IAPP CIPM Online Practice Questions and Exam Preparation

IAPP CIPM Online Questions & Answers

• Question 331:

  An organization wants to ensure a risk does not occur. The action taken is to eliminate the attack surface by uninstalling vulnerable software. Which risk response strategy did the organization take?

  A. Accepting risk
  B. Avoiding risk
  C. Mitigating risk
  D. Transferring risk
  B. Avoiding risk

  ---

  Explanation

• Question 332:

  A company selling seasonal products is preparing their sales and operations plan for the coming year. Their current labor staffing is at the maximum for their production facility and cannot meet the forecasted demanD: The business plan shows they do not have the financial capability to add to the production facility. Which of the following actions would be most appropriate?

  A. Use level production planning and investigate subcontracting to meet the extra demand.
  B. Use chase production planning and only take the orders that can be produced In the high demand season.
  C. Use hybrid production planning to save labor costs and inventory costs in the low demand season.
  D. Use hybrid production planning and reduce the size of the customer base during the high demand season.
  A. Use level production planning and investigate subcontracting to meet the extra demand.

  ---

  Explanation

  Level production planning is a strategy that maintains a constant output rate, production rate, or workforce level over the planning horizon. It is suitable for products with stable demand or seasonal demand that can be smoothed by using inventory or backorders. Level production planning can help reduce labor costs, hiring and firing costs, and overtime costs. However, it may also result in high inventory costs or customer dissatisfaction due to long lead times or stockouts. To overcome these drawbacks, the company can investigate subcontracting to meet the extra demand during the peak season. Subcontracting is the process of outsourcing some or all of the production to another firm. It can help the company increase its capacity, flexibility, and responsiveness without investing in additional facilities or equipment. Subcontracting can also reduce the risk of obsolescence or spoilage of seasonal products.

  Option B is not appropriate, because chase production planning is a strategy that adjusts the production rate to match the demand rate over the planning horizon. It is suitable for products with highly variable or uncertain demand that cannot be smoothed by using inventory or backorders. Chase production planning can help minimize inventory costs and avoid overproduction or underproduction. However, it may also result in high labor costs, hiring and firing costs, and overtime costs. Moreover, it may limit the company's ability to capture the market share and satisfy the customer demand during the high demand season.

  Option C is not appropriate, because hybrid production planning is a strategy that combines the features of level production planning and chase production planning. It is suitable for products with moderate variability or uncertainty in demand that can be partially smoothed by using inventory or backorders. Hybrid production planning can help balance the trade-offs between inventory costs and labor costs. However, it may also increase the complexity and difficulty of coordinating the production and demand plans. Moreover, it may not address the company's financial constraints or capacity limitations.

  Option D is not appropriate, because reducing the size of the customer base during the high demand season is a risky and counterproductive move. It may result in losing loyal customers, damaging the company's reputation, and forfeiting potential profits. It may also create an opportunity for competitors to gain market share and customer loyalty.

• Question 333:

  What should an organization do to prepare for Disaster Recovery (DR) efforts?

  A. Create a list of key personnel
  B. Create a list of decommissioned hardware
  C. Review tabletop exercises
  D. Replicate access logs
  C. Review tabletop exercises

  ---

  Explanation

• Question 334:

  Which of the following production activity control (PAC) techniques focuses on optimizing output?

  A. Gantt chart
  B. Priority sequencing rules
  C. Theory of constraints (TOC) scheduling
  D. Critical path management (CPM)
  C. Theory of constraints (TOC) scheduling

  ---

  Explanation

  TOC scheduling focuses on identifying and managing the system's constraint (bottleneck) to optimize overall output. By ensuring the constraint is always productive and synchronizing other processes around it, TOC maximizes the throughput of the entire system - making it the PAC technique most focused on optimizing output.

• Question 335:

  An organization is preparing for a natural disaster, and management is creating a Disaster Recovery Plan (DRP). What is the BEST input for prioritizing the restoration of vital Information Technology (IT) services?

  A. By priority as defined by the critical assets list
  B. The latest Continuity Of Operations Plan (COOP)
  C. Senior management assessment and approval
  D. The latest Business Impact Analysis (BIA)
  D. The latest Business Impact Analysis (BIA)

  ---

  Explanation

• Question 336:

  Why would a network administrator monitor Internet of Things (IoT) security differently than the security of standards network devices?

  A. IoT devices are not developed with cybersecurity in mind.
  B. IoT devices are unencrypted.
  C. IoT devices require Power over Ethernet.
  D. IoT devices are wireless.
  A. IoT devices are not developed with cybersecurity in mind.

  ---

  Explanation

• Question 337:

  A new organization building is being designed and the security manager has been asked for input on needed security requirements. Which of the following controls are MOST applicable to this scenario?

  A. Deterrent controls, such as signs announcing video cameras and alarms, are installed.
  B. Preventative controls, such as Intrusion Detection Systems (IDS) and security guards, are used.
  C. Preventative controls, such as Intrusion Detection Systems (IDS) and mechanical locks, are used.
  D. Deterrent controls, such as signs announcing video cameras and alarms, are installed.
  C. Preventative controls, such as Intrusion Detection Systems (IDS) and mechanical locks, are used.

  ---

  Explanation

• Question 338:

  Which of the following are the types of sourcing?

  A. Sole, multiple, single
  B. Multiple, single
  C. Group, multiple, single
  D. Sole, Group
  A. Sole, multiple, single

  ---

  Explanation

  The types of sourcing refer to the strategies a company uses to obtain materials or services:

  Sole Sourcing

  Only one supplier is available (not a choice; often due to patents or exclusive rights)

  Single Sourcing

  Only one supplier is chosen even though multiple options exist (a strategic decision)

  Multiple Sourcing

  Several suppliers are used to reduce risk, ensure availability, or encourage competition

  Final Answer: A: Sole, multiple, single.

• Question 339:

  A security engineer is implementing an authentication system for a new web application. The authentication requirements include the ability for a server to authenticate the client and for the client to authenticate the server. Which of the following choices BEST supports this requirement?

  A. Secure Shell (SSH)
  B. Trusted Platform Module (TPM)
  C. Virtual Private Network (VPN)
  D. Transport Layer Security (TLS)
  D. Transport Layer Security (TLS)

  ---

  Explanation

• Question 340:

  When starting an external benchmarking study, a firm must first:

  A. determine the metrics which will be measured and compared.
  B. identify the target firms with which to benchmark against.
  C. understand its own processes and document performance.
  D. determine its areas of weakness versus the competition's.
  C. understand its own processes and document performance.

  ---

  Explanation

  External benchmarking is a strategic tool where a company compares its processes and performance metrics to industry bests or competitors. Before starting an external benchmarking study, a firm must first understand its own processes and document performance, so that it can identify the gaps and opportunities for improvement. This is also a requirement for regulatory compliance. Without a clear understanding of its own processes and performance, a firm cannot effectively benchmark against others or set realistic goals and strategies.