APICS CPIM-8.0 - Certified in Planning and Inventory Management (CPIM 8.0)

APICS CPIM-8.0 Premium Access Download Demo

Page: 9 / 12
Total 585 questions

Question # 121

What MUST be completed before developing physical security controls?

Develop a comprehensive security policy

Provide the annual security awareness training

Contract for licensed and bonded security force

Perform a physical security audit

Question # 122

Payment Card Industry Data Security Standard (PCI DSS) allows for scanning a statistical sample of the environment without scanning the full environment. Scanning a statistical sample has many advantages and disadvantages.

Which of the following is the MOST accurate set of advantages and disadvantages?

Limited risk to production targets, rapid scan times, requires proof of image standardization, and one-offs systems are not scanned

Easy for auditors to question, fastest scanning method, ideal for cloud environments, and not suitable for small organizations

Limited to a single environment/platform, proves image standardization, random selection misses end-to-end applications, and slower than targeted scanning

Confirmation of Configuration Management (CM), hand selection introduces confirmation bias, is ideal in operational technology environments, and requires about 10% of each environment/platform

Question # 123

A low-cost provider strategy works best when which of the following conditions are met?

Price competition among rivals is similar.

Buyers are more price sensitive.

There are many ways to achieve product differentiation.

There are few industry newcomers.

Explanation:

A low-cost provider strategy is a business strategy where a company aims to become the most cost-efficient player in its industry, often by producing goods or providing services at a lower cost than its competitors. The overall goal is to increase market share or achieve higher profitability. The low-cost leader in an industry often sets the price that other companies have to match or beat to stay competitive12.

A low-cost provider strategy works best when buyers are more price sensitive, meaning they are more likely to switch to cheaper alternatives if the price of a product or service increases. This condition creates a strong demand for low-priced products or services, and gives the low-cost leader a competitive advantage over rivals who have higher costs and prices. Buyers are more price sensitive when34:

â€¢The product or service is standardized or undifferentiated, and there are few switching costs.

â€¢The product or service represents a significant portion of the buyerâ€™s budget or income.

â€¢The product or service has low quality, performance, or image attributes that limit the buyerâ€™s satisfaction or loyalty.

â€¢The product or service is not crucial to the buyerâ€™s well-being or enjoyment.

The other options are not correct because:

â€¢A. Price competition among rivals is similar. This condition does not favor a low-cost provider strategy, because it implies that the industry is already highly competitive and there is little room for differentiation. A low-cost leader would have to lower its prices even further to gain an edge over rivals, which could erode its profitability and sustainability.

â€¢C. There are many ways to achieve product differentiation. This condition does not favor a low-cost provider strategy, because it implies that the industry is diverse and dynamic, and there are many opportunities for innovation and value creation. A low-cost leader would have to invest more in research and development, marketing, and customer service to keep up with the changing customer preferences and expectations, which could increase its costs and reduce its efficiency.

â€¢D. There are few industry newcomers. This condition does not favor a low-cost provider strategy, because it implies that the industry is mature and stable, and there are few threats from new entrants. A low-cost leader would have to rely on its existing customer base and market share, which could limit its growth potential and expose it to the risk of obsolescence.

References := 1 Low-cost leadership strategy: Explained with examples2 2 Low-Cost Producer: Definition, Strategies, Examples - Investopedia4 3 Low Cost Strategy - Definition, Factors & Example - MBA Skool5 4 Generating Advantage â€“ Strategic Management - Open Educational Resources1

Question # 124

An organization co-locates three divisions and merges them into one network infrastructure. Prior to the merge, the network manager issued devices to employees for remote login. What security concept should be observed to provide security when a device joins the network or when a client makes an Application Programming Interface (API) call?

Access Control List (ACL)

Non-repudiation

Multi-Factor Authentication (MFA)

Zero Trust (ZT)

Question # 125

In the context of mobile device security, which of the following BEST describes why a walled garden should be implemented?

To track user actions and activity

To prevent the installation of untrusted software

To restrict a user's ability to change device settings

To limit web access to only approved sites

Question # 126

Which approach will BEST mitigate risks associated with root user access while maintaining system functionality?

Creating a system where administrative tasks are performed under monitored sessions using the root account, with audits conducted regularly

Implementing a policy where users log in as root for complex tasks but use personal accounts for everyday activities, with strict logging of root access

Configuring individual user accounts with necessary privileges for specific tasks and employing â€œsudoâ€ for occasional administrative needs

Allowing key authorized personnel to access the root account for critical system changes, while other staff use limited accounts with â€œsudoâ€ for routine tasks

Question # 127

A cybersecurity professional has been tasked with instituting a risk management function at a new organization. Which of the following is the MOST important step the professional should take in this endeavor?

Determine the acceptable level of loss exposure at which the organization is comfortable operating.

Conduct a gap assessment and produce a risk rating report for the executive leadership.

Engage consultants to audit the organization against best practices and provide a risk report.

Implement an enterprise Governance, Risk, and Compliance (GRC) management solution.

Question # 128

One of the findings in the recent security assessment of a web application reads: "It appears that security is an afterthought in the web application development process. It is recommended that security be addressed earlier in the development process." Which of these choices would BEST remediate this security finding?

The installation and use of Dynamic Application Security Testing (DAST) software to test written code.

The installation and use of Static Application Security Testing (SAST) software to test written code.

The introduction of a continuous integration/continuous development pipeline to automate security into the software development change process.

The introduction of a security training program for the developers.

Question # 129

An information system security manager is tasked with properly applying risk management principle to their cloud information system as outlined by the National Institute of Standards and Technology (NIST).

Which of the following is the INITIAL step?

Categorize

Select

Assess

Prepare

Question # 130

A newly hired Chief Information Security Officer (CISO) is now responsible to build a third-party assurance for their organization. When assessing a third-party, which of the following questions needs to be answered?

How many employees the third-party employs?

Which level of support does the third-party provide related to security?

What is the monetary value of the third-party contract?

To which standards does the third-party need to be assessed?

Question # 131

Which of the following MUST exist for an activity to be considered an audit?

An auditor that is in no way employed, connected or associated to the organization being audited

Stored Personally Identifiable Information (PII) that an organization has a legal obligation to protect

A predefined standard and systematic approach to test the application of that standard

A certified member of a professional body qualified in the area of inspection

Question # 132

What does the Role-Based Access Control (RBAC) method define?

What equipment is needed to perform

How information is accessed within a system

What actions the user can or cannot do

How to apply the security labels in a system

Question # 133

A lengthy power outage led to unavailability of time critical services resulting in considerable losses. It was determined that a backup electrical generator did not work as intended at the time of the incident due to lack of fuel. What should the security consultant FIRST Investigate?

Maintenance procedures

Supplier contracts

Failover designs

Product catalogs

Question # 134

An independent risk assessment determined that a hospital's existing policies did not have a formal process in place to address system misuse, abuse, or fraudulent activity by internal users. Which of the following would BEST address this deficiency in the Corrective Action Plan?

Create and deploy policies and procedures

Develop and implement a sanction policy

Implement a risk management program

Perform a security control gap analysis

Question # 135

Which if the following is the FIRST control step in provisioning user rights and privileges?

Identification

Authorization

Authentication

Confidentiality

New Year Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

APICS CPIM-8.0 - Certified in Planning and Inventory Management (CPIM 8.0)

The Answer Is:

The Answer Is:

The Answer Is:

Explanation:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is:

The Answer Is: