IAPP CIPM Online Practice Questions and Exam Preparation

IAPP CIPM Online Questions & Answers

• Question 431:

  A newly hired Chief Information Security Officer (CISO) is now responsible to build a third-party assurance for their organization. When assessing a third-party, which of the following questions needs to be answered?

  A. How many employees the third-party employs?
  B. Which level of support does the third-party provide related to security?
  C. What is the monetary value of the third-party contract?
  D. To which standards does the third-party need to be assessed?
  D. To which standards does the third-party need to be assessed?

  ---

  Explanation

• Question 432:

  Which of the following MUST be in place for security to be effective in an organization?

  A. Security objectives are documented and in line with the organization's mission and goals.
  B. Security policies are in line with international standards.
  C. Technology strategy decisions have the involvement and approval of the security organization.
  D. Risk assessments on business plans include security issues as part of the analysis.
  A. Security objectives are documented and in line with the organization's mission and goals.

  ---

  Explanation

• Question 433:

  In which cloud computing model is Identify And Access Management (IAM) the responsibility of a service provider?

  A. Software As A Service (SaaS).
  B. Platform As A Service (PaaS).
  C. Desktop As A Service (DaaS).
  D. Infrastructure As A Service (IaaS).
  A. Software As A Service (SaaS).

  ---

  Explanation

• Question 434:

  After a recent cybersecurity incident, a manufacturing organization is interested in further hardening its Identity and Access Management (IAM) solution. Knowing that the organization limits the use of personal devices in the facility, which could BEST be implemented to enhance the manufacturing organization's IAM solution?

  A. Enhanced background checks
  B. Mobile Multi-Factor Authentication (MFA) application
  C. Biometric system
  D. Personal Identification Number (PIN) code
  C. Biometric system

  ---

  Explanation

• Question 435:

  The primary purpose for engaging in cycle count activities is to:

  A. eliminate the need for a traditional physical inventory count.
  B. more frequently reconcile the actual on-hand and system on-hand for items.
  C. smooth out the tasks of counting inventory throughout the fiscal year.
  D. improve material handling processes and reduce or eliminate errors.
  B. more frequently reconcile the actual on-hand and system on-hand for items.

  ---

  Explanation

  The primary purpose of cycle counting is to regularly verify inventory accuracy by reconciling actual on-hand quantities with the system-recorded quantities. This helps maintain accurate inventory records throughout the year without relying solely on full physical inventories.

• Question 436:

  By using following product tree, how many Ks are needed to make 200Xs and 150 Ys?

  

  A. 1900 Ks
  B. 900 Ks
  C. 2100 Ks
  D. 800 Ks
  A. 1900 Ks

  ---

  Explanation

  To find the total number of K components needed to produce 200 units of X and 150 units of Y, we need to trace the number of Ks used in each product tree.

  Step 1: Analyze Product X Tree

  X B(2), C, D

  B F, G(2)

  G J, K(2)

  D M(2)

  M N

  Let's break this down:

  From X B(2)

  B G(2)

  G K(2)

  So per B, we need 2 Gs, and per G, 2 Ks

  1 B 2 G 4 Ks

  But X uses 2 Bs, so:

  Therefore, for 200 Xs:

  Step 2: Analyze Product Y Tree

  Y L, M, N(2), O

  L P

  P G

  G K(2)

  Only P G K(2) leads to Ks.

  So per Y, there is 1 P 1 G 2 Ks

  Thus:

  1 Y 2 Ks

  For 150 Ys:

  Total Ks Required

  From X: 1600 Ks

  From Y: 300 Ks

  Total = 1600 + 300 = 1900 Ks

  Final Answer: A: 1900 Ks

• Question 437:

  Which of the following criteria is used to determine safety stock in a distribution center (DC)?

  A. Economic order quantity(EOQ)
  B. Seasonal index value
  C. Alpha factor level
  D. Probability of stocking out
  D. Probability of stocking out

  ---

  Explanation

  Safety stock is the extra inventory held in a distribution center to account for uncertainties in demand or supply. The probability of stocking out refers to the chance that the inventory level will fall below the required demand during a given perioD: A higher probability of stocking out indicates a greater need for safety stock to minimize the risk of running out of inventory and losing sales.

• Question 438:

  The orders are automatically scheduled and controlled by the computer are the orders called:

  A. Planned orders
  B. Computer generated order
  C. Firms planned order
  D. All of the Above
  A. Planned orders

  ---

  Explanation

  Planned orders are: Automatically generated by the MRP system Based on material requirements, lead times, and lot sizing rules Tentative, meaning they can be modified or converted into actual (released) orders when needed Used to ensure materials are available when required

  Option Review:

  B: Computer generated order: Descriptive but not the formal term

  C: Firm planned order: A planned order manually firmed by the planner; not automatically controlled

  D: All of the Above: Incorrect, only A is the precise term Final Answer: A: Planned orders.

• Question 439:

  Providing a routine method for regularly updating item forecasts is known as:

  A. Regular smoothing
  B. Exponential smoothing
  C. Steady smoothing
  D. Stable trend smoothing
  B. Exponential smoothing

  ---

  Explanation

  Exponential smoothing is a commonly used forecasting method that provides a routine and adaptive way to update forecasts as new data becomes available. It gives more weight to recent observations, making it responsive yet stable.

• Question 440:

  The security department was notified about vulnerabilities regarding users' identity verification in a web application. Which of the following vulnerabilities is the security professional MOST likely to test?

  A. Exposure of sensitive information
  B. Use of hard-coded passwords
  C. Trust boundary violation
  D. Improper authentication
  D. Improper authentication

  ---

  Explanation