1. Home
  2. APICS
  3. CPIM
  4. CPIM-8.0
  5. Certified in Planning and Inventory Management (CPIM 8.0) Questions and Answers

Pass the APICS CPIM CPIM-8.0 Questions and answers with CertsForce

 APICS Exams      Go to Exam Detail      Get Premium Access
Viewing page 10 out of 11 pages
Viewing questions 136-150 out of questions
Questions # 136:

An organizations is developing a new software package for a financial institution. What is the FIRST step when modeling threats to this new software package?

Options:
A.

Diagram the data flows of the software package.

B.

Document the configuration of the software package.

C.

Prioritize risks to determine the mitigation strategy.

D.

Evaluate appropriate countermeasure to be implemented.

Expert Solution
Questions # 137:

When conducting a thorough risk assessment that involves identifying system threats and vulnerabilities and determining the potential for adverse effects on individuals, what additional factors MUST the organization consider?

Options:
A.

Assessing the possible impact from unauthorized access on the organization's cyber insurance policies

B.

Developing a contingency roadmap that will provide processes for each identified and documented risk element

C.

Determining the likelihood and magnitude of harm from unauthorized access, use, disclosure, disruption, modification, or destruction of the system

D.

Defining which systems are maintained by third parties and whether their control processes have been included as part of the risk assessment

Expert Solution
Questions # 138:

Which if the following is the FIRST control step in provisioning user rights and privileges?

Options:
A.

Identification

B.

Authorization

C.

Authentication

D.

Confidentiality

Expert Solution
Questions # 139:

What resources does a respondent have when contesting disciplinary action taken by the ISC2 Board of Directors?

Options:
A.

The respondent may file an appeal with the Ethics Committee

B.

None; the decision made by the Board of Directors are final

C.

The respondent may file an appeal with the Board of Director

D.

The respondent has 30 days to provide additional evidence for consideration

Expert Solution
Questions # 140:

An organization intends to host an application on a multi-tenant Infrastructure as a Service (IaaS) platform. Which of the following measures are MOST important to ensure proper protection of sensitive information?

Options:
A.

Enforcement of logging and monitoring of all access to the application

B.

Enforcement of separation measures within the storage layer of the service

C.

Enforcement of perimeter security measures including the deployment of a virtual firewall

D.

Enforcement of endpoint security measures on the Virtual Machines (VM) deployed into the service

Expert Solution
Questions # 141:

In a lean environment, the batch-size decision for planning "A" items would be done by:

Options:
A.

least total cost.

B.

min-max system.

C.

lot-for-lot (L4L).

D.

periodic order quantity.

Expert Solution
Questions # 142:

A department manager executes threat modeling at the beginning of a project and throughout its lifecycle. What type of threat modeling is being performed?

Options:
A.

Proactive threat modeling

B.

Reactive threat modeling

C.

Risk assessment

D.

Threat modeling assessment

Expert Solution
Questions # 143:

Which of the following factors is the MOST important consideration for a security team when determining when determining whether cryptographic erasure can be used for disposal of a device?

Options:
A.

If the methods meet the International organization For Standardization/International Electrotechnical Commission (ISO/IEC) 27001.

B.

If the data on the device exceeds what cryptographic erasure can safely process.

C.

If the device was encrypted prior using cipher block chaining.

D.

If the security policies allow for cryptographic erasure based on the data stored on the device.

Expert Solution
Questions # 144:

A team is tasked with developing new email encryption software. To ensure security, what will be the PRIMARY focus during the initial phase of development?

Options:
A.

Ensuring compliance with international data protection and privacy laws for email communication

B.

Implementing strong encryption algorithms to ensure the confidentiality of the emails

C.

Developing a robust user authentication system to prevent unauthorized access to the software

D.

Defining clear software requirements for security and identifying potential threats and risks to the software

Expert Solution
Questions # 145:

What is the BEST way to plan for power disruptions when implementing a Disaster Recovery Plan (DRP)?

Options:
A.

Empty jugs which can easily be filled up with water.

B.

Stock up on generator fuel and execute a generator test.

C.

Request bids for inexpensive generators.

D.

Purchase a contract with a secondary power provider.

Expert Solution
Questions # 146:

Database security includes which of the following requirements?

Options:
A.

Physical database integrity, logical database integrity, and ownership integrity

B.

Availability, auditability, and screening

C.

Physical database integrity, logical database integrity, and element integrity

D.

User authentication, availability, and accountability

Expert Solution
Questions # 147:

Fishbone diagrams would help a service organization determine:

Options:
A.

the proper level of service for a customer segment.

B.

the source of a quality-of-service issue.

C.

differences in the performance of employees.

D.

the decomposition of customer return rates with seasonality.

Expert Solution
Questions # 148:

In order for an organization to mature their data governance processes to ensure compliance, they have created a data classification matrix.

What are the next BEST activities to build on this completed work?

Options:
A.

Ensure the data owners agree with the classification of their data and then socialize the matrix with employees handling data.

B.

Ensure the internal legal team approves the data classification matrix then perform a Business Impact Analysis (BIA) to understand the impact of applying the classifications.

C.

Complete a Privacy Impact Assessment (PIA) and use the results to identify improvements to the data classification matrix.

D.

Document the handling procedures for each classification of data in the matrix and schedule data handling educational sessions with employees.

Expert Solution
Questions # 149:

In conducting a new corporate payroll system security review, which of the following individuals should answer questions regarding the data classification?

Options:
A.

Head of human capital

B.

Head of compliance

C.

Chief Information Security Officer (CISO)

D.

Chief Information Officer (CIO)

Expert Solution
Questions # 150:

A vendor has been awarded a contract to supply key business software. The vendor has declined all requests to have its security controls audited by customers. The organization insists the product must go live within 30 days. However, the security team is reluctant to allow the project to go live. What is the organization's BEST next step?

Options:
A.

Shift the negative impact of the risk to a cyber insurance provider, i.e., risk transference.

B.

Document a risk acceptance, in accordance with internal risk management procedures, that will allow the product to go-live.

C.

Gain assurance on the vendor's security controls by examining independent audit reports and any relevant certifications the vendor can provide.

D.

Evaluate available open source threat intelligence pertaining to the vendor and their product.

Expert Solution
Viewing page 10 out of 11 pages
Viewing questions 136-150 out of questions