Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

APICS CPIM-8.0 - Certified in Planning and Inventory Management (CPIM 8.0)

APICS CPIM-8.0 Premium Access     Download Demo    
Page: 1 / 11
Total 552 questions

Business management should be engaged in the creation of Business Continuity (BC) and Disaster Recovery plans (DRP) because they need to

A.

Ensure that the technology chosen for implementation meets all of the requirements.

B.

Provide resources and support for the development and testing of the plan.

C.

Predetermine spending for development and implantation of the plan.

D.

Specify the solution and options around which the plans will be developed.

Which of the following is MOST important for an international retail company to consider when handling and retaining information about its customers?

A.

Internal security policies

B.

General Data Protection Regulation (GDPR)

C.

System And Organization Controls (SOC) audit criteria

D.

Cyber insurance premiums

An organization provides customer call center operations for major financial services organizations around the world. As part of a long-term strategy, the organization plans to add healthcare clients to the portfolio. In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should the security team ensure the organization adhere?

A.

Control Objectives For Information And Related Technology (COBIT) and Health Insurance Portability And Accountability Act (HIPAA) frameworks

B.

National Institute Of Standards And Technology (NIST) and International Organization For Standardization (ISO) frameworks

C.

Frameworks specific to the industries and locations clients do business in

D.

Frameworks that fit the organization’s risk appetite, as cybersecurity does not vary industry to industry

In a large organization, the average time for a new user to receive access is seven days. Which of the following is the BEST enabler to shorten this time?

A.

Implement a self-service password management capability

B.

Increase system administration personnel

C.

Implement an automated provisioning tool

D.

Increase authorization workflow steps

What priority control technique is most appropriate for a firm using a cellular production system?

A.

Shortest processing time (SPT) rule

B.

Distribution requirements planning (DRP)

C.

Pull production activity control (PAC)

D.

Push production activity control (PAC)

A Structured Query Language (SQL) database is hosted on a hardened, secure server. All unused ports are locked down, but external connections from untrusted networks are still required to be allowed through. What is the BEST way to ensure transactions to/from this server remain secure?

A.

Secure SQL service port with a Transport Layer Security (TLS) certificate.

B.

Use Multi-Factor Authentication (MFA) for all logins to the server.

C.

Secure SQL service port with a Secure Sockets Layer (SSL) certificate.

D.

Scan all connections to the server for malicious packets.

A security engineer is reviewing Incident Response (IR) roles and responsibilities. Several roles have static elevated privileges in case an incident occurs. Instead of static access, what is the BEST access method to manage elevated privileges?

A.

Just-in-time

B.

Delegated

C.

Break-glass

D.

Automated

Which of the following capacity planning methods uses the master production schedule (MPS) as its primary input?

A.

Resource planning

B.

Rough-cut capacity planning (RCCP)

C.

Finite loading

D.

Input/output analysis

Which security concept states that a subject (user, application, or asset) be given only the access needed to complete a task?

A.

Discretionary Access Control (DAC)

B.

Principle of least privilege

C.

Need to know

D.

Role-Based Access Control (RBAC)

An organization is implementing Zero Trust Network Access (ZTNA) and needs a strategy to measure device trust for employee laptops. Which measurement strategy is BEST suited and why?

A.

Remote using a Trusted Platform Module (TPM) due to better protection of the keys

B.

Local using Trusted Platform Module (TPM) because low-level access software can be accessed

C.

Local using Trusted Platform Module (TPM) because of benefits from Segregation Of Duties (SoD)

D.

Remote using a scanning device because of benefits from Segregation Of Duties (SoD)

E.

Local using Mobile Device Management (MDM) because of device policy enforcement

During a threat modeling exercise using the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) framework, it was identified that a web server allocates a socket and forks each time it receives a request from a user without limiting the number of connections or requests.

Which of the following security objectives is MOST likely absent in the web server?

A.

Integrity

B.

Authenticity

C.

Availability

D.

Authorization

An organization’s external auditors have issued a management letter identifying significant deficiencies related to the effectiveness of the previous year’s global access certification. The organization wants to move from a department-based access control system to a Role-Based Access Control (RBAC) system. In addition to quickly and securely provisioning users by granting membership into predefined and approved roles, which of these presents the BEST reason to do so?

A.

The organization can implement both mandatory and dynamic access controls, except where they would be in conflict.

B.

The organization can clone roles, saving time and granting broad access to persons within the same department.

C.

The organization can give a person holding multiple roles the appropriate levels of access to specific data for each role.

D.

The organization can implement both static and dynamic access controls, adjusting them to fit any individual’s access needs.

To gain entry into a building, individuals are required to use a palm scan. This is an example of which type of control?

A.

Administrative detective

B.

Physical preventive

C.

Physical detective

D.

Administrative preventive

An organization has a call center that uses a Voice Over Internet Protocol (VoIP) system. The conversations are sensitive, and the organization is concerned about employees other than the call agents accessing these conversations. What is the MOST effective additional security measure to make?

A.

Ensure that the call agents are using an additional authentication method.

B.

Implement a Network Access Control (NAC) solution.

C.

Ensure that the voice media is using Secure Real-Time Transport Protocol.

D.

Segment the voice network and add Next-Generation Firewalls (NGFW).

Which of the following is a PRIMARY benefit of sharing assessment results among key organizational officials across information boundaries?

A.

Facilitates development of organization-wide security metrics

B.

Allows management to assess which organizational elements have the best security practices

C.

Provides the organization a wider view of systemic weaknesses and deficiencies in their information systems

D.

Identifies areas that require additional training emphasis in each organizational element