CPIM-8.0 Certified in Planning and Inventory Management (CPIM 8.0) Questions and Answers
A consultant has been engaged to support the team in analyzing why the development of a new software product has slipped schedule by a year. The consultant discovered an increase of the functionality requirements due to the failure of the asset tracking program. Which of the following BEST describes which system lifecycle element is impacted?
An external audit is conducted on an organization ' s cloud Information Technology (IT) infrastructure. This organization has been using cloud IT services for several years, but its use is not regulated in any way by the organization and security audits have never been conducted in the past. Which task will be the MOST challenging to conduct an effective security audit?
While conducting an information asset audit, it was determined that several devices were running unpatched Operating Systems (0S). Further review Indicated the OS was no longer supported by the vendor. Which of the following BEST indicates the appropriate asset lifecycle stage of the devices?
Exhibit:

A company has prioritized customers A, B, and C, filling orders in that sequence. What are the impacts to customer service levels for customers B and C?
A traffic analysis on an organization ' s network identifies a significant degree of inefficient resource use as a result of broadcast traffic. The organization wants to reduce the scope of the broadcasts without impeding the flow of traffic. Which of the following devices is the BEST choice to implement to achieve this goal?
Which of the following is a core subset of The Open Group Architecture Framework (TOGAF) enterprise architecture model?
Which of the following is the MOST significant flaw when using Federated Identity Management (FIM)?
In a large organization, the average time for a new user to receive access is seven days. Which of the following is the BEST enabler to shorten this time?
Network Access Control (NAC) is used to perform what function for computers joining the network?
When the discrete available-to-promise (ATP) method is used, the master production receipt quantity is committed to:
Which of the following BEST represents a security benefit of Software-Defined Networking (SDN)?
A Generic Routing Encapsulation (GRE) tunnel moves data across a third-party Internet Protocol (IP) network. What is the risk of using GRE tunnels?
Which of the following statements is true about the meantime between failures (MTBF) measure?
Which of the following is a PRIMARY benefit of sharing assessment results among key organizational officials across information boundaries?
Broadcast traffic is causing network performance degradation of sensitive equipment.
Which of the following methods is used to prevent the broadcast traffic from impacting availability?
Substituting capital equipment in place of direct labor can be economically Justified for which of the following scenarios?
An organizations is developing a new software package for a financial institution. What is the FIRST step when modeling threats to this new software package?
The results of a threat campaign show a high risk of potential intrusion. Which of the following parameters of the Common Vulnerability Scoring System (CVSS) will MOST likely provide information on threat conditions for the organization to consider?
Which of the following vulnerability types is also known as a serialization flaw and affects the integrity of two processes interacting with the same resource at the same time?
An agency has the requirement to establish a direct data connection with another organization for the purpose of exchanging data between the agency and organization systems. There is a requirement for a formal agreement between the agency and organization. Which source of standards can the system owners use to define the roles and responsibilities along with details for the technical and security requirements?
Which technology is BEST suited to establish a secure communications link between an individual’s home office and the organization’s Local Area Network (LAN)?
Which of the following provides for continuous improvement of the change control process?
A security officer has been tasked with performing security assessments on the organization’s in the current calendar year. While collecting data, the officer realizes that more than one business until will be engaged in the assessment. What activity MUST be included in the data collection phase?
Which of the following methods would be appropriate for forecasting the demand for a product family when there is a significant trend and seasonality in the demand history?
An organization has received the results of their network security risk assessment. What is the BEST course of action for the organization to take in response to the analyzed report findings?
A warehouse manager assigns orders to warehouse personnel grouped by where the goods are stored. This type of picking is called a(n):
An organization recently completed an acquisition of another entity and staff members are complaining about the excessive number of credentials they need to remember as each application requires separate logins. This is negatively affecting collaboration efficiency and increasing the risk of human errors. What will the organization consider implementing as part of the solution to improve the situation?
A production manager completes a work order for an assembly item, and inventory records for the components are decreased. This is an example of:
Which of the following is a threat modeling methodology used for accessing threats against applications and Operating Systems (OS)?
While doing a penetration test, auditors found an old credential hash for a privileged user. To prevent a privileged user ' s hash from being cached, what is the MOST appropriate policy to mandate?
An organization is having bandwidth utilization issues due to unauthorized devices on the network. Which action should be taken to solve the problem?
An organizational policy requires that any data from organization-issued devices be securely destroyed before disposal. Which method provides the BEST assurance of data destruction?
The security department was notified about vulnerabilities regarding users ' identity verification in a web application. Which of the following vulnerabilities is the security professional MOST likely to test?
In order to meet retention requirements, it may be necessary to migrate digital records to different media because of which of the following issues?
An organization discovered that malicious software was installed on an employee’s work laptop and allowed a competing vendor to access confidential files. The employee was fully aware of the policy not to install unauthorized software on the organization laptop. What is the BEST automated security practice for an organization to implement to avoid this situation?
Which of the following statements is an assumption on which the economic order quantity (EOQ) model is based?
In a lean environment, the batch-size decision for planning " A " items would be done by:
To mitigate risk related to natural disasters, an organization has a separate location with systems and communications in place. Data must be restored on the remote systems before they are ready for use. What type of remote site is this?
An organization has determined that it needs to retain customer records for at least thirty years to discover generational trends in customer behavior. However, relevant local regulation requires that all Personally Identifiable Information (PII) is deleted after expiration of the customer ' s engagement with the organization, which is usually no longer than one year. How should the data be handled at the expiration of customer engagement at one year?
An organization has a requirement that all documents must be auditable and that the original is never modified once created. When designing the system, what security model MUST be implemented in order to meet this requirement?
A logistics manager Is faced with delivering an order via rail or truck. Shipping via rail costs S300 and takes 14 days. Shipping via truck costs $600 and takes 3 days. If the holding cost is $40 per day, what is the cost to deliver the order?
What is a strategic process that is aimed at considering possible attack scenarios and vulnerabilities within a proposed or existing application environment for the purpose of clearly identifying risk and impact levels?
An organization has a call center that uses a Voice Over Internet Protocol (VoIP) system. The conversations are sensitive, and the organization is concerned about employees other than the call agents accessing these conversations. What is the MOST effective additional security measure to make?
Which of the following documents is the BEST reference to describe application functionality?
Which of the below represent the GREATEST cloud-specific policy and organizational risk?
An organization has decided to give decommissioned computers to a school in a developing country. The company data handling policy prohibits the storage of confidential and sensitive data. What would be the BEST technique to use to avoid data remanence, and to minimize the operational burden for the inheriting school?
In order for an organization to mature their data governance processes to ensure compliance, they have created a data classification matrix.
What are the next BEST activities to build on this completed work?
A semiconductor manufacturer is writing a physical asset handling policy. Which of the following is MOST likely to be the rationale for the policy?
Which of the following statements is an advantage of a fourth-party logistics (4PL) provider?
An organization is transitioning from a traditional server-centric infrastructure to a cloud-based Infrastructure. Shortly after the transition, a major breach occurs to the organization ' s databases. In an Infrastructure As A Service (IaaS) model, who would be held responsible for the breach?
Remote sensors have been deployed at a utility site to reduce overall response times for maintenance staff supporting critical infrastructure. Wireless communications are used to communicate with the remote sensors, as it is the most cost-effective method and minimizes risk to public health and safety. The utility organization has deployed a Host-Based Intrusion Prevention System (HIPS) to monitor and protect the sensors. Which statement BEST describes the risk that is mitigated by utilizing this security tool?
Which of the following statements is true about total productive maintenance (TPM)?
A company’s Marketing and Sales departments have identified an opportunity to develop a new market for a product family and requested an increase in the production plan. Which of the following actions would be most appropriate to account for the new market opportunity?
A company has a demand for 30 units of A, 40 units of B, and 50 units of C. These products are scheduled to run daily in batches of 10 as follows: ABC, ABC, ABC, CBC. What is this scheduling
technique called?
Internet Small Computer Systems Interface (iSCSI) protocol relies on Transmission Control Protocol/Internet Protocol (TCP/IP). Which can be used maliciously to interrupt the flow of data. Which Information Technology (IT) component would be impacted by such a disruption?
When an organization is recruiting for roles within the organization, at which stage of the employee life cycle are termination procedures incorporated?
What is the MOST appropriate action to take when media classification needs to be downgraded to a less sensitive classification?
Which burden of proof has been applied when a workplace investigation has a 51 percent or greater certainty that allegations are true?
Which of the following items does the master scheduler have the authority to change in the master scheduling process?
Which of the following provides that redundancy and failover capabilities are built into a system to maximize its uptime?
A vendor has been awarded a contract to supply key business software. The vendor has declined all requests to have its security controls audited by customers. The organization insists the product must go live within 30 days. However, the security team is reluctant to allow the project to go live.
What is the organization ' s BEST next step?
If all other factors remain the same, when finished goods inventory investment is increased, service levels typically will:
When resolving conflicts, which canon within the ISC2 Code of Ethics requires members to consider duties to principals and Individuals?
Which of the following data is needed to determine gross requirements when conducting distribution requirements planning (DRP)?
In which of the following phases of the product life cycle is product price most effective in influencing demand?
During an investigation, a forensic analyst executed a task to allow for the authentication of all documents, data, and objects collected, if required. Which of the options below BEST describes this task?
A security analyst has been asked to build a data retention policy for a hospital. What is the FIRST action that needs to be performed in building this policy?
A low-cost provider strategy works best when which of the following conditions are met?
The costs provided in the table below are associated with buying a quantity larger than immediately needed. What Is the total landed cost based on this table?
Cost CategoryCost
Custom fees$125
Freight$700
Warehouse rent$200
Matenal cost$500
An organization wishes to utilize a managed Domain Name System (DNS) provider to reduce the risk of users accessing known malicious sites when web browsing. The organization operates DNS forwarders that forward queries for all external domains to the DNS provider. Which of the following techniques could enable the organization to identify client systems that have attempted to access known malicious domains?
In an organization that develops aircrafts for military usage, where will the security team focus its efforts to ensure the organization’s data remains confidential?
Which of the following is the MOST effective approach to reduce the threat of rogue devices being introduced to the internal network?
A bank recently informed a customer that their account has been overdrawn after their latest transaction. This transaction was not authorized by the customer. Upon further investigation, it was determined by the security team that a hacker was able to manipulate the customer ' s pre-authenticated session and force a wire transfer of funds to a foreign bank account. Which type of attack MOST likely occurred?
What is the PRIMARY benefit an organization obtains by adapting a cybersecurity framework to their cybersecurity program?
What is the process when a security assessor compiles potential targets from the attacker’s perspective, such as data flows, and interactions with users?
Which of the following is the fundamental difference between finite loading and other capacity planning approaches?
What is the following is the MAIN reason why hot-spot usually adopt open security mode in wireless networks?
A security analyst modifies the organization’s baselines to align the controls more closely with specific security and privacy requirements. Which security concept is this an example of?
In a make-to-stock (MTS) environment, the master production schedule (MPS) Is usually a schedule of which of the following types of items?
The Chief Security Officer (CSO) of an organization would like to have a network security assessment done by the security team. Which of the following is the FIRST step in the security testing methodology?
When conducting a vulnerability test using a scanner tool, which unintended consequence can occur?
The Chief Information Security Officer (CISO) is meeting with the external network security evaluation team ' s blue team leader to confirm the internal system administrator ' s work schedules, hardware lists, and logistical support for their debriefing. Which of the following would be the MOST likely topic of discussion for the briefing?
A regular remote user executed an application that allowed the execution of commands with elevated permissions. It was allowed to create new users, start and stop services, and view critical log files. Which exploit type did the application use in this scenario?
An audit report of security operations has listed some anomalies with third parties being granted access to the internal systems and data without any restrictions.
Which of the following will BEST help remediate this issue?
An information security professional has been tasked with remediating vulnerabilities identified during a recent penetration test. Which of the following sections of the penetration results report would be MOST preferable to remediate hosts one at a time?
An information security professional is tasked with configuring full disk encryption on new hardware equipped with a Trusted Platform Module (TPM). How does TPM further enhance the security posture of full disk encryption if configured properly?
When performing threat modeling using Spoofing, Tampering, Repudiation, Information Disclosure, Denial Of Service, And Elevation of Privilege (STRIDE), which of the following is an example of a repudiation threat?
A company selling seasonal products is preparing their sales and operations plan for the coming year. Their current labor staffing is at the maximum for their production facility and cannot meet the forecasted demand. The business plan shows they do not have the financial capability to add to the production facility. Which of the following actions would be most appropriate?
Which of the following BEST characterizes the operational benefit of using immutable workloads when working on a cloud-based project?
The question below is based on the following information:

Work Center 1 has an available capacity of 1,200 hours per month. Which of the following amounts represents the cumulative difference between the required capacity and the available capacity of Months 1 through 3?
Given the bill of material (BOM) information below and independent requirements of 10 pieces (pcs) per week of Component A and 20 pieces (pcs) per week of Component B, what is the weekly gross requirement of component F?

It takes an average of 3 hours to set up a model and 1 hour to run, but depending on the complexity of the models, the setup time can be significantly different. Last week. 2 modelers were working on different projects. Each worked 40 hours. One modeler finished 5 models a day, and the other finished 1 model a day. What was the demonstrated capacity last week?
A large organization is planning to lay off half of its staff. From an information security point of view, what is the BEST way of approaching affected staff?
The master schedule is an Important tool in the sales and operations planning (S & OP) process because it:
An organization’s security team is looking at ways to minimize the security risk of the container infrastructure. The lead engineer needs to select a suite of remediation actions to minimize risks. Which programmatic approach will result in preventing, detecting , and responding to the GREATEST number of threats aimed at container operations?
A company implementing a localized multi-country strategy to increase market share should engage in which of the following actions?
An organization’s computer incident responses team PRIMARY responds to which type of control?
The demand for an item has increasing forecast error, whereas all other factors remain constant. Which of the following remains constant while maintaining the same customer service level?
A security practitioner notices that workforce members retain access to information systems after transferring to new roles within the organization, which could lead to unauthorized changes to the information systems.
This is a direct violation of which common security model?
An organization has been struggling to improve their security posture after a recent breach. Where should the organization focus their efforts?
Global outsourcing and shared suppliers serving an industry are drivers of which category of risk?
An information security professional is considering what type of classification label to place on an organization’s software code in order to implement proper access controls. The code is considered intellectual property data and would have a catastrophic impact to the organization if compromised or destroyed. Which of the following would be the MOST appropriate classification label to apply?
Capacity requirements planning (CRP) is applicable primarily In companies operating In an environment where:
Which of the following stock location systems would you use in a repetitive manufacturing, lean environment?
Disaster Recovery Plan (DRP) training can be considered complete when the participants
A large volume of outbound Transmission Control Protocol (TCP) connections from the same source Internet Protocol (IP) address was observed at a satellite office firewall. Which of the following is the MOST likely explanation?
During a threat modeling exercise using the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) framework, it was identified that a web server allocates a socket and forks each time it receives a request from a user without limiting the number of connections or requests.
Which of the following security objectives is MOST likely absent in the web server?
Which Open Systems Interconnection (OSI) layer is concerned with Denial-Of-Service (DoS) SYN flood attacks?
What is the PRIMARY benefit an organization obtains by cybersecurity framework to their cybersecurity program?
An organization provides customer call center operations for major financial services organizations around the world. As part of a long-term strategy, the organization plans to add healthcare clients to the portfolio. In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should the security team ensure the organization adhere?
A security engineer must address resource sharing between various applications without adding physical hardware to the environment. Which secure design principle is used to BEST segregate applications?
Which of the following may authorize an organization to monitor an employee’s company computer and phone usage?
The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?
An organization is concerned about escalating travel costs and requests the finance department to investigate. The finance department discovers unauthorized travel being purchased by former employees through the organization’s web portal. What should the security department validate to prevent this from reoccurring?
A security professional is accessing an organization-issued laptop using biometrics to remotely log into a network resource. Which type of authentication method is described in this scenario?
The question below is based on the following standard and actual data of a production order

Which of the following statements about variances is true?
Which of the following roles is the BEST choice for classifying sensitive data?
A plant uses a level production strategy due to the high costs of hiring and letting go of skilled employees. The constrained resource is due to be upgraded in the fourth month of the planning horizon, and that will reduce capacity for that month by 17%.
Which of the following actions would be appropriate in this situation to maintain current levels of customer service and gross margin?
A firm that currently produces all items to stock is implementing the concept of postponement in all new product designs. Which of the following outcomes is most likely to result?
The project manager for a new application development is building a test framework. It has been agreed that the framework will Include penetration testing; however, the project manager is keen to identify any flaws prior to the code being ready for execution. Which of the following techniques BEST supports this requirement?
Under which of the following conditions is excess capacity most likely a good substitute for safety stock?
An organization has been the subject of increasingly sophisticated phishing campaigns in recent months and has detected unauthorized access attempts against its Virtual Private Network (VPN) concentrators. Which of the following implementations would have the GREATEST impact on reducing the risk of credential compromise?
An executive wants to ensure that risk related to information operations is managed in accordance with the enterprise ' s risk management thresholds. What is the BEST way to ensure this consistently occurs?
An organization is looking to integrate security concepts into the code development process early in development to detect issues before the software is launched. Which advantage does the organization gain from using Static Application Security Testing (SAST) techniques versus dynamic application security testing techniques?
We have observed the inventory system does not handle plastic parts well. " What should be added to the problem statement to make it more useful?
In the context of mobile device security, which of the following BEST describes why a walled garden should be implemented?
A customer of a financial Institution denies that a transaction occurred. Which of the following is used to provide evidence evidence that the customer performed the transaction?
Components of an organization ' s Immediate industry and competitive environment Include:
A work center has 3 machines that are all run at the same time with a single worker. The work center has an efficiency of 75% and a utilization of 100%. What is the work center ' s capacity in standard hours for an 8-hour shift?
What is the MAIN reason security is considered as part of the system design phase instead of deferring to later phases?
Which of the following represents the BEST metric when measuring the effectiveness of a security awareness program?
Cloud computing introduces the concept of the shared responsibility model. This model can MOST accurately be described as defining shared responsibility between which of the following?
The Business Continuity Plan (BCP) has multiple components. The information security plan portion must prioritize its efforts. Which 3 aspects of information security MUST be prioritized?
If fixed costs are §200,000 and 20,000 units are produced, a unit ' s fixed cost is §10. This is an example of:
Which of the following are steps involved in the identity and access provisioning lifecycle?
For a process that is outside its upper control limit (UCL), which of the following techniques would best be used to return the process under control?
A webmaster has repeatedly used the same certificate sign request to renew an organization ' s website Secure Sockets Layer (SSL) certificate. What is the MOST significant increased risk for the organization?
What is the FIRST element that must be evaluated in a security governance program?
A company has the following production conditions:
Batch size: 1,000 items
Processing time: 4 minutes per item
Setup time: 2 hours
Utilization: 80%
Efficiency: 80%
Which of the following actions would result in the work being done in the least amount of time?
A contractor hacked into an unencrypted session on an organization ' s wireless network. Which authentication configuration is MOST likely to have enabled this?
A security practitioner has been asked to investigate the presence of customer Personally Identifiable Information (PII) on a social media website. Where does the practitioner begin?
A web developer was recently asked to create an organization portal that allows users to retrieve contacts from a popular social media platform using Hypertext Transfer Protocol Secure (HTTPS). Which of the following is BEST suited for authorizing the resource owner to the social media platform?
A company confirms a customer order based on available capacity and inventory, even though the current production plan does not cover the entire order quantity. This situation is an example of what type of order fulfillment policy?
Which of the common vulnerabilities below can be mitigated by using indexes rather than actual portions of file names?
Which of the following ports needs to be open for Kerberos Key Distribution Center (KDC) to function properly?
Which of the following mechanisms should a practitioner focus on for the MOST effective information security continuous monitoring?
Which of the following methods is most often used to manage inventory planning variability across the supply chain?
A manufacturer begins production of an item when a customer order is placed. This is an example of a(n):
What is the BEST item to consider when designing security for information systems?
Which of the following should be done FIRST when implementing an Identity and Access Management (IAM) solution?
Corporate fraud has historically been difficult to detect. Which of the following methods has been the MOST helpful in unmasking embezzlement?
An organization is concerned that if an employee’s mobile device is lost or stolen and does not reconnect to the carrier network, the data on the device may still be at risk. Consequently, the organization has implemented a control on all mobile devices to require an eight-character passcode for unlock and login. What should happen after multiple incorrect passcode attempts?
Material requirements planning (MRP) performance shows improvement when the total number of:
A large organization that processes protected data issues preconfigured laptops to workers who then access systems and data based on their role. As their technology ages, these laptops are replaced with newer devices. What is the BEST solution to mitigate risk associated with these devices?
A failure mode and effects analysis (FMEA) could be used for which of the following activities?
When considering Defense in Depth (DiD) as part of a network’s architectural design, what is the FIRST layer in a multi-layered defensive strategy?
An organization wants to ensure a risk does not occur. The action taken is to eliminate the attack surface by uninstalling vulnerable software. Which risk response strategy did the organization take?
The primary reason for tracing a component with scheduling problems to Its master production schedule (MPS) item is to: