Big 11.11 Sale 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: sale65best

Free APICS CPIM-8.0 Practice Exam with Questions & Answers | Set: 8

Questions 106

In which cloud computing model is Identify And Access Management (IAM) the responsibility of a service provider?

Options:
A.

Software As A Service (SaaS).

B.

Platform As A Service (PaaS).

C.

Desktop As A Service (DaaS).

D.

Infrastructure As A Service (IaaS).

APICS CPIM-8.0 Premium Access
Questions 107

The development team wants new commercial software to integrate into the current system. What steps can the security office take to ensure the software has no vulnerabilities?

Options:
A.

Ask the development team to reevaluate the current program and have a toolset developed securely within the organization.

B.

Request a copy of the most recent System and Organization Controls (SOC) report and/or most recent security audit reports and any vulnerability scans of the software code from the vendor.

C.

Purchase the software, deploy it in a test environment, and perform Dynamic Application Security Testing (DAST) on the software.

D.

Request a software demo with permission to have a third-party penetration test completed on it.

Questions 108

A Structured Query Language (SQL) database is hosted on a hardened, secure server. All unused ports are locked down, but external connections from untrusted networks are still required to be allowed through. What is the BEST way to ensure transactions to/from this server remain secure?

Options:
A.

Secure SQL service port with a Transport Layer Security (TLS) certificate.

B.

Use Multi-Factor Authentication (MFA) for all logins to the server.

C.

Secure SQL service port with a Secure Sockets Layer (SSL) certificate.

D.

Scan all connections to the server for malicious packets.

Questions 109

An organization has decided to advance from qualitative risk assessment to quantitative risk analysis. The information security risk analyst has been tasked with replacing the organization’s qualitative likelihood scale of low, medium, and high with a quantitative approach. Which is the BEST approach for replacing the qualitative input values?

Options:
A.

Estimate the probability of the scenario ever occurring and use that percentage.

B.

Replace the qualitative scale’s thresholds with point percentages (e.g., low = 25%; medium = 50%; high = 75%) and use those percentages.

C.

Replace the qualitative scale’s thresholds with ranges of percentages (e.g., low = 1–33%; medium = 34–66%; high = 67–99%) and use those percentages.

D.

Estimate the probability of the scenario occurring within the following year and use that percentage.

Questions 110

Which of the following is the MOST significant flaw when using Federated Identity Management (FIM)?

Options:
A.

The initial cost of the setup is prohibitively high for small business.

B.

The token stored by the Identity Provider (IdP) may need to be renewed.

C.

The token generated by the Identity Provider (IdP) may be corrupted.

D.

The participating members in a federation may not adhere to the same rules of governance.

Questions 111

A newly hired Chief Information Security Officer (CISO) is now responsible to build a third-party assurance for their organization. When assessing a third-party, which of the following questions needs to be answered?

Options:
A.

How many employees the third-party employs?

B.

Which level of support does the third-party provide related to security?

C.

What is the monetary value of the third-party contract?

D.

To which standards does the third-party need to be assessed?

Questions 112

A security engineer has determined the need to implement preventative controls into their Wireless Local Area Network (WLAN) for added protection. Which preventative control provides the MOST security?

Options:
A.

Enabling software to enforce authorized network profiles

B.

Having an automated alerting capability when a problem is detected

C.

Third-party software to monitor configuration changes on the network

D.

Using a monitoring tool to capture all network activity

Questions 113

Which of the following are steps involved in the identity and access provisioning lifecycle?

Options:
A.

Dissemination, review, revocation

B.

Dissemination, rotation, revocation

C.

Provisioning, review, revocation

D.

Provisioning, Dissemination, revocation

Questions 114

The production plan defines which of the following targets?

Options:
A.

Sales forecast

B.

Quantities of each product to be produced

C.

Level of output to be produced

D.

Business plans for the company

Questions 115

Zombieload, Meltdown, Spectre, and Fallout are all names of bugs that utilized which of the following types of attack?

Options:
A.

Side-channel

B.

Fault injection

C.

Man-In-The-Middle (MITM)

D.

Frequency analysis

Questions 116

Which of the following threats MUST be included while conducting threat modeling for a Cloud Service Provider (CSP)?

Options:
A.

Risks of data breaches that can result from inadequate encryption of tenant data in transit and at rest

B.

Potential legal actions from third parties due to tenants’ activities on the CSP’s platform

C.

Vulnerabilities in shared resources that can be exploited by attackers to affect multiple tenants

D.

Threats originating from the CSP’s tenants that can impact the infrastructure and other tenants

Questions 117

A systems engineer has been tasked by management to provide a recommendation with a prioritized, focused set of actions to help the organization stop high-risk cyber attacks and ensure data security. What should the systems engineer recommend the organization use to accomplish this?

Options:
A.

Center for Internet Security critical security controls

B.

Control Objectives for Information and Related Technology (COBIT)

C.

Inventory baseline controls

D.

Security content automation protocol controls

Questions 118

Which of the following is the BEST way to identify the various types of software installed on an endpoint?

Options:
A.

Active network scanning

B.

Passive network scanning

C.

Authenticated scanning

D.

Port scanning

Questions 119

A software organization is getting ready to launch a new application. A security engineer notices the application allows unrestricted access to files on the web server. Which of the following recommendations will BEST resolve this security issue?

Options:
A.

Eliminate all calls for file access requests.

B.

Eliminate illegitimate calls for file access requests.

C.

Whitelist files and folders for file access requests.

D.

Blacklist files and folders for file access requests.

Questions 120

A large organization that processes protected data issues preconfigured laptops to workers who then access systems and data based on their role. As their technology ages, these laptops are replaced with newer devices. What is the BEST solution to mitigate risk associated with these devices?

Options:
A.

Establish a device recycle process.

B.

Establish a process preventing credential storage on devices.

C.

Establish a physical destruction process for the storage medium.

D.

Establish a process for check in and check out of devices.

Exam Code: CPIM-8.0
Certification Provider: APICS
Exam Name: Certified in Planning and Inventory Management (CPIM 8.0)
Last Update: Nov 13, 2025
Questions: 585

APICS Related Exams

How to pass APICS CPIM-ECO - Execution and Control of Operations Exam
How to pass APICS CPIM-Part-2 - Certified in Planning and Inventory Management(Part 2) Exam
CSCP - Certified Supply Chain Professional Exam
CLTD - Certified in Logistics, Transportation and Distribution
CTSC - Certified in Transformation for Supply Chain (CTSC)
APICS Free Access
Get APICS Full Access

APICS Free Exams
APICS Free Exams
Get the best free APICS exam study materials and practice tests at Examstrack. Perfect your APICS preparation by visiting Examstrack.