CPIM-8.

Exam Practice Questions

This CPIM-8.0 exam PDF provides detailed practice questions, answers, and
explanations. These APICS CPIM-8.0 exam practice questions are designed for
IT professionals, system administrators, and students preparing for CPIM
Certification certification.

Key Features

Exam-Oriented Questions: Realistic practice questions that mirror the format

and difficulty of actual certification exams.

Wide Coverage: Includes cloud computing, networking, security, AI, and

enterprise IT management exams.

Study-Friendly Format: Organized sections by exam type, enabling focused

preparation.

Important Note:

This material is for personal study purposes only. Please do not

redistribute or use for commercial purposes without permission.

Share some CPIM-8.0 exam online questions below.

1.For a company that uses first in, first out (FIFO) inventory accounting, the actual use in production
of a recently arrived shipment of more expensive components rather than lower-cost components
previously received will have which of the following results?
A. Higher cost of goods sold (COGS)
B. Lower COGS
C. No change to COGS
D. A violation of FIFO rules
Answer: A
Explanation:
FIFO inventory accounting assumes that the first items purchased or produced are the first ones sold
or used. Therefore, the cost of goods sold reflects the oldest costs of inventory. If a company uses a
more expensive shipment of components instead of the lower-cost ones that were previously
received, it will increase the cost of goods sold and reduce the gross profit margin. This is because
the newer components have a higher unit cost than the older ones, and the cost of goods sold is
calculated by multiplying the unit cost by the number of units sold or used.
Reference: • CPIM Part 1 Exam Content Manual, page 17, section 3.2.1: “Explain the impact of
inventory valuation methods (for example, first in, first out [FIFO], last in, first out [LIFO], average
cost, standard cost) on financial statements and taxes.”
• CPIM Part 1 Study Guide, page 63, section 3.2.1: “The FIFO method assumes that the first goods
purchased or produced are the first goods sold. The cost of goods sold is based on the oldest costs,
and the ending inventory is based on the most recent costs. The FIFO method results in a higher net
income and a higher ending inventory value in a period of rising prices.”

2.An organization is running a cloud-based application to process the information obtained at point-of-
sale devices.
Which guideline should be applied to the application?
A. Health Insurance Portability And Accountability Act (HIPAA)
B. Application Security Verification Standard (ASVS)
C. Payment Card Industry Data Security Standard (PCI DSS)
D. Gramm-Leach-Bliley Act (GLBA)
Answer: C

3.A security engineer must address resource sharing between various applications without adding
physical hardware to the environment.
Which secure design principle is used to BEST segregate applications?
A. Network firewalls
B. Logical isolation
C. Application firewalls
D. Physical isolation
Answer: B

4.A security professional is accessing an organization-issued laptop using biometrics to remotely log
into a network resource.
Which type of authentication method is described in this scenario?
A. Something one does
B. Something one is
C. Something one has
D. Something one knows
Answer: B

5.A company confirms a customer order based on available capacity and inventory, even though the
current production plan does not cover the entire order quantity.
This situation is an example of what type of order fulfillment policy?
A. Assemble-to-order (ATO)
B. Capable-to-promise (CTP)
C. Available-to-promise (ATP)
D. Configure-to-order (CTO)
Answer: B
Explanation:
Capable-to-promise (CTP) is a type of order fulfillment policy that confirms a customer order based on
the available capacity and inventory, as well as the current production plan and schedule. CTP
calculates the earliest possible delivery date for a customer order, considering the existing demand
and supply situation. CTP allows a company to accept an order that exceeds the current available
inventory, as long as it can produce the remaining quantity within the customer’s requested delivery
time. CTP helps to improve customer service, reduce inventory costs, and increase production
efficiency12.
Reference: 1 Capable to Promise (CTP) - Definition, Calculation, and Examples 3 2 CPIM Exam
Reference - Association for Supply Chain Management

6.Which of the following is a system architecture in a data protection strategy?

A. Logical isolation
B. Network segmentation
C. Distributed network
D. Access enforcement
Answer: B

7.An organization is migrating its access controls to a certificate-based authentication system.

What will need to be established to verify the identity of all users connecting to the network before
rolling out the system?
A. A biometric system needs to scan unique attributes of all users.
B. A Certificate Authority (CA) needs to issue new passwords to all users.
C. A Certificate Authority (CA) needs to issue the certificates to all users.
D. A challenge response system needs to validate all user access.
Answer: C

8.An organization is updating an Application Programming Interface (API) to support requests coming
from mobile applications distributed on public application stores. The API’s primary function is to
supply confidential documents when users request them within the mobile application.
Which approach would BEST respond to this use case?
A. Require that the user supplies their credential to access confidential documents.
B. Require a Virtual Private Network (VPN) connection to the organization's network to access
confidential documents.
C. Implement Security Assertion Markup Language (SAML) to validate the identity of the user
requesting access to confidential documents.
D. Implement Open Authorization (OAuth) 2.0 to require the users to request permission to access
confidential documents.
Answer: D

9.In a make-to-order (MTO) production environment, fluctuations in sales volumes are managed by
adjustments to the:
A. Customer order backlog
B. Finished goods inventory
C. Minimum order quantity (MOQ)
D. Process cycle time
Answer: A
Explanation:
In MTO environments, production starts only after an order is received. There is no finished goods
inventory to buffer demand fluctuations. Instead, customer order backlog expands or contracts with
changing sales volumes.
“MTO environments manage demand fluctuations through the customer order backlog rather than
inventory.”
? APICS CPIM ECO and SMR Modules C MTO Production Strategy Section

10.Typically, rough-cut capacity planning (RCCP) in a job shop environment would review which of
the following work centers to determine the ability to execute the plan?
A. Critical work centers only
B. Gateway work centers only
C. Final assembly work centers only
D. All work centers
Answer: A
Explanation:
Rough-cut capacity planning (RCCP) is a technique that evaluates the feasibility of a master
production schedule (MPS) by comparing the available capacity of key resources with the required
capacity of the MPS. In a job shop environment, where products are made to order and have high
variety and low volume, RCCP would typically review only the critical work centers to determine the
ability to execute the plan. Critical work centers are those that have the greatest impact on the
throughput, lead time, or cost of the products. They are usually the work centers that have the highest
utilization, longest setup times, or most frequent bottlenecks. By focusing on the critical work centers,
RCCP can simplify the capacity planning process and identify the potential problems or constraints
that may affect the MPS. The other options, gateway work centers, final assembly work centers, and
all work centers, are not as effective as critical work centers for RCCP in a job shop environment, as
they may not reflect the true capacity requirements or constraints of the products.
Reference: Rough Cut Capacity Planning (RCCP) - Definition, Example, and Benefits Rough Cut
Capacity Planning (RCCP) - Meaning, Objectives, and Advantages Rough Cut Capacity Planning
(RCCP) - Overview, Steps, and Example

11.A bank recently informed a customer that their account has been overdrawn after their latest
transaction. This transaction was not authorized by the customer. Upon further investigation, it was
determined by the security team that a hacker was able to manipulate the customer's pre-
authenticated session and force a wire transfer of funds to a foreign bank account.
Which type of attack MOST likely occurred?
A. Cross-Site Request Forgery (CSRF)
B. On-path attack
C. Cross-Site Scripting (XSS)
D. Session hijacking
Answer: A

12.As a result of a fault at a cloud service provider’s data center, the customer accounts of a utility
organization were corrupted.
Under the European Union’s (EU) General Data Protection Regulation (GDPR), which entity bears
responsibility for resolving this?
A. Data steward
B. Data processor
C. Data controller
D. Data custodian
Answer: C

13.A large retail organization will be creating new Application Programming Interfaces (API) as part of
a customer-facing shopping solution. The solution will accept information from users both inside and
outside of the organization.
What is the safest software development practice the team can follow to protect the APIs against
Structured Query Language Injection (SQLi) attacks?
A. Strictly validate all inputs for safe characters.
B. Grant database access using the principle of least authority.
C. Escape special characters in input statements.
D. Use prepared input statements.
Answer: D

14.What is the BEST protection method to ensure that an unauthorized entry attempt would fail when
securing highly sensitive areas?
A. Employee badge with a picture and video surveillance
B. Keyed locks and Closed-Circuit Television (CCTV) at entrances
C. Combination lock and a gate that prevents piggybacking
D. Proximity badge requiring a Personal Identification Number (PIN) entry at entrances
Answer: C

15.Which of the following is the BEST solution to implement to mitigate the risk of data breach in the
event of a lost or stolen mobile device?
A. Mobile application management
B. Bring Your Own Device (BYOD) policy
C. Network Access Control (NAC)
D. Mobile Device Management (MDM)
Answer: D

16.Which of the following ports needs to be open for Kerberos Key Distribution Center (KDC) to
function properly?
A. 88
B. 389
C. 443
D. 3268
Answer: A

17.Which of the following methods would be appropriate for forecasting the demand for a product
family when there is a significant trend and seasonality in the demand history?
A. Econometric models
B. Computer simulation
C. Time series decomposition
D. Weighted moving average
Answer: C
Explanation:
Time series decomposition is a method that breaks down a time series of historical demand data into
its components: trend, seasonality, cyclical, and random. It is appropriate for forecasting the demand
for a product family when there is a significant trend and seasonality in the demand history, as it can
isolate and estimate these components and project them into the future. Time series decomposition
can also handle cyclical and random variations in demand, and it can be applied to different time
intervals (such as monthly, quarterly, or yearly). The other methods are not suitable for this scenario.
Econometric models are complex mathematical models that use regression analysis to relate demand
to various explanatory variables, such as price, income, or advertising. They are not designed to
capture trend and seasonality in demand. Computer simulation is a technique that uses a computer
program to mimic the behavior of a real system under different scenarios and assumptions. It is not a
forecasting method per se, but rather a tool for testing and evaluating different forecasting methods or
policies. Weighted moving average is a simple method that uses the average of the most recent
observations as the forecast for the next period, with more weight given to the recent observations
than the older ones. It is not able to capture trend and seasonality in demand, as it assumes that
demand is stable and does not change over time.
Reference: Time Series Decomposition | APICS Dictionary Term of the Day, APICS CPIM 8 Planning
and Inventory Management | ASCM

18.In order to meet retention requirements, it may be necessary to migrate digital records to different
media because of which of the following issues?
A. Deduplication conserves storage.
B. Regulatory guidance requires compliance.
C. Digital media can degrade.
D. Hierarchical storage facilitates access.
Answer: C

19.What is the FIRST element that must be evaluated in a security governance program?
A. An organization’s business objectives and strategy
B. Review of Information Technology (IT) and technical controls
C. Review of organization’s Information Technology (IT) security policies
D. An organization’s utilization of resources
Answer: A

20.In preparing for a facility location decision, proximity to suppliers would be classified as which kind
of criteria?
A. Service level requirements
B. Future flexibility factors
C. Access to transportation
D. Cost factors
Answer: D
Explanation:
Proximity to suppliers would be classified as a cost factor in preparing for a facility location decision.
Cost factors are the expenses associated with operating a facility in a specific location, such as labor,
materials, utilities, taxes, and transportation. Proximity to suppliers can affect the cost of inbound
transportation, inventory holding, and quality control. Choosing a location that is close to suppliers
can reduce these costs and improve the efficiency and reliability of the supply chain.
Reference: Managing Supply Chain Operations, Chapter 2: Global Supply Chain Strategy, Section
2.3: Facility Location
CPIM Exam Content Manual, Module 1: Supply Chains and Strategy, Section 1.4: Facility Location,
Subsection 1.4.1: Facility Location Concepts

21.An agency has the requirement to establish a direct data connection with another organization for
the purpose of exchanging data between the agency and organization systems. There is a
requirement for a formal agreement between the agency and organization.
Which source of standards can the system owners use to define the roles and responsibilities along
with details for the technical and security requirements?
A. International Organization For Standardization (ISO)
B. European Committee for Electrotechnical Standardization
C. Caribbean Community Regional Organization for Standards and Quality
D. Institute of Electrical and Electronics Engineers (IEEE)
Answer: A

22.An organization wants to ensure a risk does not occur. The action taken is to eliminate the attack
surface by uninstalling vulnerable software.
Which risk response strategy did the organization take?
A. Accepting risk
B. Avoiding risk
C. Mitigating risk
D. Transferring risk
Answer: B

23.Moving average forecasting methods are best when demand shows:

A. a clear trend.
B. high random variation.
C. consistent seasonality.
D. a cyclical pattern.
Answer: B
Explanation:
Moving average forecasting methods are best when demand shows high random variation, as they
help to smooth out the noise and capture the underlying level of demand. Moving average methods
use the average of the most recent observations as the forecast for the next period. They assign
equal weights to all observations in the average, and drop the oldest observation when a new one
becomes available. Moving average methods are not suitable for demand patterns that show a clear
trend, consistent seasonality, or a cyclical pattern, as they cannot capture these components of
demand. For these patterns, more sophisticated methods such as exponential smoothing or
regression are needed.
Reference: Forecasting with moving averages, APICS CPIM 8 Planning and Inventory Management |
ASCM

24.What is the MAIN reason security is considered as part of the system design phase instead of
deferring to later phases?
A. To ensure complexity introduced by security design is addressed in the beginning stages.
B. To reduce the overall cost of incorporating security in a system.
C. To prevent the system from being tampered with in the future.
D. To prevent the users from performing unauthorized actions during the testing or operational
phases.
Answer: B
25.Which of the following documents is the BEST reference to describe application functionality?
A. Disaster Recovery Plan (DRP)
B. System security plan
C. Business Impact Analysis (BIA) report
D. Vulnerability assessment report
Answer: B

26.Which of the following statements characterizes a pull system In distribution management?

A. Each warehouse makes its own replenishment decisions.
B. It uses distribution requirements planning(DRP).
C. It uses uniform performance measures.
D. It uses fair-share allocation.
Answer: A
Explanation:
A pull system in distribution management is a method of inventory replenishment that is driven by the
actual demand of the customers, rather than by forecasts or schedules. In a pull system, each
warehouse makes its own replenishment decisions based on the inventory level and the customer
orders. A pull system reduces the risk of overstocking or understocking inventory, as it responds to
the real-time demand fluctuations. A pull system also improves the efficiency and flexibility of the
distribution network, as it eliminates the need for centralized planning and coordination. A pull system
is suitable for products that have high demand uncertainty, low holding costs, or short lead times12.
Reference: Push vs. Pull Inventory Management Systems 2023 | Business.org, Push vs. pull:
Inventory management for distribution businesses

27.An organization is looking to integrate security concepts into the code development process early
in development to detect issues before the software is launched.
Which advantage does the organization gain from using Static Application Security Testing (SAST)
techniques versus dynamic application security testing techniques?
A. Allows tailored techniques
B. Executes code to detect issues
C. Allows for earlier vulnerability detection
D. Simulates attacker patterns
Answer: C

28.An organization has a requirement that all documents must be auditable and that the original is
never modified once created.
When designing the system, what security model MUST be implemented in order to meet this
requirement?
A. Biba Integrity
B. Brewer-Nash
C. Bell-LaPadula
D. Clark-Wilson
Answer: D

29.A company’s Marketing and Sales departments have identified an opportunity to develop a new
market for a product family and requested an increase in the production plan.
Which of the following actions would be most appropriate to account for the new market opportunity?
A. Increase the production plan as requested.
B. Regenerate the material requirements plan.
C. Regenerate the master production schedule (MPS).
D. Present the proposal at the executive sales and operations (S&OP) meeting.
Answer: D
Explanation:
Sales and Operations Planning (S&OP) is the proper forum for evaluating cross-functional impacts of
a change in demand, including capacity, supply, and financial implications. Executive-level S&OP
meetings align demand and supply decisions and ensure that changes in strategic direction are
reviewed and approved.
“The S&OP executive meeting is where demand and supply plans are balanced and decisions are
made on resource changes or market actions.”
? CPIM SMR Module, S&OP Function and Governance

30.Which of the following regarding authentication protocols is a PRIMARY consideration when

designing an authentication and key management system?
A. Refresh
B. Visibility
C. Authorization
D. Integrity
Answer: D

31.An organization’s security assessment recommended expanding its secure software development
framework to include testing Commercial Off-The-Shelf (COTS) products before deploying those
products in production.
What is the MOST likely reason for this recommendation?
A. To identify any residual vulnerabilities prior to release in the production environment
B. To identify and remediate any residual vulnerabilities prior to the end of the user acceptance
testing
C. To identify any residual vulnerabilities prior to the end of the trial run of the software
D. To identify and remediate any residual vulnerabilities prior to release in the production environment
Answer: D

32.During a security incident investigation, a security analyst discovered an unauthorized module was
compiled into an application package as part of the application assembly phase. This incident
occurred immediately prior to being digitally signed and deployed using a deployment pipeline.
Which of the following security controls would BEST prevent this type of incident in the future?
A. Invoke code repository vulnerability scanning on a regularly scheduled basis.
B. Implement Role-Based Access Controls (RBAC) in each component of the deployment pipeline.
C. Encrypt the application package after being digitally signed.
D. Implement a software Bill of Materials (BOM) for each application package.
Answer: B

33.An audit report of security operations has listed some anomalies with third parties being granted
access to the internal systems and data without any restrictions.
Which of the following will BEST help remediate this issue?
A. Provide access restrictions for resources stored in a low-volume network or subnetwork location.
B. Provide access restrictions for resources stored on a network that uses a unique platform.
C. Provide access restrictions for resources stored in a high-volume network or subnetwork location.
D. Provide access restrictions for resources stored on a network or on a subnetwork.
Answer: D

34.An organization wishes to utilize a managed Domain Name System (DNS) provider to reduce the
risk of users accessing known malicious sites when web browsing. The organization operates DNS
forwarders that forward queries for all external domains to the DNS provider.
Which of the following techniques could enable the organization to identify client systems that have
attempted to access known malicious domains?
A. DNS over Transmission Control Protocol (TCP)
B. DNS sinkholing
C. Deep packet inspection
D. Domain Name System Security Extensions (DNSSEC)
Answer: B

35.The Business Continuity Plan (BCP) has multiple components. The information security plan
portion must prioritize its efforts.
Which 3 aspects of information security MUST be prioritized?
A. Confidentiality, integrity, availability
B. Physical security, access control, asset protection
C. Intent, capability, opportunity
D. Threat level, network security, information disposal
Answer: A

36.Improving the performance of a constraint in a job shop environment will:

A. Reduce work-in-process (WIP) inventory
B. Adjust the load of non-bottleneck operations
C. Increase the cycle time
D. Increase production throughput
Answer: D
Explanation:
According to the Theory of Constraints (TOC), improving the bottleneck (constraint) in a process
directly improves throughput, because the constraint is the limiting factor for the entire system. Other
benefits such as WIP reduction follow, but throughput is the first measurable gain.
“Increasing the performance of the bottleneck increases overall system throughput.” ? CPIM ECO
Module; Theory of Constraints (TOC) Section

37.Improvements in an Input/output control (I/O control) system will most likely lead to:
A. flattened bills of material (BOMs).
B. a change in operation sequencing.
C. reduction in queue size and queue time.
D. fewer engineering change notifications.
Answer: C
Explanation:
Improvements in an input/output control (I/O control) system will most likely lead to a reduction in
queue size and queue time. An I/O control system is a method of managing the flow of work orders in
a production system by matching the input rate to the output rate. The input rate is the number of
work orders that are released to the shop floor in a given period. The output rate is the number of
work orders that are completed and shipped to the customers in a given period. An I/O control system
aims to keep the input rate equal to the output rate, or slightly lower, to avoid overloading the system
and creating excess inventory. By improving the I/O control system, the production system can
achieve a smoother and more balanced flow of work orders, which reduces the queue size and queue
time at each work center. Queue size is the number of work orders that are waiting to be processed at
a work center. Queue time is the amount of time that a work order spends in the queue before being
processed. A reduction in queue size and queue time can improve the production efficiency, quality,
and flexibility, as well as the customer service and satisfaction. The other options are not correct, as
they are not the most likely outcomes of improvements in an I/O control system, but rather possible
effects of other factors or methods:
Flattened bills of material (BOMs) are the result of simplifying the product structure and reducing the
number of components or levels in a BOM. Flattened BOMs can reduce the complexity and lead time
of the production process, but they are not directly related to the I/O control system.
A change in operation sequencing is the result of altering the order or priority of the work orders or
operations in a production system. A change in operation sequencing can affect the production flow
and capacity, but it is not necessarily caused by the I/O control system.
Fewer engineering change notifications are the result of minimizing the changes in the product design
or specification during the production process. Fewer engineering change notifications can reduce the
disruption and cost of the production process, but they are not directly related to the I/O control
system.
Reference: [CPIM Part 2 - Section A - Topic 2 - Capacity Planning]
Input/Output Control | SpringerLink
Input/Output Control - an overview | ScienceDirect Topics
Input/Output Control - InventoryOps.com

38.An organization is restructuring its network architecture in which system administrators from the
corporate office need to be able to connect to the branch office to perform various system
maintenance activities.
What network architecture would be MOST secure?
A. Jump-server on a Local Area Network (LAN)
B. Bastion host over a Wide Area Network (WAN)
C. Jump-server connected to a Wireless Local Area Network (WLAN)
D. Bastion host with Virtual Private Network (VPN) termination point
Answer: D

39.Which of the following actions provides the BEST evidence for forensic analysis of powered-off
device?
A. Copy all potentially useful files from the system to a network drive.
B. Image the entire hard disk on an external drive.
C. Copy all system and application log files to an external drive.
D. Collect the memory, running processes, and temporary files.
Answer: B

40.What is the HIGHEST security concern on trans-border data?

A. Organizations that are not in highly regulated industries do not have the resources to achieve
compliance.
B. Cyber transactions occur in an ever-changing legal and regulatory landscape without fixed borders.
C. Information security practitioners are not Subject Matter Experts (SME) for all legal and compliance
requirements.
D. Organizations must follow all laws and regulations related to the use of the Internet.
Answer: B

41.A security specialist is responsible to improve the security awareness program of a medium-sized
organization and tasked to track blocked targeted attacks.
Which of the following BEST describes the outcome of the security specialist’s use of metrics for this
task?
A. A decrease in reported suspicious activity that aligns with an increase in detection of malware and
Domain Name Server (DNS) queries to blocked sites.
B. An increase in reported suspicious activity that aligns with a decrease in detection of malware and
Domain Name Server (DNS) queries to blocked sites.
C. An increase in reported changes in click percentage that aligns with a decrease in the number of
phishes and incidents reported.
D. A decrease in reported changes in click percentages that aligns with an increase in the number of
phishes and incidents reported.
Answer: A

42.The most relevant measure of customer service performance Is:

A. service perceived by the customer against service expected by the customer.
B. service promised to the customer against service measured by the supplier.
C. customer complaints received as a percentage of orders shipped.
D. positive customer feedback as a percentage of customer feedback.
Answer: A
Explanation:
Customer service performance is the degree to which a company meets or exceeds the expectations
of its customers in terms of the quality, timeliness, and satisfaction of the service provided. The most
relevant measure of customer service performance is the service perceived by the customer against
the service expected by the customer, also known as the service quality gap. This measure captures
the difference between what customers expect from a service and what they actually receive, and
reflects the level of customer satisfaction or dissatisfaction. A positive service quality gap indicates
that the service exceeded the expectations, while a negative service quality gap indicates that the
service fell short of the expectations. The other options are not as relevant as the service quality gap
because they do not account for the customer’s perspective or perception of the service. Service
promised to the customer against service measured by the supplier is an internal measure of service
performance, but it does not reflect how the customer perceives the service. Customer complaints
received as a percentage of orders shipped is a measure of service failure, but it does not capture the
positive feedback or the silent dissatisfied customers. Positive customer feedback as a percentage of
customer feedback is a measure of service satisfaction, but it does not account for the customer’s
expectations or the service quality dimensions.
Reference: CPIM Part 2 Exam Content Manual, p. 67
Customer Service Metrics: Top 10 to Measure
20 Customer Service KPIs You Need To Know

43.Which of the following is a methodology for threat modeling in application?

A. Disaster, Reproducibility, Exploitability, Affected Users, And Discoverability (DREAD)
B. Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege
(STRIDE)
C. Pretend, Allow, Crash, Modify, Ascertain, Name
D. Confidentiality, Authentication, Integrity, Nonrepudiation, Availability
Answer: B

44.Which security concept applies if an architecture diagram illustrates a particular user/role

combination with access to an asset or applicaton?
A. Non-repudiation
B. Identification
C. Authorization
D. Authentication
Answer: C

45.A planner has chosen to increase the order point for a raw material.
Which of the following costs is most likely to increase?
A. Carrying
B. Ordering
C. Landed
D. Product
Answer: A
Explanation:
The order point is the level of inventory that triggers a replenishment order. By increasing the order
point, the planner is increasing the average inventory level, which in turn increases the carrying cost.
Carrying cost is the cost of holding inventory, such as storage, insurance, obsolescence, and
opportunity cost. Ordering cost, landed cost, and product cost are not directly affected by the order
point12.
Reference: What is Inventory Reorder Point in Inventory Management? - Deskera, Reorder Point
Defined: Formula & How to Use | NetSuite

46.The project manager for a new application development is building a test framework. It has been
agreed that the framework will Include penetration testing; however, the project manager is keen to
identify any flaws prior to the code being ready for execution.
Which of the following techniques BEST supports this requirement?
A. System vulnerability scans
B. Database injection tests
C. System reliability tests
D. Static source code analysis
Answer: D

47.If all other factors remain the same, when finished goods inventory investment is increased,
service levels typically will:
A. remain the same.
B. increase in direct (linear) proportion.
C. increase at a decreasing rate.
D. increase at an increasing rate.
Answer: C
Explanation:
Increasing finished goods inventory investment will improve service levels by reducing the probability
of stockouts. However, the relationship between inventory and service level is not linear, but rather
asymptotic. This means that as inventory increases, service level increases at a decreasing rate,
approaching a maximum value. Therefore, option C is correct. Option A is incorrect because service
level will not remain the same when inventory changes. Option B is incorrect because service level
will not increase in direct proportion to inventory. Option D is incorrect because service level will not
increase at an increasing rate as inventory increases.
Reference: CPIM Part 2 Exam Content Manual, Version 8.0, Section A: Demand Management,
Subsection A.3: Demand Management and Customer Service, p. 10.

48.An organization suffered a loss to an asset at a frequency that was different than the initially
estimated Annualized Rate of Occurrence (ARO).
What is the appropriate course of action?
A. Do nothing; the loss validates the ARO.
B. DO nothing; the loss validates the exposure factor.
C. Recalculate the value of the safeguard.
D. Recalculate the cost of the countermeasure.
Answer: D

49.The demand for an item has increasing forecast error, whereas all other factors remain constant.
Which of the following remains constant while maintaining the same customer service level?
A. Reorder point(ROP)
B. Safety stock
C. Inventory investment
D. Safety factor
Answer: D
Explanation:
Safety factor is a multiplier that is applied to the standard deviation of demand to determine the safety
stock level. Safety factor remains constant while maintaining the same customer service level, as it
reflects the desired probability of not stocking out. The higher the safety factor, the higher the
customer service level, and vice versa. The other factors do not remain constant while maintaining
the same customer service level. Reorder point (ROP) is the inventory level that triggers a
replenishment order. ROP increases with increasing forecast error, as more safety stock is needed to
cover the demand uncertainty. Safety stock is the inventory that is carried to protect against forecast
errors and demand fluctuations. Safety stock increases with increasing forecast error, as more buffer
is needed to avoid stockouts. Inventory investment is the total value of the inventory that is held in the
system. Inventory investment increases with increasing forecast error, as more inventory is required
to maintain the same customer service level.
Reference: Safety Factor | APICS Dictionary Term of the Day, APICS CPIM 8 Planning and Inventory
Management | ASCM

50.A new organization building is being designed and the security manager has been asked for input
on needed security requirements.
Which of the following controls are MOST applicable to this scenario?
A. Deterrent controls, such as signs announcing video cameras and alarms, are installed.
B. Preventative controls, such as Intrusion Detection Systems (IDS) and security guards, are used.
C. Preventative controls, such as Intrusion Detection Systems (IDS) and mechanical locks, are used.
D. Deterrent controls, such as signs announcing video cameras and alarms, are installed.
Answer: C

51.When designing a production cell, which of the following items would be the most important
consideration?
A. The unit per hour requirement for the production cell to meet the sales forecast
B. The flow of materials into the cell and sequencing of operations to minimize total cycle time
C. The output rate for the first operation and move time after the last workstation
D. The takt time requirement for each operator to meet the monthly production goals of the plant
Answer: B
Explanation:
A production cell is a group of machines or workstations that are arranged in a way that allows for
continuous flow of materials and products. The main objective of designing a production cell is to
reduce waste, improve quality, and increase productivity. One of the most important considerations
for designing a production cell is the flow of materials into the cell and sequencing of operations to
minimize total cycle time. Total cycle time is the time it takes for a product to go through all the steps
in the cell, from the first operation to the last. By minimizing total cycle time, the production cell can
achieve higher throughput, lower inventory, and faster delivery123
Reference: 1: CPIM Part 2 - Section C - Module 1 - Session 1 - Lean Manufacturing 2: CPIM Part 2 -
Section C - Module 1 - Session 2 - Lean Manufacturing Tools 3: CPIM Part 2 - Section C - Module 1 -
Session 3 - Lean Manufacturing Implementation

52.A computer forensic analyst is examining suspected malware from a computer system post-attack.
Upon reverse engineering the code, the analyst sees several concerning instructions. One of those
concerning instructions is that it installs a Unified Extensible Firmware Interface Basic Input/Output
System (BIOS) rootkit, and when the system is then rebooted, the BIOS checks for a certain unknown
program to be installed.
Which security feature MOST likely would have detected and prevented this type of attack if already
on the system?
A. Operating System (OS) virtualization
B. Memory protection
C. Cryptographic module
D. Trusted Platform Module (TPM)
Answer: D

53.Which of the following BEST describes an individual modifying something the individual is not
supposed to?
A. Exfiltration
B. Tampering
C. Spoofing
D. Repudiation
Answer: B

54.Which of the below represent the GREATEST cloud-specific policy and organizational risk?
A. Loss of governance between the client and cloud provider
B. Loss of business reputation due to co-tenant activities
C. Supply chain failure
D. Cloud service termination or failure
Answer: D

55.In which of the following environments is capable-to-promise (CTP) more appropriate than
available-to-promise (ATP)?
A. Consumer electronics sold through local retailers
B. Industrial supplies shipped from regional distribution centers (DCs)
C. Packaged foods sold in grocery stores
D. Specialty chemicals packaged and shipped to order
Answer: D
Explanation:
CTP is suitable for engineer-to-order or make-to-order environments where production and
procurement are triggered only upon receipt of a customer order. In contrast, ATP is ideal for
environments with finished goods in stock. Specialty chemicals often require unique formulations and
packaging, thus CTP helps assess material and capacity availability before committing.
“CTP applies where product is not inventoried, such as in make-to-order or engineer-to-order
environments... CTP checks material, capacity, and lead times to confirm if delivery can be
promised.”
? Source: CPIM Master Planning of Resources (MPR) module; APICS Dictionary

56.The costs provided in the table below are associated with buying a quantity larger than
immediately needed.
What Is the total landed cost based on this table?
Cost Category Cost
Custom fees$125
Freight$700
Warehouse rent$200
Matenal cost$500
A. $825
B. $1,325
C. $1,400
D. $1,525
Answer: D
Explanation:
The total landed cost is the sum of all the costs associated with buying a quantity larger than
immediately needed, including the cost of the product, the custom fees, the freight, and the
warehouse rent.
Based on the table, the total landed cost can be calculated as follows:
Landed cost = material cost + custom fees + freight + warehouse rent Landed cost = $500 + $125 +
$700 + $200 Landed cost = $1,525
Therefore, the correct answer is D. $1,525. The other options are not correct, as they either omit
some of the costs or use incorrect values. The total landed cost reflects the direct costs only to move
the product from the factory floor to the customer. It is an important supply chain KPI in inventory
management, as it helps to determine the optimal order quantity, pricing, and profitability of the
products12.
Reference: What is Landed Cost? | Calculation and Tips to Improve - ORBA Cloud CFO What is
Landed Cost & Why is it Important | Finale Inventory

57.Payment Card Industry Data Security Standard (PCI DSS) allows for scanning a statistical sample
of the environment without scanning the full environment. Scanning a statistical sample has many
advantages and disadvantages.
Which of the following is the MOST accurate set of advantages and disadvantages?
A. Limited risk to production targets, rapid scan times, requires proof of image standardization, and
one-offs systems are not scanned
B. Easy for auditors to question, fastest scanning method, ideal for cloud environments, and not
suitable for small organizations
C. Limited to a single environment/platform, proves image standardization, random selection misses
end-to-end applications, and slower than targeted scanning
D. Confirmation of Configuration Management (CM), hand selection introduces confirmation bias, is
ideal in operational technology environments, and requires about 10% of each environment/platform
Answer: A

58.Additional requirements that are outside the original design are being added to a project,
increasing the timeline and cost of the project.
What BEST describes the requirement changes that are happening?
A. Volatility
B. Stove-piped requirements
C. Non-verifiable requirements
D. Scope creep
Answer: D

59.During a manual source code review, an organization discovered a dependency with an open-
source library that has a history of being exploited.
Which action should the organization take FIRST to assess the risk of depending on the open-source
library?
A. Identify the specific version of the open-source library that is implemented
B. Request a penetration test that will attempt to exploit the open-source library
C. Deploy the latest compatible version of the open-source library
D. Submit a change request to remove software dependencies with the open-source library
Answer: A

60.Substituting capital equipment in place of direct labor can be economically Justified for which of
the following scenarios?
A. Volumes are forecasted to increase
B. Material prices are forecasted to increase
C. Implementing a pull system in production
D. Functional layouts are being utilized
Answer: A
Explanation:
Substituting capital equipment in place of direct labor can be economically justified for scenario A,
where volumes are forecasted to increase. This is because capital equipment can provide higher
productivity, efficiency, and quality than direct labor, especially for large-scale and standardized
production. Capital equipment can also reduce labor costs, such as wages, benefits, and training, and
avoid labor shortages or turnover. However, capital equipment also involves high initial investment,
maintenance, and depreciation costs, and may require more skilled workers to operate and monitor.
Therefore, the substitution of capital equipment for direct labor should be based on a careful analysis
of the trade-offs between the costs and benefits of both alternatives.
Option B is not correct, because material prices are forecasted to increase. This scenario does not
directly affect the decision to substitute capital equipment for direct labor, as both alternatives use the
same materials. However, increasing material prices may reduce the profitability of the production,
and may require the company to find ways to reduce material usage, such as improving material
yield, reducing scrap and rework, or sourcing from cheaper suppliers.
Option C is not correct, because implementing a pull system in production. This scenario does not
favor the substitution of capital equipment for direct labor, as a pull system is based on the principle of
producing only what is needed by the customer, when it is needed, and in the quantity needed. A pull
system requires flexibility, responsiveness, and adaptability to the changing customer demand, which
may be better achieved by direct labor than capital equipment. A pull system also aims to minimize
inventory, waste, and overproduction, which may reduce the need for capital equipment.
Option D is not correct, because functional layouts are being utilized. This scenario does not support
the substitution of capital equipment for direct labor, as functional layouts are based on grouping
similar or related processes or machines together, regardless of the product flow. Functional layouts
may result in long and complex material flows, high transportation and handling costs, high work-in-
process inventory, and low visibility and coordination of the production. Functional layouts may also
require more direct labor to move and monitor the materials and machines. Capital equipment may be
more suitable for product layouts, where the processes or machines are arranged according to the
sequence of operations for a specific product or family of products.
Production and Inventory Management
Capital Equipment and Labor
Facility Layout and Design

61.When performing threat modeling using Spoofing, Tampering, Repudiation, Information

Disclosure, Denial Of Service, And Elevation of Privilege (STRIDE), which of the following is an
example of a repudiation threat?
A. Using someone else's account
B. Distributed Denial-Of-Service (DDoS)
C. SQL Injection (SQLi)
D. Modifying a file
Answer: A

62.What BEST describes the end goal of a Disaster Recovery (DR) program?
A. Review the status of mission-critical applications.
B. Prevent business interruption.
C. Continue business operations during a contingency.
D. Restore normal business operations.
Answer: D

63.An organization has integrated its enterprise resource planning system into its centralized Identity
and Access Management (IAM) system to automate provisioning of access. A security audit revealed
that privileged access granted within the ERP system is not visible in the IAM system.
Which of the following controls BEST mitigates this risk?
A. Implement step-up authentication for privileged functions within the ERP system.
B. Implement a periodic review of privileged access within the ERP system.
C. Implement an automated reconciliation process between ERP and IAM systems.
D. Implement a periodic review of all ERP access within the IAM system.
Answer: C

64.A financial institution is implementing an Information Technology (IT) asset management system.
Which of the following capabilities is the MOST important to include?
A. Logging the data leak protection status of the IT asset
B. Tracking the market value of the IT asset
C. Receiving or transferring an IT asset
D. Recording the bandwidth and data usage of the IT asset
Answer: C

65.The primary outcome of frequent replenishments in a distribution requirements planning (DRP)

system is that:
A. lead times to customers decrease.
B. transportation costs decrease.
C. the level of required safety stock is reduced.
D. more efficient load consolidation occurs.
Answer: C
Explanation:
The primary outcome of frequent replenishments in a distribution requirements planning (DRP)
system is that the level of required safety stock is reduced. Safety stock is the extra inventory that is
held to protect against demand uncertainty or supply variability. Frequent replenishments mean that
the inventory is replenished more often and in smaller quantities, which reduces the risk of stockouts
and the need for safety stock. Frequent replenishments also improve the inventory visibility and
accuracy, which enable better demand forecasting and inventory planning. By reducing the safety
stock, the company can lower its inventory carrying costs, free up working capital, and increase its
inventory turnover. The other options are not correct, as they are not the primary outcome of frequent
replenishments, but rather possible benefits or drawbacks of frequent replenishments, depending on
the situation:
Lead times to customers decrease: This may or may not be true, depending on the distance between
the distribution centers and the customers, the transportation mode and frequency, and the customer
service level. Frequent replenishments may reduce the lead times if the distribution centers are closer
to the customers and the transportation is fast and reliable. However, frequent replenishments may
also increase the lead times if the distribution centers are far from the customers and the
transportation is slow and infrequent.
Transportation costs decrease: This may or may not be true, depending on the transportation mode,
distance, and volume. Frequent replenishments may reduce the transportation costs if the
transportation mode is economical, the distance is short, and the volume is high. However, frequent
replenishments may also increase the transportation costs if the transportation mode is expensive,
the distance is long, and the volume is low.
More efficient load consolidation occurs: This is unlikely to be true, as frequent replenishments
usually mean smaller shipments that are less likely to fill the capacity of the transportation vehicles.
Load consolidation is the process of combining multiple shipments into one larger shipment to
optimize the transportation efficiency and reduce the transportation costs. Frequent replenishments
may reduce the opportunities for load consolidation and increase the transportation inefficiency and
costs.
Reference: [CPIM Part 2 - Section A - Topic 4 - Distribution Planning]
Distribution Requirements Planning (DRP) in Supply Chain
What is DRP? (A Comprehensive Guide on Distribution Requirements Planning)
Safety Stock: The Ultimate Guide
Load Consolidation

66.A low-cost provider strategy works best when which of the following conditions are met?
A. Price competition among rivals is similar.
B. Buyers are more price sensitive.
C. There are many ways to achieve product differentiation.
D. There are few industry newcomers.
Answer: B
Explanation:
A low-cost provider strategy is a business strategy where a company aims to become the most cost-
efficient player in its industry, often by producing goods or providing services at a lower cost than its
competitors. The overall goal is to increase market share or achieve higher profitability. The low-cost
leader in an industry often sets the price that other companies have to match or beat to stay
competitive12.
A low-cost provider strategy works best when buyers are more price sensitive, meaning they are
more likely to switch to cheaper alternatives if the price of a product or service increases. This
condition creates a strong demand for low-priced products or services, and gives the low-cost leader
a competitive advantage over rivals who have higher costs and prices.
Buyers are more price sensitive when34:
• The product or service is standardized or undifferentiated, and there are few switching costs.
• The product or service represents a significant portion of the buyer’s budget or income.
• The product or service has low quality, performance, or image attributes that limit the buyer’s
satisfaction or loyalty.
• The product or service is not crucial to the buyer’s well-being or enjoyment.
The other options are not correct because:
• A. Price competition among rivals is similar. This condition does not favor a low-cost provider
strategy, because it implies that the industry is already highly competitive and there is little room for
differentiation. A low-cost leader would have to lower its prices even further to gain an edge over
rivals, which could erode its profitability and sustainability.
• C. There are many ways to achieve product differentiation. This condition does not favor a low-cost
provider strategy, because it implies that the industry is diverse and dynamic, and there are many
opportunities for innovation and value creation. A low-cost leader would have to invest more in
research and development, marketing, and customer service to keep up with the changing customer
preferences and expectations, which could increase its costs and reduce its efficiency.
• D. There are few industry newcomers. This condition does not favor a low-cost provider strategy,
because it implies that the industry is mature and stable, and there are few threats from new entrants.
A low-cost leader would have to rely on its existing customer base and market share, which could
limit its growth potential and expose it to the risk of obsolescence.
Reference := 1 Low-cost leadership strategy: Explained with examples2 2 Low-Cost Producer:
Definition, Strategies, Examples - Investopedia4 3 Low Cost Strategy - Definition, Factors & Example
- MBA Skool5 4 Generating Advantage C Strategic Management - Open Educational Resources1

67.The Chief Information Security Officer (CISO) for an international organization with offices
operating
globally has been tasked with developing a new data encryption policy that can be applied to all areas
of the business.
What is the MOST important factor that must be considered?
A. Organization's security policy and standards
B. How data will be stored and accessed
C. Regulatory and compliance requirements
D. Where data will be stored and accessed
Answer: C

68.Which of the following states of data becomes MOST important to protect as organizations
continue to transition toward Application Programming Interface (API)-based solutions?
A. Data at rest
B. Data in use
C. Data in transit
D. Data on the client machine
Answer: C

69.What are the FIRST two steps an organization should conduct to classify its assets?
A. Define user requirements and collate existing inventories
B. Categorize assets and set minimum security controls
C. Conduct an inventory of assets and determine the owners
D. Obtain senior management buy-in and conduct a risk assessment
Answer: C

70.In a lean environment, the batch-size decision for planning "A" items would be done by:
A. least total cost.
B. min-max system.
C. lot-for-lot (L4L).
D. periodic order quantity.
Answer: C
Explanation:
In a lean environment, the batch-size decision for planning “A” items would be done by lot-for-lot
(L4L). L4L is an inventory management technique that orders exactly the quantity needed to meet the
demand for each period. This minimizes the work in process, cycle time, and inventory holding costs.
L4L is consistent with the lean principles of reducing batch sizes, eliminating waste, and responding
to customer pull. The other options are not suitable for a lean environment, as they either order more
than the demand (least total cost, min-max system, periodic order quantity) or incur more setup costs
(least total cost, periodic order quantity).
Reference:
• [CPIM Part 2 - Section A - Topic 3 - Lean and Just-in-Time]
• Optimize Production Batch Sizes
• How to determine your Lot Size - Part 1

71.An organization has decided to advance from qualitative risk assessment to quantitative risk
analysis.
The information security risk analyst has been tasked with replacing the organization’s qualitative
likelihood scale of low, medium, and high with a quantitative approach.
Which is the BEST approach for replacing the qualitative input values?
A. Estimate the probability of the scenario ever occurring and use that percentage.
B. Replace the qualitative scale’s thresholds with point percentages (e.g., low = 25%; medium =
50%; high = 75%) and use those percentages.
C. Replace the qualitative scale’s thresholds with ranges of percentages (e.g., low = 1C33%;
medium = 34C66%; high = 67C99%) and use those percentages.
D. Estimate the probability of the scenario occurring within the following year and use that
percentage.
Answer: C

72.An information system containing Protected Health Information (PHI) will be accessed by doctors,
nurses, and others working in a hospital. The same application will be used by staff in the pharmacy
department only for dispensing prescribed medication. Additionally, patients can log in to view
medical history. The system owner needs to propose an access control model that considers
environment, situation, compliance, and security policies while dynamically granting the required level
of access.
Which access control model is the MOST suitable?
A. Role-Based Access Control (RBAC)
B. Attribute-Based Access Control (ABAC)
C. Task-based access control
D. Risk-adaptive access control
Answer: B

73.One advantage of adopting a supply network perspective Is that it:

A. protects global markets.
B. enhances understanding of competitive and cooperative forces.
C. defines the market relationships and partnerships.
D. encourages rivals to collaborate.
Answer: B
Explanation:
One advantage of adopting a supply network perspective is that it enhances understanding of
competitive and cooperative forces. A supply network perspective is a holistic view of the supply
chain that considers the interdependencies and interactions among the various entities involved in the
flow of materials, information, and money. A supply network perspective helps to identify the sources
of value creation and capture, the opportunities and threats in the market, and the potential synergies
and conflicts among the supply chain partners. A supply network perspective also helps to design and
implement effective strategies and tactics to achieve competitive advantage and customer
satisfaction. The other statements are not advantages of adopting a supply network perspective.
Protecting global markets, defining market relationships and partnerships, and encouraging rivals to
collaborate are possible outcomes or objectives of adopting a supply network perspective, but they
are not the benefits of the perspective itself.
Reference: Supply Network Perspective | APICS Dictionary Term of the Day, APICS CPIM 8 Planning
and Inventory Management | ASCM

74.The question below is based on the following standard and actual data of a production order
Which of the following statements about variances is true?
A. The material price vanance for Component A is favorable by S10
B. The labor pnce variance is unfavorable by S20
C. The material usage variance for Component B is favorable by $36
D. The labor efficiency variance is favorable by S20
Answer: D
Explanation:
The labor efficiency variance is the difference between the standard labor hours allowed for the actual
output and the actual labor hours used, multiplied by the standard labor rate. In this case, the
standard labor hours allowed for 100 pieces are 0.5 * 100 = 50 hours. The actual labor hours used
are 48 hours. The standard labor rate is $10 per hour. Therefore, the labor efficiency variance = (50 -
48) * $10 = $20 favorable. This means that the actual labor hours used were less than the standard
labor hours allowed, which indicates a higher labor efficiency12
Reference:
1: CPIM Part 2 - Section B - Module 2 - Session 2 - Variance Analysis
2: CPIM Part 2 - Section B - Module 2 - Session 3 - Variance Analysis Example

75.Which of the following factors is the MOST important consideration for a security team when
determining when determining whether cryptographic erasure can be used for disposal of a device?
A. If the methods meet the International organization For Standardization/International
Electrotechnical Commission (ISO/IEC) 27001.
B. If the data on the device exceeds what cryptographic erasure can safely process.
C. If the device was encrypted prior using cipher block chaining.
D. If the security policies allow for cryptographic erasure based on the data stored on the device.
Answer: D

76.An organization recently created a new accounting department, and that department is critical in
the event of a disaster for the operations to continue.
Which steps should the organization take to create a Business Continuity Plan (BCP)?
A. Test, maintain, implement, deliver, and execute
B. Plan, implement, execute, deliver, and document
C. Understand, plan, deliver, implement, and execute
D. Understand, plan, deliver, test, and maintain
Answer: D

77.What does the Role-Based Access Control (RBAC) method define?

A. What equipment is needed to perform
B. How information is accessed within a system
C. What actions the user can or cannot do
D. How to apply the security labels in a system
Answer: C

78.The trade-off of increasing safety stock to improve customer fill rate would be a decrease in:
A. pipeline inventory.
B. transportation costs.
C. inventory turns.
D. sales revenue.
Answer: C
Explanation:
Increasing safety stock to improve customer fill rate would result in a decrease in inventory turns.
Inventory turns, or inventory turnover, is a metric measuring how fast the inventory is replaced over
time. It is calculated as the cost of goods sold divided by the average value of inventory during the
period covered1. A higher inventory turnover ratio indicates that the company sells its inventory
quickly and efficiently, while a lower ratio implies that the company holds too much inventory or has
difficulty selling it. Safety stock is an extra quantity of a product stored in the warehouse to prevent an
out-of-stock situation. It serves as insurance against fluctuations in demand, longer lead times, and
price fluctuations2. Increasing safety stock means increasing the average value of inventory, which
lowers the inventory turnover ratio. This also increases the inventory carrying costs, such as storage,
insurance, taxes, and obsolescence. Therefore, there is a trade-off between increasing safety stock to
improve customer fill rate and decreasing inventory turns to reduce inventory costs3.
Reference:
1 Inventory Turnover Ratio: What It Is, How It Works, and Formula 4
2 What is safety stock? | Definition, Importance, Formula - Zoho 5
3 CPIM Exam Reference - Association for Supply Chain Management 6

79.A cybersecurity analyst is reviewing a recent incident in which the adversaries were able to move
vertically within the network.
Which attack phase MOST clearly represents this scenario?
A. System browsing
B. Escalating privileges
C. Gaining access
D. Installing additional tools
Answer: B

80.A third-party vendor is procured to conduct a non-financial audit.

Which report evaluates the effectiveness of the controls?
A. Statement of Auditing Standards (SAS) 70
B. System ad Organization Controls (SOC) 1
C. System ad Organization Controls (SOC) 2
D. System ad Organization Controls (SOC) 3
Answer: C

81.In which of the following circumstances is an organization MOST likely to report the accidental
release of personal data to the European Union (EU) General Data Protection Regulation (GDPR)
supervisory authority and affected users?
A. The release of personal data was made to a highly trusted third-party vendor and there was
confirmation that the data was not accessed before it was returned.
B. The personal data was stored in a highly encrypted format and there is confirmation that the
encryption keys were not accessed or released.
C. All the personal data from the accidental release was from individuals who are not living in the EU.
D. The personal data released only contained the ages and names of children who may or may not
be living in the EU.
Answer: D

82.A company implementing a localized multi-country strategy to increase market share should
engage in which of the following actions?
A. Sell different product versions in different countries under different brand names.
B. Sell the same products under the same brand name worldwide.
C. Locate plants on the basis of maximum location advantage.
D. Use the best suppliers regardless of geographic location.
Answer: A
Explanation:
A localized multi-country strategy is a type of global strategy that involves adapting products,
marketing, and operations to the specific needs and preferences of each country or region where the
company operates. This strategy allows the company to increase its market share by appealing to the
local customers and differentiating itself from the competitors. A localized multi-country strategy
requires the company to sell different product versions in different countries under different brand
names, as this reflects the high degree of customization and localization that the strategy entails. The
other options are not consistent with a localized multi-country strategy, as they imply a low degree
of adaptation and a high degree of standardization across the markets. Selling the same products
under the same brand name worldwide is a global strategy that assumes universal customer
preferences and seeks economies of scale. Locating plants on the basis of maximum location
advantage is a transnational strategy that balances global integration and local responsiveness.
Using the best suppliers regardless of geographic location is a sourcing strategy that does not
necessarily reflect the degree of localization of the products or the marketing.
Reference: CPIM Part 2 Exam Content Manual, p. 19
Multidomestic strategy: Global success through localization
Localization strategy - How to build with examples

83.A department manager executes threat modeling at the beginning of a project and throughout its
lifecycle.
What type of threat modeling is being performed?
A. Proactive threat modeling
B. Reactive threat modeling
C. Risk assessment
D. Threat modeling assessment
Answer: A

84.Which of the following strategies is most appropriate for a business unit with a low relative market
share in a high-growth market?
A. Using excess cash generated to fund other business units
B. Investing in the acquisition of competitors
C. Investing in projects to maintain market share
D. Designing product improvements to protect market share
Answer: C
Explanation:
For a business unit with a low relative market share in a high-growth market, the most appropriate
strategy is investing in projects to maintain market share. In a high-growth market, opportunities for
expanding or solidifying market share are significant. A business unit with a low market share can
benefit from investing in projects that enhance its competitive position, such as improving operational
efficiency, innovation in products or services, and marketing efforts. These investments aim to
strengthen the unit's market presence and capitalize on the growth potential of the market. This
approach is more suitable than using excess cash for other units, acquiring competitors, or just
focusing on product improvements, as it directly addresses the need to build a stronger market
position in a growing market.
85.A security engineer developing software for a professional services organization has a
requirement that users cannot have concurrent access to data of clients that are competitors.
Which security model should the security engineer implement to meet this requirement?
A. Brewer-Nash
B. Bell-LaPadula
C. Biba Integrity
D. Clark Wilson
Answer: B

86.What should an organization do to prepare for Disaster Recovery (DR) efforts?

A. Create a list of key personnel
B. Create a list of decommissioned hardware
C. Review tabletop exercises
D. Replicate access logs
Answer: C

87.Marketing has requested a significant change in the mix for a product family. The requested
change falls between the demand and the planning time fences.
The most appropriate action by the master scheduler is to:
A. reject the request.
B. accept the request.
C. forward the request to senior management.
D. check the availability of required material.
Answer: D
Explanation:
Up-to-date information about production order status is required to do the task of calculating the cost
of work in process (WIP). WIP is the inventory of partially finished goods that are still undergoing
production. The cost of WIP is the sum of the material, labor, and overhead costs that have been
incurred for the unfinished products. To calculate the cost of WIP, the production order status is
needed to determine the quantity and stage of completion of each product in the production process.
The production order status can also indicate the actual costs and variances from the planned costs
for each production order. By having up-to-date information about production order status, the cost of
WIP can be calculated more accurately and timely, which can help to monitor and control the
production performance and profitability.
Reference: = CPIM Part 2 Exam Content Manual, Version 8.0, ASCM, 2021, p. 28. CPIM Part 2
Learning System, Version 8.0, Module 3, Section B, Topic 1. Production order lifecycle overview.
How to Make a Production Order for
Manufacturing.

88.An organization provides customer call center operations for major financial services organizations
around the world. As part of a long-term strategy, the organization plans to add healthcare clients to
the portfolio.
In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should
the security team ensure the organization adhere?
A. Control Objectives For Information And Related Technology (COBIT) and Health Insurance
Portability And Accountability Act (HIPAA) frameworks
B. National Institute Of Standards And Technology (NIST) and International Organization For
Standardization (ISO) frameworks
 C. Frameworks specific to the industries and locations clients do business in
D. Frameworks that fit the organization’s risk appetite, as cybersecurity does not vary industry to
industry
Answer: C

89.Zombieload, Meltdown, Spectre, and Fallout are all names of bugs that utilized which of the
following types of attack?
A. Side-channel
B. Fault injection
C. Man-In-The-Middle (MITM)
D. Frequency analysis
Answer: A

Get CPIM-8.0 exam dumps full version.

Powered by TCPDF (www.tcpdf.org)