IAPP CIPM Online Practice Questions and Exam Preparation

IAPP CIPM Online Questions & Answers

• Question 121:

  Global outsourcing and shared suppliers serving an industry are drivers of which category of risk?

  A. Supply disruptions
  B. Forecast inaccuracy
  C. Procurement problems
  D. Loss of intellectual property
  A. Supply disruptions

  ---

  Explanation

  Global outsourcing and shared suppliers increase dependency and reduce control over supply chains, making companies more vulnerable to supply disruptions due to geopolitical events, natural disasters, or supplier failures.

• Question 122:

  The formula to calculate the Mean Absolute Deviation (MAD) is:

  A. MAD = (sum of mean deviations / number of facts)
  B. MAD = (sum of absolute deviations / number of observations)
  C. MAD = (sum of random deviations / number of average observations)
  D. MAD = (sum of absolute deviations / number of average forecasts)
  B. MAD = (sum of absolute deviations / number of observations)

  ---

  Explanation

  Mean Absolute Deviation (MAD) is calculated by taking the average of the absolute differences between actual values and forecasted values. It measures the accuracy of a forecasting method.

• Question 123:

  An organization provides customer call center operations for major financial service organizations around the worlD: As part of a long-term strategy, the organization plans to add healthcare clients to the portfolio. In preparation for contract negotiations with new clients, to which cybersecurity framework(s) should the security team ensure the organization adhere?

  A. Frameworks that fit the organization's risk appetite, as cybersecurity does not vary industry to industry
  B. Control Objectives For Information And Related Technology (COBIT) and Health Insurance Portability And Accountability Act (HIPAA) frameworks
  C. Frameworks specific to the industries and locations clients do business in
  D. National Institute Of Standards And Technology and International Organization For Standardization (ISO) frameworks
  C. Frameworks specific to the industries and locations clients do business in

  ---

  Explanation

• Question 124:

  A product manager wishes to store sensitive development data using a cloud storage vendor while maintaining exclusive control over passwords and encryption credentials. What is the BEST method for meeting these requirements?

  A. Local self-encryption with passwords managed by a local password manager
  B. Client-side encryption keys and passwords generated dynamically during cloud access sessions
  C. Zero-knowledge encryption keys provided by the cloud storage vendor
  D. Passwords generated by a local password manager during cloud access sessions and encrypted in transit
  B. Client-side encryption keys and passwords generated dynamically during cloud access sessions

  ---

  Explanation

• Question 125:

  The project manager for a new application development is building a test framework. It has been agreed that the framework will Include penetration testing; however, the project manager is keen to identify any flaws prior to the code being ready for execution. Which of the following techniques BEST supports this requirement?

  A. System vulnerability scans
  B. Database injection tests
  C. System reliability tests
  D. Static source code analysis
  D. Static source code analysis

  ---

  Explanation

• Question 126:

  An organization has a call center that uses a Voice Over Internet Protocol (VoIP) system. The conversations are sensitive, and the organization is concerned about employees other than the call agents accessing these conversations. What is the MOST effective additional security measure to make?

  A. Ensure that the call agents are using an additional authentication method.
  B. Implement a Network Access Control (NAC) solution.
  C. Ensure that the voice media is using Secure Real-Time Transport Protocol.
  D. Segment the voice network and add Next-Generation Firewalls (NGFW).
  D. Segment the voice network and add Next-Generation Firewalls (NGFW).

  ---

  Explanation

• Question 127:

  A recent email-based malware breakout caused a significant volume of traffic and password spam account lockouts for an organization. Which BEST identifies compromised devices?

  A. Security Information And Event Management (SIEM)
  B. Network Intrusion Detection System (NIDS)
  C. Vulnerability scan
  D. Penetration test
  A. Security Information And Event Management (SIEM)

  ---

  Explanation

• Question 128:

  Which of the following planes directs the flow of data within a Software-Defined Networking (SDN) architecture?

  A. Security
  B. Data
  C. Application
  D. Control
  B. Data

  ---

  Explanation

• Question 129:

  What is the MOST efficient system for managing a centralized access control process that performs account creation, disables access, grants privileges, and preserves audit trails?

  A. Rule-based
  B. Mandatory
  C. Role-based
  D. Automated
  D. Automated

  ---

  Explanation

• Question 130:

  How would a master production schedule (MPS) be used in an assemble-to-order (ATO) manufacturing environment?

  A. The MPS is used to plan subassemblies and components; end items are only scheduled when a customer order is received.
  B. Subassemblies are scheduled in the MPS when the customer order is received, and production can start.
  C. Typically, the MPS is not used in companies using an ATO manufacturing strategy.
  D. Often in an ATO environment, the MPS is created once a year and only revised if a product is discontinued.
  A. The MPS is used to plan subassemblies and components; end items are only scheduled when a customer order is received.

  ---

  Explanation

  In an Assemble-to-Order (ATO) environment, final products are assembled only after receiving customer orders. However, subassemblies and components are often produced in advance based on forecasts. The Master Production Schedule (MPS) helps plan and manage these subassemblies to ensure quick assembly when the order arrives.