Pre-Summer Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = getmirror

Pass the APICS CPIM CPIM-8.0 Questions and answers with ExamsMirror

Practice at least 50% of the questions to maximize your chances of passing.

Exam CPIM-8.0 Premium Access

View all detail and faqs for the CPIM-8.0 exam

Go to Exam

896 Students Passed

84% Average Score

97% Same Questions

Viewing page 8 out of 12 pages

Viewing questions 106-120 out of questions

Questions # 106:

A champion is assigned to lead a threat modeling exercise. Which of the following will be the FIRST thing to consider?

Options:

Using an automated tool to construct system models

Outlining a detailed threat modeling procedure

Scheduling weekly threat modeling sessions

Ensuring the right stakeholder are involved

Questions # 107:

What order BEST reflects the steps when adding threat modeling practices to a Software Development Life Cycle (SDLC)?

Options:

Inventory use cases, categorize threats, evaluate business impact

Understand attack front, identify trust levels, decompose application

Inventory countermeasures, identify threats, implement mitigations

Establish monitoring, identify risks, implement countermeasures

Questions # 108:

Which of the below represent the GREATEST cloud-specific policy and organizational risk?

Options:

Loss of governance between the client and cloud provider

Loss of business reputation due to co-tenant activities

Supply chain failure

Cloud service termination or failure

Questions # 109:

An organization suffered a loss to an asset at a frequency that was different than the initially estimated Annualized Rate of Occurrence (ARO). What is the appropriate course of action?

Options:

Do nothing; the loss validates the ARO.

DO nothing; the loss validates the exposure factor.

Recalculate the value of the safeguard.

Recalculate the cost of the countermeasure.

Questions # 110:

Which of the following BEST characterizes the operational benefit of using immutable workloads when working on a cloud-based project?

Options:

The cloud service provider is responsible for all security within the workload

Allows a user to enable remote logins to running workloads

Security testing is managed after image creation

No longer have to bring system down to patch

Questions # 111:

Which of the following BEST characterizes the operational benefit of using immutable workloads when working on a cloud-based project?

Options:

The clouds service provider is responsible for all security within the workload

Security testing is managed after image creation

No longer have to bring system down to patch

Allows a user to enable remote logins to running workloads

Questions # 112:

A security consultant is recommending the implementation of a security-focused Configuration Management (CM) process in an organization. What would be the BEST benefit the security consultant would include in the recommendation?

Options:

Security-focused CM integrates the general concepts of CM with regulatory requirements placed on an organization.

Security-focused CM integrates the general concepts of CM with existing security requirements of the organization.

Security-focused CM integrates the general concepts of CM with best practices derived from industry frameworks.

Security-focused CM surpasses existing security requirements of the organization.

Questions # 113:

An organization has a legacy application used in production. Security updates are no longer provided, which makes the legacy application vulnerable. The legacy application stores Social Security numbers and credit card numbers. Which actions will BEST reduce the risk?

Options:

Submit a security exception for the application and remove it from vulnerability scanning

Report to the privacy officer and increase logging and monitoring of the application

Continue to operate and monitor the application until it is no longer needed

Implement compensating controls and prioritize upgrading the application

Questions # 114:

What is the MAIN privacy risk raised by federated identity solutions?

Options:

The potential for unauthorized access to user attributes

The potential for tracking and profiling an individual's transactions

The potential for exposing an organization's sensitive business information

The potential to break the chain of trust between identity brokers

Questions # 115:

Which of the following is the BEST reason to conduct a penetration test?

Options:

To verify compliance with organizational patching policies.

To document that all relevant patches have been installed.

To identify technical vulnerabilities.

To determine if weaknesses can be exploited.

Questions # 116:

Risk pooling would work best for items with:

Options:

low demand uncertainty and short lead times.

low demand uncertainty and long lead times.

high demand uncertainty and short lead times.

high demand uncertainty and long lead times.

Questions # 117:

One of the findings in the recent security assessment of a web application reads: "It appears that security is an afterthought in the web application development process. It is recommended that security be addressed earlier in the development process." Which of these choices would BEST remediate this security finding?

Options:

The installation and use of Dynamic Application Security Testing (DAST) software to test written code.

The installation and use of Static Application Security Testing (SAST) software to test written code.

The introduction of a continuous integration/continuous development pipeline to automate security into the software development change process.

The introduction of a security training program for the developers.

Questions # 118:

In which of the following phases of the product life cycle is product price most effective in influencing demand?

Options:

Introduction

Growth

Maturity

Decline

Questions # 119:

A team is tasked with developing new email encryption software. To ensure security, what will be the PRIMARY focus during the initial phase of development?