Summer Certification Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: force70

  1. Home
  2. APICS
  3. CPIM
  4. CPIM-8.0
  5. Certified in Planning and Inventory Management (CPIM 8.0) Questions and Answers

Pass the APICS CPIM CPIM-8.0 Questions and answers with CertsForce

 APICS Exams      Go to Exam Detail      Get Premium Access
Viewing page 7 out of 13 pages
Viewing questions 91-105 out of questions
Questions # 91:

Privacy requirements across national boundaries MOST often require protection of which data types?

Options:
A.

Contact information for elected officials and local and national government web content

B.

Contact information related to minors, medical records, and Personally Identifiable Information (PII)

C.

Contact information for board members, proprietary trade secrets, and income statements

D.

Contact information related to medical doctors, Protected Health Information (PHI), and Personally Identifiable Information (PII)

Expert Solution
Questions # 92:

Which of the following are compromised in an untrusted network using public key cryptography when a digitally signed message is modified without being detected?

Options:
A.

Integrity and authentication

B.

Integrity and non-repuditation

C.

Integrity and availability

D.

Confidentiality and availability

Expert Solution
Questions # 93:

Which of the following is MOST accurate when comparing patch management and vulnerability management?

Options:
A.

Patch management manages the security lifecycle from discovery to remediation.

B.

Patch management identifies, acquires, tests, and installs code changes on a specific computing device.

C.

Vulnerability management is a process executed in specialized software to address security issues or add new features.

D.

Vulnerability management plugs security holes and remediates risk by upgrading software to the most recent versions.

Expert Solution
Questions # 94:

An independent risk assessment determined that a hospital ' s existing policies did not have a formal process in place to address system misuse, abuse, or fraudulent activity by internal users. Which of the following would BEST address this deficiency in the Corrective Action Plan?

Options:
A.

Create and deploy policies and procedures

B.

Develop and implement a sanction policy

C.

Implement a risk management program

D.

Perform a security control gap analysis

Expert Solution
Questions # 95:

An organization is migrating its access controls to a certificate-based authentication system.

What will need to be established to verify the identity of all users connecting to the network before rolling out the system?

Options:
A.

A biometric system needs to scan unique attributes of all users.

B.

A Certificate Authority (CA) needs to issue new passwords to all users.

C.

A Certificate Authority (CA) needs to issue the certificates to all users.

D.

A challenge response system needs to validate all user access.

Expert Solution
Questions # 96:

Which of the following controls should a financial Institution have in place in order to prevent a trader from both entering and executing a trade?

Options:
A.

Cameras in the trading room

B.

Two-Factor Authentication (2FA)

C.

Separation of Duties (SoD)

D.

Least privilege

Expert Solution
Questions # 97:

A computer forensic analyst is examining suspected malware from a computer system post-attack. Upon reverse engineering the code, the analyst sees several concerning instructions. One of those concerning instructions is that it installs a Unified Extensible Firmware Interface Basic Input/Output System (BIOS) rootkit, and when the system is then rebooted, the BIOS checks for a certain unknown program to be installed. Which security feature MOST likely would have detected and prevented this type of attack if already on the system?

Options:
A.

Operating System (OS) virtualization

B.

Memory protection

C.

Cryptographic module

D.

Trusted Platform Module (TPM)

Expert Solution
Questions # 98:

To ensure the quality of its newly developed software, an organization is aiming to deploy an automated testing tool that validates the source code. What type of testing BEST supports this capability?

Options:
A.

Network vulnerability scanning

B.

Dynamic Application Security Testing (DAST)

C.

Static Application Security Testing (SAST)

D.

Fuzz parsing

Expert Solution
Questions # 99:

An organization’s computer incident response team PRIMARILY responds to which type of control?

Options:
A.

Detective

B.

Administrative

C.

Preventative

D.

Corrective

Expert Solution
Questions # 100:

During an investigation, a forensic analyst executed a task to allow for the authentication of all documents, data, and objects collected, if required. Which of the options below BEST describes this task?

Options:
A.

Electronically stored information was collected through a forensic tool.

B.

Metadata was collected from files and objects were listed in a notebook.

C.

A chain of custody form was filled with all items quantity and descriptions.

D.

Archive tagging was applied to all digital data and physical papers were stamped.

Expert Solution
Questions # 101:

The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?

Options:
A.

Ask the development team to reevaluate the current program and have a toolset developed securely within the organization.

B.

Request a copy of the most recent System and Organization Controls (SOC) report and/or most recent security audit reports and any vulnerability scans of the software code from the vendor.

C.

Purchase the software, deploy it in a test environment, and perform Dynamic Application Security Testing (DAST) on the software.

D.

Request a software demo with permission to have a third-party penetration test completed on it.

Expert Solution
Questions # 102:

What is the BEST preventive measure against employees abusing access privileges?

Options:
A.

Move abusers to other positions

B.

Establish a solid security awareness training program

C.

Terminate abusers

D.

Require frequent password changes

Expert Solution
Questions # 103:

Which of the following is a disadvantage of using federated identity?

Options:
A.

The administrative burden is increased

B.

The application has access to the user’s credentials

C.

Applications may need complex modifications to implement

D.

A compromised credential provides access to all the user’s applications

Expert Solution
Questions # 104:

An organization implemented a threat modeling program focusing on key assets. However, after a short time it became clear that the organization was having difficulty executing the threat modeling program.

Which approach will MOST likely have been easier to execute?

Options:
A.

System-centric approach

B.

Attacker-centric approach

C.

Asset-centric approach

D.

Developer-centric approach

Expert Solution
Questions # 105:

An organization has to conduct quarterly reviews of user authorization access to its primary financial application. Which position is responsible for performing these reviews?

Options:
A.

Internal audit manager

B.

Information Security Manager (ISM)

C.

Data custodian

D.

Data owner

Expert Solution
Viewing page 7 out of 13 pages
Viewing questions 91-105 out of questions