IAPP CIPM Online Practice Questions and Exam Preparation

IAPP CIPM Online Questions & Answers

• Question 501:

  Which compensating control is the MOST effective to prevent fraud within an organization?

  A. Separation of privilege
  B. Pre-employment background checks
  C. Principle of least privilege
  D. Log monitoring
  A. Separation of privilege

  ---

  Explanation

• Question 502:

  Bad actors with little expense can easily make calls. Which social engineer strategy is a telecommunications ONLY risk concept?

  A. Pretexting
  B. Diversion theft
  C. Phreaking
  D. Baiting
  C. Phreaking

  ---

  Explanation

• Question 503:

  To ensure the quality of its newly developed software, an organization is aiming to deploy an automated testing tool that validates the source code. What type of testing BEST supports this capability?

  A. Network vulnerability scanning
  B. Dynamic Application Security Testing (DAST)
  C. Static Application Security Testing (SAST)
  D. Fuzz parsing
  C. Static Application Security Testing (SAST)

  ---

  Explanation

• Question 504:

  During an onsite audit, an assessor inspected an organization's asset decommission practice. Which of the following would MOST likely be a finding from a security point of view?

  A. Solid State Drives (SSD) were degaussed along with hard drives.
  B. The Non-Disclosure Agreement (NDA) between the organization and its data disposal service was more than 3 years old.
  C. Hard drives from older assets replaced defective hard drives from current assets of similar classification levels.
  D. Data classifications were not clearly identified.
  A. Solid State Drives (SSD) were degaussed along with hard drives.

  ---

  Explanation

• Question 505:

  Which of the following actions best supports a company's strategic focus on delivery speed to improve competitive advantage?

  A. Maintaining high-capacity utilization
  B. Developing flexible operations
  C. Cross-training workers
  D. Implementing rapid process improvements
  D. Implementing rapid process improvements

  ---

  Explanation

  To support a strategic focus on delivery speed, a company must continually reduce delays and streamline processes. Rapid process improvements directly target bottlenecks and inefficiencies, leading to faster order fulfillment and improved competitive advantage.

• Question 506:

  A house of quality (HOQ) chart aligns which pair of functions?

  A. Customer requirements with costing
  B. Engineering with operations
  C. Customer purchasing with supplier shipping
  D. Competitive analysis with product design
  D. Competitive analysis with product design

  ---

  Explanation

  A House of Quality (HOQ) chart, the central tool in Quality Function Deployment (QFD), aligns customer requirements (what's important to the customer) - often informed by competitive analysis - with product design specifications (how the company will meet those requirements). This ensures the final design reflects both market expectations and technical feasibility.

• Question 507:

  Which of the following is an access control method that organizations can use to prevent unauthorized access?

  A. Bring Your Own Device (BYOD)
  B. Man-in-the-Middle (MITM)
  C. Token-based authentication
  D. Digital verification
  C. Token-based authentication

  ---

  Explanation

• Question 508:

  Which approach will BEST mitigate risks associated with root user access while maintaining system functionality?

  A. Creating a system where administrative tasks are performed under monitored sessions using the root account, with audits conducted regularly
  B. Implementing a policy where users log in as root for complex tasks but use personal accounts for everyday activities, with strict logging of root access
  C. Configuring individual user accounts with necessary privileges for specific tasks and employing "sudo" for occasional administrative needs
  D. Allowing key authorized personnel to access the root account for critical system changes, while other staff use limited accounts with "sudo" for routine tasks
  C. Configuring individual user accounts with necessary privileges for specific tasks and employing "sudo" for occasional administrative needs

  ---

  Explanation

• Question 509:

  To satisfy the financial auditors that the inventory records represent the value of the inventory, this is the purpose of:

  A. Evolutionary inventory
  B. Functional inventory
  C. Physical inventory
  D. Periodic inventory
  C. Physical inventory

  ---

  Explanation

  A Physical Inventory involves counting the actual inventory on hand to verify that the recorded amounts in the system are accurate. This is crucial for: Satisfying financial auditors Ensuring inventory records match the actual value of inventory Supporting accurate financial statements

• Question 510:

  Which of the following MUST be checked during the validation of software verification capabilities?

  A. Security
  B. Completeness
  C. Vulnerabilities
  D. Logic
  A. Security

  ---

  Explanation