Weekend Certification Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: best70

CPIM-8.0 Certified in Planning and Inventory Management (CPIM 8.0) Questions and Answers

Questions 4

A consultant has been engaged to support the team in analyzing why the development of a new software product has slipped schedule by a year. The consultant discovered an increase of the functionality requirements due to the failure of the asset tracking program. Which of the following BEST describes which system lifecycle element is impacted?

Options:

A.

Stakeholder identification

B.

Vision statement

C.

Operational efficiency

D.

Solution boundary

Buy Now
Questions 5

An external audit is conducted on an organization ' s cloud Information Technology (IT) infrastructure. This organization has been using cloud IT services for several years, but its use is not regulated in any way by the organization and security audits have never been conducted in the past. Which task will be the MOST challenging to conduct an effective security audit?

Options:

A.

Resource forecast

B.

Asset inventory

C.

Access to logs

D.

Software license agreements

Buy Now
Questions 6

While conducting an information asset audit, it was determined that several devices were running unpatched Operating Systems (0S). Further review Indicated the OS was no longer supported by the vendor. Which of the following BEST indicates the appropriate asset lifecycle stage of the devices?

Options:

A.

Maintain

B.

Modify

C.

Procure

D.

Dispose

Buy Now
Questions 7

Exhibit:

CPIM-8.0 Question 7

A company has prioritized customers A, B, and C, filling orders in that sequence. What are the impacts to customer service levels for customers B and C?

Options:

A.

100% service levels for B and C

B.

Customer B has higher service level

C.

Customer C has higher service level

D.

Customer B and C have same service level

Buy Now
Questions 8

A traffic analysis on an organization ' s network identifies a significant degree of inefficient resource use as a result of broadcast traffic. The organization wants to reduce the scope of the broadcasts without impeding the flow of traffic. Which of the following devices is the BEST choice to implement to achieve this goal?

Options:

A.

Proxy

B.

Firewall

C.

Router

D.

Switch

Buy Now
Questions 9

Which of the following is a core subset of The Open Group Architecture Framework (TOGAF) enterprise architecture model?

Options:

A.

Security architecture

B.

Availability architecture

C.

Privacy architecture

D.

Data architecture

Buy Now
Questions 10

Which of the following is the MOST significant flaw when using Federated Identity Management (FIM)?

Options:

A.

The initial cost of the setup is prohibitively high for small business.

B.

The token stored by the Identity Provider (IdP) may need to be renewed.

C.

The token generated by the Identity Provider (IdP) may be corrupted.

D.

The participating members in a federation may not adhere to the same rules of governance.

Buy Now
Questions 11

In a large organization, the average time for a new user to receive access is seven days. Which of the following is the BEST enabler to shorten this time?

Options:

A.

Implement a self-service password management capability

B.

Increase system administration personnel

C.

Implement an automated provisioning tool

D.

Increase authorization workflow steps

Buy Now
Questions 12

Network Access Control (NAC) is used to perform what function for computers joining the network?

Options:

A.

Ensure all networking components communicate with each other.

B.

Ensure that all approved devices can join the network.

C.

Restrict access to the network based on Media Access Control (MAC) address or Internet Protocol (IP) address.

D.

Restrict the time and date that computers are allowed to connect to the organization’s network.

Buy Now
Questions 13

When the discrete available-to-promise (ATP) method is used, the master production receipt quantity is committed to:

Options:

A.

any request for shipment prior to the planning time fence.

B.

any request for shipment prior to the demand time fence (DTF).

C.

requests only for shipment before the next master production schedule (MPS) receipt.

D.

requests only for shipment in the period of the receipt.

Buy Now
Questions 14

Which of the following BEST represents a security benefit of Software-Defined Networking (SDN)?

Options:

A.

Improved threat detection

B.

Flexible firewall configuration

C.

Network availability

D.

Improved threat prevention

Buy Now
Questions 15

A Generic Routing Encapsulation (GRE) tunnel moves data across a third-party Internet Protocol (IP) network. What is the risk of using GRE tunnels?

Options:

A.

They are proprietary and incompatible between vendors.

B.

They can be complex to configure.

C.

They do not provide any authentication or encryption protection.

D.

They are unreliable due to high protocol overhead.

Buy Now
Questions 16

Which of the following statements is true about the meantime between failures (MTBF) measure?

Options:

A.

It is used for non-repairable products.

B.

An increase in MTBF is proportional to anincrease inquality.

C.

It is a useful measure of reliability.

D.

It is the same as operating life or service life.

Buy Now
Questions 17

Which of the following is a PRIMARY benefit of sharing assessment results among key organizational officials across information boundaries?

Options:

A.

Facilitates development of organization-wide security metrics

B.

Allows management to assess which organizational elements have the best security practices

C.

Provides the organization a wider view of systemic weaknesses and deficiencies in their information systems

D.

Identifies areas that require additional training emphasis in each organizational element

Buy Now
Questions 18

Broadcast traffic is causing network performance degradation of sensitive equipment.

Which of the following methods is used to prevent the broadcast traffic from impacting availability?

Options:

A.

Place the sensitive equipment behind a firewall to prevent the broadcast traffic from impacting the equipment.

B.

Implement Quality of Service (QoS) on network switches to throttle the sensitive equipment traffic.

C.

Move the sensitive equipment to a different switch port to prevent the broadcast traffic from impacting the equipment.

D.

Use Network Access Control (NAC) to prevent the broadcast traffic from broadcasting.

Buy Now
Questions 19

Substituting capital equipment in place of direct labor can be economically Justified for which of the following scenarios?

Options:

A.

Volumes are forecasted to increase

B.

Material prices are forecasted to increase

C.

Implementing a pull system in production

D.

Functional layouts are being utilized

Buy Now
Questions 20

An organizations is developing a new software package for a financial institution. What is the FIRST step when modeling threats to this new software package?

Options:

A.

Diagram the data flows of the software package.

B.

Document the configuration of the software package.

C.

Prioritize risks to determine the mitigation strategy.

D.

Evaluate appropriate countermeasure to be implemented.

Buy Now
Questions 21

The results of a threat campaign show a high risk of potential intrusion. Which of the following parameters of the Common Vulnerability Scoring System (CVSS) will MOST likely provide information on threat conditions for the organization to consider?

Options:

A.

Modified base metrics

B.

Remediation level

C.

Integrity requirements

D.

Attack complexity

Buy Now
Questions 22

Which of the following vulnerability types is also known as a serialization flaw and affects the integrity of two processes interacting with the same resource at the same time?

Options:

A.

Boundary condition

B.

Buffer overflow

C.

Race condition

D.

Integer overflow

Buy Now
Questions 23

An agency has the requirement to establish a direct data connection with another organization for the purpose of exchanging data between the agency and organization systems. There is a requirement for a formal agreement between the agency and organization. Which source of standards can the system owners use to define the roles and responsibilities along with details for the technical and security requirements?

Options:

A.

International Organization For Standardization (ISO)

B.

European Committee for Electrotechnical Standardization

C.

Caribbean Community Regional Organization for Standards and Quality

D.

Institute of Electrical and Electronics Engineers (IEEE)

Buy Now
Questions 24

Which technology is BEST suited to establish a secure communications link between an individual’s home office and the organization’s Local Area Network (LAN)?

Options:

A.

Switched Port Analyzer (SPAN)

B.

Representational State Transfer (REST)

C.

Remote Desktop Protocol (RDP)

D.

Virtual Private Network (VPN)

Buy Now
Questions 25

Which of the following provides for continuous improvement of the change control process?

Options:

A.

Configuration Management Database (CMDB) update

B.

Predefine change window

C.

Post change review

D.

Stakeholder notification

Buy Now
Questions 26

A security officer has been tasked with performing security assessments on the organization’s in the current calendar year. While collecting data, the officer realizes that more than one business until will be engaged in the assessment. What activity MUST be included in the data collection phase?

Options:

A.

Conduct a detailed data analysis on the security impacts using historical data.

B.

Prioritize assessment activities and strategically asses each application

C.

Identify a sponsor from within the organization to prioritize the activities

D.

Perform a risk analysis and determine which applications must be assessed

Buy Now
Questions 27

Which of the following methods would be appropriate for forecasting the demand for a product family when there is a significant trend and seasonality in the demand history?

Options:

A.

Econometric models

B.

Computer simulation

C.

Time series decomposition

D.

Weighted moving average

Buy Now
Questions 28

An order winner during the growth stage of a product ' s life cycle is:

Options:

A.

variety.

B.

availability.

C.

dependability.

D.

price.

Buy Now
Questions 29

An organization has received the results of their network security risk assessment. What is the BEST course of action for the organization to take in response to the analyzed report findings?

Options:

A.

Hire a security consulting firm with specialized expertise to fix all the issues on the report and ensure the organization’s system are secure.

B.

Work with the organization’s legal team to ensure their cyber liability insurance policy will fully cover the costs of any breach related to the network risk assessment findings.

C.

Create an organizational risk response team and assign them the task of remediating all the issues or identifying and implementing compensating controls.

D.

Accept the risk of the issues within the organization’s risk tolerance and identify responses for the remainder of the issues.

Buy Now
Questions 30

A warehouse manager assigns orders to warehouse personnel grouped by where the goods are stored. This type of picking is called a(n):

Options:

A.

Zone system

B.

Area system

C.

Multi-order system

D.

Pull system

Buy Now
Questions 31

An organization recently completed an acquisition of another entity and staff members are complaining about the excessive number of credentials they need to remember as each application requires separate logins. This is negatively affecting collaboration efficiency and increasing the risk of human errors. What will the organization consider implementing as part of the solution to improve the situation?

Options:

A.

Open Authorization (OAuth) 2.0

B.

Security Assertion Markup Language (SAML) 2.0

C.

Password Authentication Protocol (PAP)

D.

OpenID Connect (OIDC)

Buy Now
Questions 32

A production manager completes a work order for an assembly item, and inventory records for the components are decreased. This is an example of:

Options:

A.

Issuing component inventory

B.

Backflushing inventory

C.

Backward scheduling

D.

Exploding requirements

Buy Now
Questions 33

Which of the following is a threat modeling methodology used for accessing threats against applications and Operating Systems (OS)?

Options:

A.

Basically Available, Soft-State, Eventual-Consistency (BASE)

B.

Spoofing, Tampering, Repudiation, Information Disclosure, Denial Of Service, And Elevation Of Privilege (STRIDE)

C.

Control Objectives For Information And Related Technology (COBIT)

D.

Security, Trust, Assurance And Risk (STAR)

Buy Now
Questions 34

While doing a penetration test, auditors found an old credential hash for a privileged user. To prevent a privileged user ' s hash from being cached, what is the MOST appropriate policy to mandate?

Options:

A.

Add privileged user to the domain admin group.

B.

Add privileged users to the protected users group.

C.

Enable security options for each privileged user.

D.

Place each privileged user in a separate Kerberos policy.

Buy Now
Questions 35

An organization is having bandwidth utilization issues due to unauthorized devices on the network. Which action should be taken to solve the problem?

Options:

A.

Disable all unused ports.

B.

Implement a Network Access Control (NAC) solution.

C.

Rate limit on access ports.

D.

Restrict access with an Access Control List (ACL).

Buy Now
Questions 36

An organizational policy requires that any data from organization-issued devices be securely destroyed before disposal. Which method provides the BEST assurance of data destruction?

Options:

A.

Incinerating

B.

Reformatting

C.

Degaussing

D.

Erasing

Buy Now
Questions 37

The security department was notified about vulnerabilities regarding users ' identity verification in a web application. Which of the following vulnerabilities is the security professional MOST likely to test?

Options:

A.

Exposure of sensitive information

B.

Use of hard-coded passwords

C.

Trust boundary violation

D.

Improper authentication

Buy Now
Questions 38

Which of the following can allow an attacker to bypass authentication?

Options:

A.

Response tampering

B.

Machine enumeration

C.

User agent manipulation

D.

Social engineering

Buy Now
Questions 39

In order to meet retention requirements, it may be necessary to migrate digital records to different media because of which of the following issues?

Options:

A.

Deduplication conserves storage.

B.

Regulatory guidance requires compliance.

C.

Digital media can degrade.

D.

Hierarchical storage facilitates access.

Buy Now
Questions 40

An organization discovered that malicious software was installed on an employee’s work laptop and allowed a competing vendor to access confidential files. The employee was fully aware of the policy not to install unauthorized software on the organization laptop. What is the BEST automated security practice for an organization to implement to avoid this situation?

Options:

A.

Security awareness training

B.

Role-Based Access Control (RBAC)

C.

User behavior analytics solution

D.

File integrity monitoring

Buy Now
Questions 41

Which of the following statements is an assumption on which the economic order quantity (EOQ) model is based?

Options:

A.

Customer demand is known but seasonal.

B.

Items are purchased and/or produced continuously and not in batches.

C.

Order preparation costs and inventory-carrying costs are constant and known.

D.

Holding costs, as a percentage of the unit cost, are variable.

Buy Now
Questions 42

In a lean environment, the batch-size decision for planning " A " items would be done by:

Options:

A.

least total cost.

B.

min-max system.

C.

lot-for-lot (L4L).

D.

periodic order quantity.

Buy Now
Questions 43

In which of the following situations would you use an X-bar chart?

Options:

A.

Track the number of defects that are found in each unit.

B.

Measure the difference between the largest and the smallest in a sample.

C.

Determine the average value of a group of units.

D.

Estimate a subgroup variation.

Buy Now
Questions 44

To mitigate risk related to natural disasters, an organization has a separate location with systems and communications in place. Data must be restored on the remote systems before they are ready for use. What type of remote site is this?

Options:

A.

Cold Site

B.

Mobile Site

C.

Hot Site

D.

Warm Sit

Buy Now
Questions 45

An organization has determined that it needs to retain customer records for at least thirty years to discover generational trends in customer behavior. However, relevant local regulation requires that all Personally Identifiable Information (PII) is deleted after expiration of the customer ' s engagement with the organization, which is usually no longer than one year. How should the data be handled at the expiration of customer engagement at one year?

Options:

A.

Because the data contains PII, it should be backed up in an encrypted form, with the encryption key securely kept in a Hardware Security Module (HSM), and all access logged and monitored.

B.

The data should be deleted from the customer website, and archived to a write-once, read-many drive to securely meet the business requirement for analytics.

C.

PII portion of the data should be tokenized or deleted, and the rest of the data stored securely to meet the business requirement for analytics.

D.

Since legal and regulatory compliance takes priority over business requirements, the data should be deleted.

Buy Now
Questions 46

An organization has a requirement that all documents must be auditable and that the original is never modified once created. When designing the system, what security model MUST be implemented in order to meet this requirement?

Options:

A.

Biba Integrity

B.

Brewer-Nash

C.

Bell-LaPadula

D.

Clark-Wilson

Buy Now
Questions 47

A logistics manager Is faced with delivering an order via rail or truck. Shipping via rail costs S300 and takes 14 days. Shipping via truck costs $600 and takes 3 days. If the holding cost is $40 per day, what is the cost to deliver the order?

Options:

A.

$340for rail,$600 for truck

B.

$340for rail.$720 for truck

C.

$860for rail,$720 for truck

D.

$860for rail.$600 for truck

Buy Now
Questions 48

What is a strategic process that is aimed at considering possible attack scenarios and vulnerabilities within a proposed or existing application environment for the purpose of clearly identifying risk and impact levels?

Options:

A.

Threat modeling

B.

Asset management

C.

Risk management

D.

Asset modeling

Buy Now
Questions 49

An organization has a call center that uses a Voice Over Internet Protocol (VoIP) system. The conversations are sensitive, and the organization is concerned about employees other than the call agents accessing these conversations. What is the MOST effective additional security measure to make?

Options:

A.

Ensure that the call agents are using an additional authentication method.

B.

Implement a Network Access Control (NAC) solution.

C.

Ensure that the voice media is using Secure Real-Time Transport Protocol.

D.

Segment the voice network and add Next-Generation Firewalls (NGFW).

Buy Now
Questions 50

Which of the following documents is the BEST reference to describe application functionality?

Options:

A.

Disaster Recovery Plan (DRP)

B.

System security plan

C.

Business Impact Analysis (BIA) report

D.

Vulnerability assessment report

Buy Now
Questions 51

Which of the below represent the GREATEST cloud-specific policy and organizational risk?

Options:

A.

Loss of governance between the client and cloud provider

B.

Loss of business reputation due to co-tenant activities

C.

Supply chain failure

D.

Cloud service termination or failure

Buy Now
Questions 52

An organization has decided to give decommissioned computers to a school in a developing country. The company data handling policy prohibits the storage of confidential and sensitive data. What would be the BEST technique to use to avoid data remanence, and to minimize the operational burden for the inheriting school?

Options:

A.

Overwriting the hard disk drive of the computers

B.

Encrypting the hard disk drive of the computers

C.

Removing and physically destroying the hard disk drive of the computers

D.

Degaussing the hard disk drive of the computers

Buy Now
Questions 53

One way to mitigate liability risk in the supply chain is to:

Options:

A.

negotiate lower component cost.

B.

require traceability for components.

C.

push inventory to supplier locations.

D.

use less-than-truckload (LTL) shipments more frequently.

Buy Now
Questions 54

In order for an organization to mature their data governance processes to ensure compliance, they have created a data classification matrix.

What are the next BEST activities to build on this completed work?

Options:

A.

Ensure the data owners agree with the classification of their data and then socialize the matrix with employees handling data.

B.

Ensure the internal legal team approves the data classification matrix then perform a Business Impact Analysis (BIA) to understand the impact of applying the classifications.

C.

Complete a Privacy Impact Assessment (PIA) and use the results to identify improvements to the data classification matrix.

D.

Document the handling procedures for each classification of data in the matrix and schedule data handling educational sessions with employees.

Buy Now
Questions 55

A semiconductor manufacturer is writing a physical asset handling policy. Which of the following is MOST likely to be the rationale for the policy?

Options:

A.

Access of system logs to authorized staff

B.

Accurate and prompt tagging of all business files

C.

Assurance of safe and clean handling of company property

D.

Adoption of environmental controls in the server room

Buy Now
Questions 56

Which of the following statements is an advantage of a fourth-party logistics (4PL) provider?

Options:

A.

It coordinates between the client and multiple logistics suppliers.

B.

It focuses primarily on last-mile delivery.

C.

It allows the client to concentrate on operating its own warehouse.

D.

It provides a logistics specialist who manages some of the logistics operation.

Buy Now
Questions 57

An organization is transitioning from a traditional server-centric infrastructure to a cloud-based Infrastructure. Shortly after the transition, a major breach occurs to the organization ' s databases. In an Infrastructure As A Service (IaaS) model, who would be held responsible for the breach?

Options:

A.

The database vendor

B.

The third-party auditor

C.

The organization

D.

The Cloud Service Provider (CSP)

Buy Now
Questions 58

What does the Role-Based Access Control (RBAC) method define?

Options:

A.

What equipment is needed to perform

B.

How information is accessed within a system

C.

What actions the user can or cannot do

D.

How to apply the security labels in a system

Buy Now
Questions 59

Remote sensors have been deployed at a utility site to reduce overall response times for maintenance staff supporting critical infrastructure. Wireless communications are used to communicate with the remote sensors, as it is the most cost-effective method and minimizes risk to public health and safety. The utility organization has deployed a Host-Based Intrusion Prevention System (HIPS) to monitor and protect the sensors. Which statement BEST describes the risk that is mitigated by utilizing this security tool?

Options:

A.

Malware on the sensor

B.

Denial-Of-Service (DoS)

C.

Wardriving attack

D.

Radio Frequency (RF) interference

Buy Now
Questions 60

Which of the following statements is true about total productive maintenance (TPM)?

Options:

A.

It uses statistical tools.

B.

It is part of the business strategy.

C.

It influences the product design process.

D.

It minimizes unscheduled breakdowns.

Buy Now
Questions 61

A company’s Marketing and Sales departments have identified an opportunity to develop a new market for a product family and requested an increase in the production plan. Which of the following actions would be most appropriate to account for the new market opportunity?

Options:

A.

Increase the production plan as requested.

B.

Regenerate the material requirements plan.

C.

Regenerate the master production schedule (MPS).

D.

Present the proposal at the executive sales and operations (S & OP) meeting.

Buy Now
Questions 62

A company has a demand for 30 units of A, 40 units of B, and 50 units of C. These products are scheduled to run daily in batches of 10 as follows: ABC, ABC, ABC, CBC. What is this scheduling

technique called?

Options:

A.

Mixed-model

B.

Matrix

C.

Synchronized

D.

Line balancing

Buy Now
Questions 63

Internet Small Computer Systems Interface (iSCSI) protocol relies on Transmission Control Protocol/Internet Protocol (TCP/IP). Which can be used maliciously to interrupt the flow of data. Which Information Technology (IT) component would be impacted by such a disruption?

Options:

A.

Firewall.

B.

Switch.

C.

Storage.

D.

Router.

Buy Now
Questions 64

When an organization is recruiting for roles within the organization, at which stage of the employee life cycle are termination procedures incorporated?

Options:

A.

Security training

B.

Orientation

C.

User provisioning

D.

Background check

Buy Now
Questions 65

What is the MOST appropriate action to take when media classification needs to be downgraded to a less sensitive classification?

Options:

A.

Modify access permissions on media at appropriate classification level.

B.

Modify access logging on media at appropriate classification level.

C.

Sanitize media using appropriate data destruction procedure.

D.

Mark the media with less sensitive classification label.

Buy Now
Questions 66

Which burden of proof has been applied when a workplace investigation has a 51 percent or greater certainty that allegations are true?

Options:

A.

Preponderance of evidence

B.

Beyond a reasonable doubt

C.

Some credible evidence

D.

Clear and convincing

Buy Now
Questions 67

Which of the following items does the master scheduler have the authority to change in the master scheduling process?

Options:

A.

Product mix

B.

Aggregate volume

C.

Engineering change effectivity date

D.

Customer order quantities

Buy Now
Questions 68

Which of the following provides that redundancy and failover capabilities are built into a system to maximize its uptime?

Options:

A.

Offsite backup

B.

High availability

C.

Diverse routing

D.

System mirroring

Buy Now
Questions 69

In pyramid forecasting, the " roll up " process begins with:

Options:

A.

combining individual product item forecasts into forecasts for product families.

B.

combining forecasts for product families into a total business forecast.

C.

allocating total business forecast changes to product families.

D.

allocating product family forecast changes to individual products.

Buy Now
Questions 70

A vendor has been awarded a contract to supply key business software. The vendor has declined all requests to have its security controls audited by customers. The organization insists the product must go live within 30 days. However, the security team is reluctant to allow the project to go live.

What is the organization ' s BEST next step?

Options:

A.

Evaluate available open source threat intelligence pertaining to the vendor and their product.

B.

Shift the negative impact of the risk to a cyber insurance provider, i.e., risk transference.

C.

Gain assurance on the vendor’s security controls by examining independent audit reports and any relevant certifications the vendor can provide.

D.

Document a risk acceptance, in accordance with internal risk management procedures, that will allow the product to go-live.

Buy Now
Questions 71

If all other factors remain the same, when finished goods inventory investment is increased, service levels typically will:

Options:

A.

remain the same.

B.

increase in direct (linear) proportion.

C.

increase at a decreasing rate.

D.

increase at an increasing rate.

Buy Now
Questions 72

When resolving conflicts, which canon within the ISC2 Code of Ethics requires members to consider duties to principals and Individuals?

Options:

A.

Maintain the privacy and confidentiality of information obtained.

B.

Advance and protect the profession.

C.

Act honorably, honestly, justly, responsibly, and legally.

D.

Maintain competency in their respective fields.

Buy Now
Questions 73

Which of the following data is needed to determine gross requirements when conducting distribution requirements planning (DRP)?

Options:

A.

Order value

B.

Location points

C.

Shipping schedules

D.

Interplant demand

Buy Now
Questions 74

In which of the following phases of the product life cycle is product price most effective in influencing demand?

Options:

A.

Introduction

B.

Growth

C.

Maturity

D.

Decline

Buy Now
Questions 75

During an investigation, a forensic analyst executed a task to allow for the authentication of all documents, data, and objects collected, if required. Which of the options below BEST describes this task?

Options:

A.

Electronically stored information was collected through a forensic tool.

B.

Metadata was collected from files and objects were listed in a notebook.

C.

A chain of custody form was filled with all items quantity and descriptions.

D.

Archive tagging was applied to all digital data and physical papers were stamped.

Buy Now
Questions 76

A security analyst has been asked to build a data retention policy for a hospital. What is the FIRST action that needs to be performed in building this policy?

Options:

A.

Determine local requirements.

B.

Determine federal requirements.

C.

Ensure that all data has been classified.

D.

Designate a person of authority.

Buy Now
Questions 77

A low-cost provider strategy works best when which of the following conditions are met?

Options:

A.

Price competition among rivals is similar.

B.

Buyers are more price sensitive.

C.

There are many ways to achieve product differentiation.

D.

There are few industry newcomers.

Buy Now
Questions 78

The costs provided in the table below are associated with buying a quantity larger than immediately needed. What Is the total landed cost based on this table?

Cost CategoryCost

Custom fees$125

Freight$700

Warehouse rent$200

Matenal cost$500

Options:

A.

$825

B.

$1,325

C.

$1,400

D.

$1,525

Buy Now
Questions 79

An organization wishes to utilize a managed Domain Name System (DNS) provider to reduce the risk of users accessing known malicious sites when web browsing. The organization operates DNS forwarders that forward queries for all external domains to the DNS provider. Which of the following techniques could enable the organization to identify client systems that have attempted to access known malicious domains?

Options:

A.

DNS over Transmission Control Protocol (TCP)

B.

DNS sinkholing

C.

Deep packet inspection

D.

Domain Name System Security Extensions (DNSSEC)

Buy Now
Questions 80

In an organization that develops aircrafts for military usage, where will the security team focus its efforts to ensure the organization’s data remains confidential?

Options:

A.

Technology to monitor the use and transfer of sensitive data

B.

User awareness training

C.

De-identification and sanitization of sensitive data

D.

Data breach insurance

Buy Now
Questions 81

Which of the following is the MOST effective approach to reduce the threat of rogue devices being introduced to the internal network?

Options:

A.

Authorize connecting devices

B.

Authenticate connecting devices

C.

Disable unauthorized devices

D.

Scan connecting devices

Buy Now
Questions 82

A bank recently informed a customer that their account has been overdrawn after their latest transaction. This transaction was not authorized by the customer. Upon further investigation, it was determined by the security team that a hacker was able to manipulate the customer ' s pre-authenticated session and force a wire transfer of funds to a foreign bank account. Which type of attack MOST likely occurred?

Options:

A.

Cross-Site Request Forgery (CSRF)

B.

On-path attack

C.

Cross-Site Scripting (XSS)

D.

Session hijacking

Buy Now
Questions 83

What is the PRIMARY benefit an organization obtains by adapting a cybersecurity framework to their cybersecurity program?

Options:

A.

A structured risk management process

B.

A common set of security capabilities

C.

A structured cybersecurity program

D.

A common language and methodology

Buy Now
Questions 84

What is the process when a security assessor compiles potential targets from the attacker’s perspective, such as data flows, and interactions with users?

Options:

A.

Threat categorization

B.

Threat avoidance

C.

Threat acceptance

D.

Threat mitigation

Buy Now
Questions 85

A house of quality (HOQ) chart aligns which pair of functions?

Options:

A.

Customer requirements with costing

B.

Engineering with operations

C.

Customer purchasing with supplier shipping

D.

Competitive analysis with product design

Buy Now
Questions 86

Which of the following is the fundamental difference between finite loading and other capacity planning approaches?

Options:

A.

It is highly dependent on advanced computer software to function effectively.

B.

It is only managed by shop floor supervisors.

C.

It can use historical information to drive decision-making processes.

D.

It considers adjustments to plans based on planned capacity utilization.

Buy Now
Questions 87

What is the following is the MAIN reason why hot-spot usually adopt open security mode in wireless networks?

Options:

A.

Ease of use

B.

Limitation of Infrastructure

C.

Adapter compatibility concerns

D.

Cost concerns

Buy Now
Questions 88

A security analyst modifies the organization’s baselines to align the controls more closely with specific security and privacy requirements. Which security concept is this an example of?

Options:

A.

Mitigating

B.

Tailoring

C.

Scoping

D.

Compensating

Buy Now
Questions 89

In a make-to-stock (MTS) environment, the master production schedule (MPS) Is usually a schedule of which of the following types of items?

Options:

A.

Phantom items

B.

Finished goods items

C.

Component/subassembly items

D.

Raw material items

Buy Now
Questions 90

The Chief Security Officer (CSO) of an organization would like to have a network security assessment done by the security team. Which of the following is the FIRST step in the security testing methodology?

Options:

A.

Investigation

B.

Reconnaissance

C.

Fingerprinting

D.

Exploitation

Buy Now
Questions 91

When conducting a vulnerability test using a scanner tool, which unintended consequence can occur?

Options:

A.

Opening of previously closed ports

B.

Adding administrator rights on servers

C.

Performing a Cross-Site Scripting (XSS) attack

D.

Creating a Denial-Of-Service (DoS) condition

Buy Now
Questions 92

The Chief Information Security Officer (CISO) is meeting with the external network security evaluation team ' s blue team leader to confirm the internal system administrator ' s work schedules, hardware lists, and logistical support for their debriefing. Which of the following would be the MOST likely topic of discussion for the briefing?

Options:

A.

Remediation

B.

Administration

C.

Authorization

D.

Enumeration

Buy Now
Questions 93

A regular remote user executed an application that allowed the execution of commands with elevated permissions. It was allowed to create new users, start and stop services, and view critical log files. Which exploit type did the application use in this scenario?

Options:

A.

Side-channel

B.

Fault injection

C.

Privilege escalation

D.

Buffer overflow

Buy Now
Questions 94

An audit report of security operations has listed some anomalies with third parties being granted access to the internal systems and data without any restrictions.

Which of the following will BEST help remediate this issue?

Options:

A.

Provide access restrictions for resources stored in a low-volume network or subnetwork location.

B.

Provide access restrictions for resources stored on a network that uses a unique platform.

C.

Provide access restrictions for resources stored in a high-volume network or subnetwork location.

D.

Provide access restrictions for resources stored on a network or on a subnetwork.

Buy Now
Questions 95

An information security professional has been tasked with remediating vulnerabilities identified during a recent penetration test. Which of the following sections of the penetration results report would be MOST preferable to remediate hosts one at a time?

Options:

A.

Findings by host, with associated vulnerabilities

B.

Findings by vulnerabilities, with associated hosts

C.

Appendix of definitions

D.

Executive summary

Buy Now
Questions 96

Which of the following factors Is considered a carrying cost?

Options:

A.

Setup

B.

Transportation

C.

Obsolescence

D.

Scrap rate

Buy Now
Questions 97

An information security professional is tasked with configuring full disk encryption on new hardware equipped with a Trusted Platform Module (TPM). How does TPM further enhance the security posture of full disk encryption if configured properly?

Options:

A.

TPM will use the Operating System (OS) for full disk encryption key protection.

B.

TPM will protect the full disk encryption keys.

C.

TPM will handle the allocation of the hardware storage drives for full disk encryption.

D.

TPM will provide full disk encryption automatically.

Buy Now
Questions 98

When performing threat modeling using Spoofing, Tampering, Repudiation, Information Disclosure, Denial Of Service, And Elevation of Privilege (STRIDE), which of the following is an example of a repudiation threat?

Options:

A.

Using someone else ' s account

B.

Distributed Denial-Of-Service (DDoS)

C.

SQL Injection (SQLi)

D.

Modifying a file

Buy Now
Questions 99

A company selling seasonal products is preparing their sales and operations plan for the coming year. Their current labor staffing is at the maximum for their production facility and cannot meet the forecasted demand. The business plan shows they do not have the financial capability to add to the production facility. Which of the following actions would be most appropriate?

Options:

A.

Uselevel production planning and investigate subcontracting to meet the extra demand.

B.

Usechaseproduction planningand only take the orders that can be produced In the highdemand season.

C.

Usehybridproduction planningto save labor costs and inventory costs in the low demand season.

D.

Usehybridproduction planningand reduce the size of the customer base during the highdemand season.

Buy Now
Questions 100

Which of the following BEST characterizes the operational benefit of using immutable workloads when working on a cloud-based project?

Options:

A.

The clouds service provider is responsible for all security within the workload

B.

Security testing is managed after image creation

C.

No longer have to bring system down to patch

D.

Allows a user to enable remote logins to running workloads

Buy Now
Questions 101

The question below is based on the following information:

CPIM-8.0 Question 101

Work Center 1 has an available capacity of 1,200 hours per month. Which of the following amounts represents the cumulative difference between the required capacity and the available capacity of Months 1 through 3?

Options:

A.

50

B.

150

C.

1.250

D.

3.750

Buy Now
Questions 102

Given the bill of material (BOM) information below and independent requirements of 10 pieces (pcs) per week of Component A and 20 pieces (pcs) per week of Component B, what is the weekly gross requirement of component F?

CPIM-8.0 Question 102

Options:

A.

80

B.

120

C.

160

D.

200

Buy Now
Questions 103

It takes an average of 3 hours to set up a model and 1 hour to run, but depending on the complexity of the models, the setup time can be significantly different. Last week. 2 modelers were working on different projects. Each worked 40 hours. One modeler finished 5 models a day, and the other finished 1 model a day. What was the demonstrated capacity last week?

Options:

A.

25models

B.

15models

C.

10models

D.

30models

Buy Now
Questions 104

A large organization is planning to lay off half of its staff. From an information security point of view, what is the BEST way of approaching affected staff?

Options:

A.

Discuss the Non-Disclosure Agreement (NDA) with the affected staff before revoking access.

B.

Revoke the user certificates and add them to the Certificate Revocation List (CRL).

C.

Revoke user access at the time of informing them.

D.

Ask human resources to conduct exit interviews before revoking access.

Buy Now
Questions 105

The master schedule is an Important tool in the sales and operations planning (S & OP) process because it:

Options:

A.

represents the forecast before changes are made in S & OP.

B.

represents the forecast with less detail.

C.

balances supply and demand at the product mix level.

D.

balances supply and demand at the sales volume level.

Buy Now
Questions 106

An organization’s security team is looking at ways to minimize the security risk of the container infrastructure. The lead engineer needs to select a suite of remediation actions to minimize risks. Which programmatic approach will result in preventing, detecting , and responding to the GREATEST number of threats aimed at container operations?

Options:

A.

Use of hardware-based countermeasures to provide a basis for trusted computing

B.

Use of container-aware runtime defense tools

C.

Grouping containers with the same sensitivity level on a single host

D.

Adoption of container-specific vulnerability management tools

Buy Now
Questions 107

A company implementing a localized multi-country strategy to increase market share should engage in which of the following actions?

Options:

A.

Sell different product versions in different countries under different brand names.

B.

Sell the same products under the same brand name worldwide.

C.

Locate plants on the basis of maximum location advantage.

D.

Use the best suppliers regardless of geographic location.

Buy Now
Questions 108

Fishbone diagrams would help a service organization determine:

Options:

A.

the proper level of service for a customer segment.

B.

the source of a quality-of-service issue.

C.

differences in the performance of employees.

D.

the decomposition of customer return rates with seasonality.

Buy Now
Questions 109

An organization’s computer incident responses team PRIMARY responds to which type of control?

Options:

A.

Administrative

B.

Detective

C.

Corrective

D.

presentative

Buy Now
Questions 110

The demand for an item has increasing forecast error, whereas all other factors remain constant. Which of the following remains constant while maintaining the same customer service level?

Options:

A.

Reorder point(ROP)

B.

Safety stock

C.

Inventory investment

D.

Safety factor

Buy Now
Questions 111

An example of a cradle-to-cradle sustainability model would be:

Options:

A.

a laundry service collects dirty baby clothes from families; cleans the clothes in large, efficient batches; and then sorts and delivers the clothes back to each family.

B.

a coffee shop collects paper waste in its restaurants, has a selected supplier collect the paper waste to be recycled, and then purchases paper products from that supplier.

C.

a company uses wood that has been gathered from multiple sources to construct items, such as beds and toys for babies and young children.

D.

a bank offers the lowest interest rates on loans to firms that are committed to using recycled materials and implementing zero-waste initiatives in their processes.

Buy Now
Questions 112

A security practitioner notices that workforce members retain access to information systems after transferring to new roles within the organization, which could lead to unauthorized changes to the information systems.

This is a direct violation of which common security model?

Options:

A.

Clark-Wilson

B.

Bell-LaPadula

C.

Graham-Denning

D.

Take-Grant

Buy Now
Questions 113

An organization has been struggling to improve their security posture after a recent breach. Where should the organization focus their efforts?

Options:

A.

Business Continuity Plan (BCP)

B.

Service-Level Agreements (SLA)

C.

Common configuration enumerations

D.

National vulnerabilities database

Buy Now
Questions 114

Global outsourcing and shared suppliers serving an industry are drivers of which category of risk?

Options:

A.

Supply disruptions

B.

Forecast inaccuracy

C.

Procurement problems

D.

Loss of intellectual property

Buy Now
Questions 115

An information security professional is considering what type of classification label to place on an organization’s software code in order to implement proper access controls. The code is considered intellectual property data and would have a catastrophic impact to the organization if compromised or destroyed. Which of the following would be the MOST appropriate classification label to apply?

Options:

A.

Sensitive

B.

Confidential

C.

Internal Use Only

D.

Public

Buy Now
Questions 116

Capacity requirements planning (CRP) is applicable primarily In companies operating In an environment where:

Options:

A.

backlog is very low.

B.

the status of work orders is disregarded.

C.

lean principles are used.

D.

material requirements planning (MRP) is used.

Buy Now
Questions 117

Which of the following stock location systems would you use in a repetitive manufacturing, lean environment?

Options:

A.

Fixed location

B.

Floating location

C.

Point-of-use storage

D.

Central storage

Buy Now
Questions 118

Disaster Recovery Plan (DRP) training can be considered complete when the participants

Options:

A.

understand the rationale behind why a specific Disaster Recovery Plan (DRP) strategy was chosen.

B.

receive a complete, accurate, and detailed explanation of the Disaster Recovery Plan (DRP).

C.

understand their roles and interactions with other roles.

D.

have demonstrated their understanding during an actual disaster.

Buy Now
Questions 119

Which of the following factors is used to determine safety stock?

Options:

A.

Number of customers

B.

Available capacity

C.

Forecast error distribution

D.

Time between customer orders

Buy Now
Questions 120

Return on investment (ROI) is decreased by which of the following activities?

Options:

A.

Increasing prices

B.

Increasing sales volume

C.

Increasing cost of sales

D.

Reducing inventory levels

Buy Now
Questions 121

A large volume of outbound Transmission Control Protocol (TCP) connections from the same source Internet Protocol (IP) address was observed at a satellite office firewall. Which of the following is the MOST likely explanation?

Options:

A.

There is only one managed switch port device on the satellite network.

B.

The command and control server has shut down all but one host.

C.

The network hosts are behind a Network Address Translation (NAT) device.

D.

The malware has shut down all but one host used for command and control.

Buy Now
Questions 122

During a threat modeling exercise using the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) framework, it was identified that a web server allocates a socket and forks each time it receives a request from a user without limiting the number of connections or requests.

Which of the following security objectives is MOST likely absent in the web server?

Options:

A.

Integrity

B.

Authenticity

C.

Availability

D.

Authorization

Buy Now
Questions 123

A life cycle assessment (LCA) would be used to determine:

Options:

A.

the length of a long-term agreement.

B.

how an Item should be scheduled.

C.

environmental aspects and impacts.

D.

If risk pooling would reduce inventory investment.

Buy Now
Questions 124

Which Open Systems Interconnection (OSI) layer is concerned with Denial-Of-Service (DoS) SYN flood attacks?

Options:

A.

Data

B.

Physical

C.

Network

D.

Transport

Buy Now
Questions 125

What is the PRIMARY benefit an organization obtains by cybersecurity framework to their cybersecurity program?

Options:

A.

A common set of security capabilities

B.

A common language and methodology

C.

A structured cybersecurity program

D.

A structured risk management process

Buy Now
Questions 126

An organization provides customer call center operations for major financial services organizations around the world. As part of a long-term strategy, the organization plans to add healthcare clients to the portfolio. In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should the security team ensure the organization adhere?

Options:

A.

Control Objectives For Information And Related Technology (COBIT) and Health Insurance Portability And Accountability Act (HIPAA) frameworks

B.

National Institute Of Standards And Technology (NIST) and International Organization For Standardization (ISO) frameworks

C.

Frameworks specific to the industries and locations clients do business in

D.

Frameworks that fit the organization’s risk appetite, as cybersecurity does not vary industry to industry

Buy Now
Questions 127

A security engineer must address resource sharing between various applications without adding physical hardware to the environment. Which secure design principle is used to BEST segregate applications?

Options:

A.

Network firewalls

B.

Logical isolation

C.

Application firewalls

D.

Physical isolation

Buy Now
Questions 128

In an ABC analysis, “A” items generally represent about 20% of the:

Options:

A.

Cost of goods sold (COGS).

B.

Inventory value.

C.

Inventory items.

D.

Gross annual sales.

Buy Now
Questions 129

Which of the following may authorize an organization to monitor an employee’s company computer and phone usage?

Options:

A.

Signed Non-Disclosure Agreement (NDA)

B.

Signed Acceptable Use Policy (AUP)

C.

ISC2 Code of Ethics

D.

Suspicious that a crime is being committed

Buy Now
Questions 130

The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?

Options:

A.

Ask the development team to reevaluate the current program and have a toolset developed securely within the organization.

B.

Request a copy of the most recent System and Organization Controls (SOC) report and/or most recent security audit reports and any vulnerability scans of the software code from the vendor.

C.

Purchase the software, deploy it in a test environment, and perform Dynamic Application Security Testing (DAST) on the software.

D.

Request a software demo with permission to have a third-party penetration test completed on it.

Buy Now
Questions 131

An organization is concerned about escalating travel costs and requests the finance department to investigate. The finance department discovers unauthorized travel being purchased by former employees through the organization’s web portal. What should the security department validate to prevent this from reoccurring?

Options:

A.

Corporate Virtual Private Network (VPN) tunnel

B.

Revocation of employee authenticators

C.

Multi-Factor Authentication (MFA)

D.

Complex passwords

Buy Now
Questions 132

A security professional is accessing an organization-issued laptop using biometrics to remotely log into a network resource. Which type of authentication method is described in this scenario?

Options:

A.

Something one does

B.

Something one is

C.

Something one has

D.

Something one knows

Buy Now
Questions 133

The question below is based on the following standard and actual data of a production order

CPIM-8.0 Question 133

Which of the following statements about variances is true?

Options:

A.

The material price vanance for Component A is favorable by S10

B.

The labor pnce variance is unfavorable by S20

C.

The material usage variance for Component B is favorable by $36

D.

The labor efficiency variance is favorable by S20

Buy Now
Questions 134

Which of the following roles is the BEST choice for classifying sensitive data?

Options:

A.

Information system owner

B.

Information system security manager

C.

Information owner

D.

Information system security officer

Buy Now
Questions 135

A plant uses a level production strategy due to the high costs of hiring and letting go of skilled employees. The constrained resource is due to be upgraded in the fourth month of the planning horizon, and that will reduce capacity for that month by 17%.

Which of the following actions would be appropriate in this situation to maintain current levels of customer service and gross margin?

Options:

A.

Increase planned production for the next three periods.

B.

Defer the upgrade to a period beyond the planning time fence.

C.

Increase planned production from the fifth period on.

D.

Defer the upgrade to the period in which the highest stock level is planned.

Buy Now
Questions 136

A firm that currently produces all items to stock is implementing the concept of postponement in all new product designs. Which of the following outcomes is most likely to result?

Options:

A.

Product variety will decrease.

B.

Sales volume per product family will increase.

C.

Number of finished items stocked will decrease.

D.

Number of component items stocked will increase.

Buy Now
Questions 137

The project manager for a new application development is building a test framework. It has been agreed that the framework will Include penetration testing; however, the project manager is keen to identify any flaws prior to the code being ready for execution. Which of the following techniques BEST supports this requirement?

Options:

A.

System vulnerability scans

B.

Database injection tests

C.

System reliability tests

D.

Static source code analysis

Buy Now
Questions 138

Under which of the following conditions is excess capacity most likely a good substitute for safety stock?

Options:

A.

The cost of excess capacity is less than the cost of an additional unit of safety stock in the same period.

B.

The cost to maintain one unit in inventory for a year is less than the direct labor cost.

C.

The service level with safety stock is more than the service level with excess capacity.

D.

Lead time for the product is longer than customers are willing to wait.

Buy Now
Questions 139

Database security includes which of the following requirements?

Options:

A.

Physical database integrity, logical database integrity, and ownership integrity

B.

Availability, auditability, and screening

C.

Physical database integrity, logical database integrity, and element integrity

D.

User authentication, availability, and accountability

Buy Now
Questions 140

An organization has been the subject of increasingly sophisticated phishing campaigns in recent months and has detected unauthorized access attempts against its Virtual Private Network (VPN) concentrators. Which of the following implementations would have the GREATEST impact on reducing the risk of credential compromise?

Options:

A.

Increasing the network password complexity requirements

B.

Implementing tougher encryption on the VPN

C.

Implementing Multi-Factor Authentication (MFA)

D.

Implementing advanced endpoint protection on user endpoints

Buy Now
Questions 141

An executive wants to ensure that risk related to information operations is managed in accordance with the enterprise ' s risk management thresholds. What is the BEST way to ensure this consistently occurs?

Options:

A.

Publish and enforce enterprise policies that assign risk decisions to corporate officers.

B.

Publish and enforce enterprise policies that assign risk decisions to cybersecurity analysts.

C.

Publish and enforce enterprise policies that assign risk decisions to business unit managers.

D.

Publish and enforce enterprise policies that assign risk decisions to system administrators.

Buy Now
Questions 142

An organization is looking to integrate security concepts into the code development process early in development to detect issues before the software is launched. Which advantage does the organization gain from using Static Application Security Testing (SAST) techniques versus dynamic application security testing techniques?

Options:

A.

Allows tailored techniques

B.

Executes code to detect issues

C.

Allows for earlier vulnerability detection

D.

Simulates attacker patterns

Buy Now
Questions 143

We have observed the inventory system does not handle plastic parts well. " What should be added to the problem statement to make it more useful?

Options:

A.

Measurements that help describe the problem

B.

Guidance to which problem-solving tools should be used

C.

Criteria for selecting the improvement team

D.

Description of who is responsible for the problem

Buy Now
Questions 144

In the context of mobile device security, which of the following BEST describes why a walled garden should be implemented?

Options:

A.

To track user actions and activity

B.

To prevent the installation of untrusted software

C.

To restrict a user ' s ability to change device settings

D.

To limit web access to only approved sites

Buy Now
Questions 145

Which of the following is the BEST reason to conduct a penetration test?

Options:

A.

To verify compliance with organizational patching policies.

B.

To document that all relevant patches have been installed.

C.

To identify technical vulnerabilities.

D.

To determine if weaknesses can be exploited.

Buy Now
Questions 146

A customer of a financial Institution denies that a transaction occurred. Which of the following is used to provide evidence evidence that the customer performed the transaction?

Options:

A.

Authorization controls

B.

Two-Factor Authentication (2FA)

C.

Non-repudiation controls

D.

Access audit

Buy Now
Questions 147

A firm ' s cash conversion cycle is most likely to improve when the firm:

Options:

A.

Increases the cash-to-cash cycle time.

B.

Reduces the days sales outstanding (DSO).

C.

Increases the equipment utilization rate.

D.

Extends payment terms to customers.

Buy Now
Questions 148

Components of an organization ' s Immediate industry and competitive environment Include:

Options:

A.

political factors.

B.

interest rates.

C.

substitute products.

D.

sociocultural forces.

Buy Now
Questions 149

A work center has 3 machines that are all run at the same time with a single worker. The work center has an efficiency of 75% and a utilization of 100%. What is the work center ' s capacity in standard hours for an 8-hour shift?

Options:

A.

6 hours

B.

8 hours

C.

18 hours

D.

24 hours

Buy Now
Questions 150

What is the MAIN reason security is considered as part of the system design phase instead of deferring to later phases?

Options:

A.

To prevent the users from performing unauthorized actions during the testing or operational phases

B.

To ensure complexity introduced by security design is addressed in the beginning stages

C.

To reduce the overall cost of incorporating security in a system

D.

To prevent the system from being tampered with in the future

Buy Now
Questions 151

Which of the following represents the BEST metric when measuring the effectiveness of a security awareness program?

Options:

A.

Interview the candidates ' managers about training effectiveness.

B.

Test the candidates on the content of the program.

C.

Require the candidates ' signatures to certify that they have attended training.

D.

Provide management reporting of candidate completion status.

Buy Now
Questions 152

Cloud computing introduces the concept of the shared responsibility model. This model can MOST accurately be described as defining shared responsibility between which of the following?

Options:

A.

Hosts and guest environments

B.

Operating Systems (OS) and applications

C.

Networks and virtual environments

D.

Customers and providers

Buy Now
Questions 153

The Business Continuity Plan (BCP) has multiple components. The information security plan portion must prioritize its efforts. Which 3 aspects of information security MUST be prioritized?

Options:

A.

Confidentiality, integrity, availability

B.

Physical security, access control, asset protection

C.

Intent, capability, opportunity

D.

Threat level, network security, information disposal

Buy Now
Questions 154

If fixed costs are §200,000 and 20,000 units are produced, a unit ' s fixed cost is §10. This is an example of:

Options:

A.

variable costing.

B.

activity-based costing (ABC).

C.

absorption costing.

D.

overhead costing.

Buy Now
Questions 155

Which of the following are steps involved in the identity and access provisioning lifecycle?

Options:

A.

Dissemination, review, revocation

B.

Dissemination, rotation, revocation

C.

Provisioning, review, revocation

D.

Provisioning, Dissemination, revocation

Buy Now
Questions 156

For a process that is outside its upper control limit (UCL), which of the following techniques would best be used to return the process under control?

Options:

A.

Conduct a Pareto analysis

B.

Plan-do-check-action (PDCA)

C.

Plot histograms

D.

Monitor control charts

Buy Now
Questions 157

A webmaster has repeatedly used the same certificate sign request to renew an organization ' s website Secure Sockets Layer (SSL) certificate. What is the MOST significant increased risk for the organization?

Options:

A.

Logical access control against symmetric key

B.

Cryptanalysis against symmetric key

C.

Cryptanalysis against private key

D.

Logical access control against private key

Buy Now
Questions 158

What is the FIRST element that must be evaluated in a security governance program?

Options:

A.

An organization’s business objectives and strategy

B.

Review of Information Technology (IT) and technical controls

C.

Review of organization’s Information Technology (IT) security policies

D.

An organization’s utilization of resources

Buy Now
Questions 159

A company has the following production conditions:

    Batch size: 1,000 items

    Processing time: 4 minutes per item

    Setup time: 2 hours

    Utilization: 80%

    Efficiency: 80%

Which of the following actions would result in the work being done in the least amount of time?

Options:

A.

Reduce the processing time for each item to 3.5 minutes.

B.

Increase either utilization or efficiency to 100%.

C.

Increase both utilization and efficiency to 90%.

D.

Eliminate the need for a setup to process the batch.

Buy Now
Questions 160

A contractor hacked into an unencrypted session on an organization ' s wireless network. Which authentication configuration is MOST likely to have enabled this?

Options:

A.

Remote Authentication Dial-In User Service (RADIUS)

B.

Captive web portal

C.

Lightweight Directory Access Protocol (LDAP)

D.

Token authentication

Buy Now
Questions 161

A security practitioner has been asked to investigate the presence of customer Personally Identifiable Information (PII) on a social media website. Where does the practitioner begin?

Options:

A.

Initiate the organization’s Incident Response Plan (IRP).

B.

Review the organizational social media policy.

C.

Review logs of all user’s social media activity.

D.

Determine a list of information assets that contain PII.

Buy Now
Questions 162

A web developer was recently asked to create an organization portal that allows users to retrieve contacts from a popular social media platform using Hypertext Transfer Protocol Secure (HTTPS). Which of the following is BEST suited for authorizing the resource owner to the social media platform?

Options:

A.

Open Authorization (OAuth) 2.0

B.

OpenID Connect (OIDC)

C.

Security Assertion Markup Language (SAML)

D.

Secure Lightweight Directory Access Protocol (LDAP)

Buy Now
Questions 163

A company confirms a customer order based on available capacity and inventory, even though the current production plan does not cover the entire order quantity. This situation is an example of what type of order fulfillment policy?

Options:

A.

Assemble-to-order (ATO)

B.

Capable-to-promise (CTP)

C.

Available-to-promise (ATP)

D.

Configure-to-order (CTO)

Buy Now
Questions 164

Which of the common vulnerabilities below can be mitigated by using indexes rather than actual portions of file names?

Options:

A.

Open redirect

B.

Cross-Site Request Forgery (CSRF)

C.

Path traversal

D.

Classic buffer overflow

Buy Now
Questions 165

Which of the following ports needs to be open for Kerberos Key Distribution Center (KDC) to function properly?

Options:

A.

88

B.

389

C.

443

D.

3268

Buy Now
Questions 166

Which of the following mechanisms should a practitioner focus on for the MOST effective information security continuous monitoring?

Options:

A.

Implementing automated methods for data collection and reporting where possible

B.

Updating security plans, security assessment reports, hardware, and software inventories

C.

Defining specific methods for monitoring that will maintain or improve security posture

D.

Collecting risk metrics from teams, such as business, testing, QA, development, and operations with security controls

Buy Now
Questions 167

Which of the following methods is most often used to manage inventory planning variability across the supply chain?

Options:

A.

Buffer management

B.

Safety lead time

C.

Risk pooling

D.

Risk categorization

Buy Now
Questions 168

A manufacturer begins production of an item when a customer order is placed. This is an example of a(n):

Options:

A.

Assemble-to-order (ATO) environment

B.

Make-to-stock (MTS) environment

C.

Pull system

D.

Push system

Buy Now
Questions 169

What is the BEST item to consider when designing security for information systems?

Options:

A.

The comprehensive level of assurance required

B.

The jurisdiction of the information system

C.

The security requirements of the board

D.

The Disaster Recovery Plan (DRP)

Buy Now
Questions 170

Which of the following should be done FIRST when implementing an Identity and Access Management (IAM) solution?

Options:

A.

List and evaluate IAM available products.

B.

Evaluate the existing Information Technology (IT) environment.

C.

Evaluate business needs.

D.

Engage the sponsor and identify key stakeholders.

Buy Now
Questions 171

What is the HIGHEST security concern on trans-border data?

Options:

A.

Organizations that are not in highly regulated industries do not have the resources to achieve compliance.

B.

Cyber transactions occur in an ever-changing legal and regulatory landscape without fixed borders.

C.

Information security practitioners are not Subject Matter Experts (SME) for all legal and compliance requirements.

D.

Organizations must follow all laws and regulations related to the use of the Internet.

Buy Now
Questions 172

Corporate fraud has historically been difficult to detect. Which of the following methods has been the MOST helpful in unmasking embezzlement?

Options:

A.

Accidental discovery

B.

Management review

C.

Anonymous tip lines

D.

Internal audit

Buy Now
Questions 173

An organization is concerned that if an employee’s mobile device is lost or stolen and does not reconnect to the carrier network, the data on the device may still be at risk. Consequently, the organization has implemented a control on all mobile devices to require an eight-character passcode for unlock and login. What should happen after multiple incorrect passcode attempts?

Options:

A.

The device should be restarted.

B.

The device should be wiped.

C.

The device should be turned off.

D.

The device passcode should be reset.

Buy Now
Questions 174

Which of the following data elements is required for a manufacturing routing?

Options:

A.

Queue time

B.

Work center

C.

Order quantity

D.

Efficiency factor

Buy Now
Questions 175

Material requirements planning (MRP) performance shows improvement when the total number of:

Options:

A.

Expedite messages increase.

B.

De-expedite messages increase.

C.

Due-for-release messages decrease.

D.

Action messages decrease.

Buy Now
Questions 176

A large organization that processes protected data issues preconfigured laptops to workers who then access systems and data based on their role. As their technology ages, these laptops are replaced with newer devices. What is the BEST solution to mitigate risk associated with these devices?

Options:

A.

Establish a device recycle process.

B.

Establish a process preventing credential storage on devices.

C.

Establish a physical destruction process for the storage medium.

D.

Establish a process for check in and check out of devices.

Buy Now
Questions 177

A failure mode and effects analysis (FMEA) could be used for which of the following activities?

Options:

A.

Forecasting the estimated warranty costs for the annual budget cycle

B.

Calculating the lost productivity from unplanned equipment downtime

C.

Determining the critical-to-quality (CTQ) characteristics for a new product design

D.

Assessing the supply chain risk for a single-sourced raw material

Buy Now
Questions 178

What function prevents unauthorized devices from gaining access to a network?

Options:

A.

Network Access Control (NAC)

B.

Storage Area Network (SAN)

C.

Network Address Translation (NAT)

D.

Software-Defined Network (SDN)

Buy Now
Questions 179

When considering Defense in Depth (DiD) as part of a network’s architectural design, what is the FIRST layer in a multi-layered defensive strategy?

Options:

A.

Distributed Denial-of-Service (DDoS)

B.

Managed Domain Name System (DNS)

C.

Reverse proxies

D.

Edge routers

Buy Now
Questions 180

An organization wants to ensure a risk does not occur. The action taken is to eliminate the attack surface by uninstalling vulnerable software. Which risk response strategy did the organization take?

Options:

A.

Accepting risk

B.

Avoiding risk

C.

Mitigating risk

D.

Transferring risk

Buy Now
Questions 181

The primary reason for tracing a component with scheduling problems to Its master production schedule (MPS) item is to:

Options:

A.

revise the rough-cut capacity plan.

B.

reschedule a related component on the shop floor.

C.

check the accuracy of the bills for the MPS items.

D.

determine if a customer order will be impacted.

Buy Now
Exam Code: CPIM-8.0
Exam Name: Certified in Planning and Inventory Management (CPIM 8.0)
Last Update: Jul 19, 2026
Questions: 606

PDF + Testing Engine

$134.99

Testing Engine

$99.99

PDF (Q&A)

$84.99