IAPP CIPM Online Practice Questions and Exam Preparation

IAPP CIPM Online Questions & Answers

• Question 531:

  An organization is transitioning from a traditional server-centric infrastructure to a cloud-based Infrastructure. Shortly after the transition, a major breach occurs to the organization's databases. In an Infrastructure As A Service (IaaS) model, who would be held responsible for the breach?

  A. The database vendor
  B. The third-party auditor
  C. The organization
  D. The Cloud Service Provider (CSP)
  C. The organization

  ---

  Explanation

• Question 532:

  An organization donates used computer equipment to a non-profit group. A system administrator used a degausser on both the magnetic and Solid State Drives (SSD) before delivery. A volunteer at the non-profit group discovered some of the drives still contained readable data and alerted the system administrator. What is the BEST solution to ensure that computer equipment does not contain data before release?

  A. Verify sanitization results by trying to read 100% of the media.
  B. Determine the type of media in the computer and apply the appropriate method of sanitization.
  C. Use cryptographic erasure to ensure data on the media device is erased.
  D. Use a program that will overwrite existing data with a fixed pattern of binary zeroes.
  B. Determine the type of media in the computer and apply the appropriate method of sanitization.

  ---

  Explanation

• Question 533:

  Which of the following is the BEST reason to conduct a penetration test?

  A. To verify compliance with organizational patching policies.
  B. To document that all relevant patches have been installed.
  C. To identify technical vulnerabilities.
  D. To determine if weaknesses can be exploited.
  D. To determine if weaknesses can be exploited.

  ---

  Explanation

• Question 534:

  A security team is analyzing the management of data within the human resources systems, as well as, the intended use of the data, and with whom and how the data will be shareD: Which type of assessment is the team MOST likely performing?

  A. Privacy Impact Assessment (PIA)
  B. Vulnerability assessment
  C. Sensitive data assessment
  D. Personally Identifiable Information (PII) risk assessment
  A. Privacy Impact Assessment (PIA)

  ---

  Explanation

• Question 535:

  Which of the below represents the GREATEST cloud-specific policy and organizational risk?

  A. Supply chain failure
  B. Loss of business reputation due to co-tenant activities
  C. Loss of governance between the client and cloud provider
  D. Cloud service termination or failure
  C. Loss of governance between the client and cloud provider

  ---

  Explanation

• Question 536:

  An information security professional is enhancing the organization's existing information security awareness program through educational posters. Which of the following is the MOST effective location for poster placement?

  A. In a secure room inside the office
  B. Beside the copy machine
  C. Outside the office
  D. In the human resources area
  B. Beside the copy machine

  ---

  Explanation

• Question 537:

  In a Discretionary Access Control (DAC) model, how is access to resources managed?

  A. By the subject's ability to perform the function
  B. By the discretion of a system administrator
  C. By the subject's rank and/or title within the security organization
  D. By the identity of subjects and/or groups to which they belong
  C. By the subject's rank and/or title within the security organization

  ---

  Explanation

• Question 538:

  If an organization wanted to protect is data against loss of confidentiality in transit, which type of encryption is BEST?

  A. Symmetric cryptography
  B. Public Key Infrastructure (PKI) with asymmetric keys
  C. Password encryption using hashing (with salt and pepper)
  D. Message Authentication Code (MAC) using hashing
  B. Public Key Infrastructure (PKI) with asymmetric keys

  ---

  Explanation

• Question 539:

  An organization's computer incident responses team PRIMARY responds to which type of control?

  A. Administrative
  B. Detective
  C. Corrective
  D. presentative
  C. Corrective

  ---

  Explanation

• Question 540:

  A manufacturer has a forecasted annual demand of 1,000,000 units for a new product. They have to choose one of four new pieces of equipment to produce this product. Assume that revenue will be $10 per unit for all four options.

  Which machine will maximize their profit if the manufacturer anticipates market demand will be steady for 3 years and there is no residual value for any of the equipment choices?

  

  A. Machine A
  B. Machine B
  C. Machine C
  D. Machine D
  C. Machine C

  ---

  Explanation

  To find which machine maximizes profit, calculate total profit over 3 years for each option:

  Assumptions:

  Forecasted demand = 1,000,000 units/year

  Sales price = $10/unit

  Time period = 3 years

  No residual value

  Machine A Capacity = 800,000 doesn't meet demand eliminate Not a viable option

  Machine B

  Capacity = 1,000,000 (meets demand)

  Fixed cost: $200,000/year

  Variable cost: $5.50/unit

  Annual profit = $10,000,000 - $5,700,000 = $4,300,000

  Machine C

  Capacity = 1,200,000 (meets demand)

  Fixed cost: $250,000/year

  Variable cost: $5.00/unit

  Annual profit = $10,000,000 - $5,250,000 = $4,750,000

  Machine D

  Capacity = 1,400,000 (meets demand) Fixed cost: $1,000,000/year Variable cost: $4.50/unit Annual profit = $10,000,000 - $5,500,000 = $4,500,000 Result: Machine B: $12.9M Machine C: $14.25M Machine D: $13.5M