles

4. Confidential information protection techniques and methods

5. Legal and regulatory compliance

TASK 6: Provide advice and assistance to management and others in developing performance requirements and contractual terms for security vendors/suppliers.

Knowledge of

1. Key concepts in the preparation of requests for proposals and bid reviews/evaluations

2. Service Level Agreements (SLA) definition, measurement, and reporting

3. Contract law, indemnification, and liability insurance principles

4. Monitoring processes to ensure that organizational needs and contractual requirements are being met



DOMAIN THREE

Investigations (10%)

TASK 1: Identify, develop, implement, and manage investigative functions.

Knowledge of

1. Principles and techniques of policy and procedure development

2. Organizational objectives and crossfunctional collaboration

3. Types of investigations (e.g., incident, misconduct, compliance)

4. Internal and external resources to support investigative functions

5. Report preparation for internal purposes and legal proceedings

6. Laws pertaining to developing and managing investigative programs

TASK 2: Manage or conduct the collection and preservation of evidence to support investigation actions.

Knowledge of

1. Evidence collection techniques

2. Protection/preservation of crime scene

3. Requirements of chain of custody

4. Methods for preservation of evidence

5. Laws pertaining to the collection and preservation of evidence

TASK 3: Manage or conduct surveillance processes.

Knowledge of

1. Surveillance techniques

2. Technology/equipment and personnel to conduct surveillance

3. Laws pertaining to managing surveillance processes

TASK 4: Manage and conduct investigations requiring specialized tools, techniques, and resources.

Knowledge of

1. Financial and fraud related crimes

2. Intellectual property and industrial espionage crimes

3. Arson and property crimes

4. Cybercrimes

TASK 5: Manage or conduct investigative interviews.

Knowledge of

1. Methods and techniques of eliciting information

2. Techniques for detecting deception

3. The nature of non-verbal communication and cultural considerations

4. Rights of interviewees

5. Required components of written statements

6. Laws pertaining to managing investigative interviews

TASK 6: Provide coordination, assistance, and evidence such as documentation and testimony to support legal counsel in actual or potential criminal and/or civil proceedings.

Knowledge of

1. Statutes, regulations, and case law governing or affecting the security industry and the protection of people, property, and information

2. Criminal law and procedures

3. Civil law and procedures

4. Employment law (e.g., wrongful termination, discrimination, and harassment)



DOMAIN FOUR

Personnel Security (12%)

TASK 1: Develop, implement, and manage background investigations for hiring, promotion, or retention of individuals.

Knowledge of

1. Background investigations and personnel screening techniques

2. Quality and types of information sources

3. Screening policies and guidelines

4. Laws and regulations pertaining to personnel screening

TASK 2: Develop, implement, manage, and evaluate policies, procedures, programs, and methods to protect individuals in the workplace against human threats (e.g., harassment, violence).

Knowledge of

1. Protection techniques and methods

2. Threat exam

3. Prevention, intervention and response tactics

4. Educational and awareness program design and implementation

5. Travel security program

6. Laws, government, and labor regulations

7. Organizational efforts to reduce employee substance abuse

TASK 3: Develop, implement, and manage executive protection programs.

Knowledge of

1. Executive protection techniques and methods

2. Risk analysis

3. Liaison and resource management techniques

4. Selection, costs, and effectiveness of proprietary and contract executive protection personnel



DOMAIN FIVE

Physical Security (25%)

TASK 1: Conduct facility surveys to determine the current status of physical security.

Knowledge of

1. Security protection equipment and personnel

2. Survey techniques

3. Building plans, drawings, and schematics

4. Risk exam techniques

5. Gap analysis

TASK 2: Select, implement, and manage physical security strategies to mitigate security risks.

Knowledge of

1. Fundamentals of security system design

2. Countermeasures

3. Budgetary projection development process

4. Bid package development and evaluation process

5. Vendor qualification and selection process

6. Final acceptance and testing procedures

7. Project management techniques

8. Cost-benefit analysis techniques

9. Labor-technology relationship

TASK 3: Assess the effectiveness of physical security measures by testing and monitoring.

Knowledge of

1. Protection personnel, technology, and processes

2. Audit and testing techniques

3. Preventive and corrective maintenance for systems



DOMAIN SIX

Information Security (9%)

TASK 1: Conduct surveys of information asset facilities, processes, systems, and services to evaluate current status of information security program.

Knowledge of

1. Elements of an information security program, including physical security, procedural security, information systems security, employee awareness, and information destruction and recovery capabilities

2. Survey techniques

3. Quantitative and qualitative risk exams

4. Risk mitigation strategies (e.g., technology, personnel, process, facility design)

5. Cost-benefit analysis methods

6. Protection technology, equipment, and procedures

7. Information security threats

8. Building and system plans, drawings, and schematics

TASK 2: Develop and implement policies and procedures to ensure information is evaluated and protected against all forms of unauthorized/inadvertent access, use, disclosure, modification, destruction, or denial.

Knowledge of

1. Principles of management

2. Information security theory and terminology

3. Information security industry standards (e.g., ISO, PII, PCI)

4. Relevant laws and regulations regarding records management, retention, legal holds, and destruction practices

5. Practices to protect proprietary information and intellectual property

6. Protection measures, equipment, and techniques; including information security processes, systems for physical access, data control, management, and information destruction

TASK 3: Develop and manage a program of integrated security controls and safeguards to ensure information asset protection including confidentiality, integrity, and availability.

Knowledge of

1. Elements of information asset protection including confidentiality, integrity, and availability, authentication, accountability, and audit ability of sensitive information; and associated information technology resources, assets, and investigations

2. Information security theory and systems methodology

3. Multi-factor authentication techniques

4. Threats and vulnerabilities exam and mitigation

5. Ethical hacking and penetration testing techniques and practices

6. Encryption and data masking techniques

7. Systems integration techniques

8. Cost-benefit analysis methodology

9. Project management techniques

10. Budget development process

11. Vendor evaluation and selection process

12. Final acceptance and testing procedures, information systems, exam, and security program documentation

13. Protection technology, investigations, and procedures

14. Training and awareness methodologies and procedures



DOMAIN SEVEN

Crisis Management (10%)

TASK 1: Assess and prioritize threats to mitigate potential consequences of incidents.

Knowledge of

1. Threats by type, likelihood of occurrence, and consequences

2. “All hazards” approach to assessing threats

3. Cost-benefit analysis

4. Mitigation strategies

5. Risk management and business impact analysis methodology

6. Business continuity standards (e.g., ISO 22301)

TASK 2: Prepare and plan how the organization will respond to incidents.

Knowledge of

1. Resource management techniques

2. Emergency planning techniques

3. Triage and damage exam techniques

4. Communication techniques and notification protocols

5. Training and exercise techniques

6. Emergency operations center (EOC) concepts and design

7. Primary roles and duties in an incident command structure

TASK 3: Respond to and manage an incident.

Knowledge of

1. Resource management techniques

2. EOC management principles and practices

3. Incident management systems and protocols

TASK 4: Recover from incidents by

Case Management (35%)

TASK 1: Analyze case for applicable ethical conflicts.

Knowledge of

1. Nature/types/categories of ethical issues related to cases (fiduciary, conflict of interest, attorney-client)

2. The role of laws, codes, regulations and organizational governance in conducting investigations

TASK 2: Analyze and assess case elements, strategies and risks.

Knowledge of

1. Case categories (computer, white collar, financial, criminal, workplace violence)

2. Qualitative and quantitative analytical methods and tools

3. Strategic/operational analysis

4. Criminal intelligence analysis

5. Risk identification and impact

6. ASIS Workplace Violence standard

TASK 3: Determine investigative goals and develop strategy by reviewing procedural options.

Knowledge of

1. Case flow

2. Negotiation process

3. Investigative methods

4. Cost-benefit analysis

TASK 4: Determine and manage investigative resources necessary to address case objectives.

Knowledge of

1. Quality assurance process

2. Chain of custody procedures

3. Resource requirements and allocation (e.g., personnel, equipment, time, budget)

TASK 5: Identify, evaluate and implement investigative process improvement opportunities.

Knowledge of

1. Internal review (e.g., management, legal, human resources)

2. External review (e.g., regulatory bodies, accreditation agency)

3. Liaison resources

4. Root cause analysis and process improvement techniques