CPIM-8.0 Practice Questions

A.  

0.50

B.  

0.58

C.  

1.73

D.  

2.60

A.  

Implementing automated methods for data collection and reporting where possible

B.  

Updating security plans, security assessment reports, hardware, and software inventories

C.  

Defining specific methods for monitoring that will maintain or improve security posture

D.  

Collecting risk metrics from teams, such as business, testing, QA, development, and operations with security controls

A.  

Investing in prevention

B.  

Conducting quality audits

C.  

Loosening product specifications

D.  

Implementing house of quality (HOQ)

A.  

An independent auditor employed by the cloud provider is responsible for ensuring compliance.

B.  

The cyber insurance carrier is responsible for ensuring compliance.

C.  

The cloud provider may have a level of responsibility; however, the customer is ultimately responsible for ensuring compliance.

D.  

Compliance is equally shared between the cloud provider, the customer, and third-party vendors that interact with the VM instances.

A.  

Disaster, Reproducibility, Exploitability, Affected Users, And Discoverability (DREAD)

B.  

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege (STRIDE)

C.  

Pretend, Allow, Crash, Modify, Ascertain, Name

D.  

Confidentiality, Authentication, Integrity, Nonrepudiation, Availability

A.  

Measurements that help describe the problem

B.  

Guidance to which problem-solving tools should be used

C.  

Criteria for selecting the improvement team

D.  

Description of who is responsible for the problem

A.  

Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE)

B.  

Zero Trust (ZT) threat modeling

C.  

Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE)

D.  

Process for Attack Simulation and Threat Analysis (PASTA)

A.  

Ensures incoming and outgoing packets are inspected before they are allowed to pass through

B.  

Offers features such as integrated intrusion prevention or application awareness and control

C.  

Provides security when users traverse public networks such as the Internet

D.  

Provides stateless and stateful inspection of incoming and outgoing network traffic

A.  

Due care

B.  

Vulnerability management

C.  

Software Development Life Cycle (SDLC)

D.  

Software assurance

A.  

Mean absolute deviation (MAD)

B.  

Standard deviation

C.  

Tracking signal

D.  

Variance

A.  

Risks of data breaches that can result from inadequate encryption of tenant data in transit and at rest

B.  

Potential legal actions from third parties due to tenants’ activities on the CSP’s platform

C.  

Vulnerabilities in shared resources that can be exploited by attackers to affect multiple tenants

D.  

Threats originating from the CSP’s tenants that can impact the infrastructure and other tenants

A.  

Security training

B.  

Orientation

C.  

User provisioning

D.  

Background check

A.  

Excessive privileges

B.  

Need to know access

C.  

Training access

D.  

Least access principle

A.  

Concurrent engineering

B.  

Design for manufacture

C.  

Design for logistics

D.  

Quality function deployment (QFD)

A.  

Provide all the requested data in an organization’s proprietary encrypted format and deliver a viewing application.

B.  

Gather all the data about all the users and provide it to the customer in Extensible Markup Language (XML) format.

C.  

Gather and provide all the requested data in Extensible Markup Language (XML) format.

D.  

Provide a time convenient to the customer to visit the organization’s premises and provide an overview of all the processed data by an organization’s privacy officer.