Questions for the CPIM-8-0 were updated on : Nov 21 ,2025
An organization undergoing acquisition merged IT departments and infrastructure. During server
decommissioning, some servers still in use by customers were mistakenly removed, causing order
processing failures. Which type of review would have BEST avoided this scenario?
B
An advertising agency is working on a campaign for a prospective client. Competitors are working on
a similar campaign and are interested in knowing what the firm has designed. What should the
advertising agency do to BEST ensure intellectual property does not leave the organization?
A
How much data an organization can afford to lose is determined by the:
D
At which Open Systems Interconnection (OSI) layer does User Datagram Protocol (UDP) function?
C
The results of a threat campaign show a high risk of potential intrusion. Which of the following
parameters of the Common Vulnerability Scoring System (CVSS) will MOST likely provide information
on threat conditions for the organization to consider?
D
An organization is migrating some of its applications to the cloud. The Chief Information Security
Officer (CISO) is concerned about the accuracy of the reports showing which application should be
migrated and how many applications reside on each server. As a result, the CISO is looking to
establish asset management requirements. Which of these elements should be considered part of
asset management requirements?
B
What is the BEST reason to include a Hardware Security Module (HSM) in the key management
system when securing cloud storage?
D
Who is responsible for ensuring compliance when an organization uses a cloud provider to host its
Virtual Machine (VM) instances?
C
Which of the following regarding authentication protocols is a PRIMARY consideration when
designing an authentication and key management system?
D
An attacker was able to identify an organization’s wireless network, collect proprietary network
resource information, and capture several user credentials. The attacker then used that information
to conduct a more sophisticated and impactful attack against the organization. Which method did the
attacker MOST likely use to gather the initial information?
D
Following the setting of an organization’s risk appetite by senior management, a risk manager needs
to prioritize all identified risks for treatment. Each risk has been scored based on its Annualized Loss
Expectancy (ALE). Management has asked for an immediate risk mitigation plan focusing on top
risks. Which is the MOST effective approach for the risk manager to quickly present a proposal to
management?
B
An organization is planning to streamline its Identity and Access Management (IAM) processes and
platform. The executive team mandated a compact platform to efficiently manage identities for
internal and third-party services access. What is the BEST platform choice?
D
A software organization is getting ready to launch a new application. A security engineer notices the
application allows unrestricted access to files on the web server. Which of the following
recommendations will BEST resolve this security issue?
C
Which of the following capabilities BEST distinguishes a Next-Generation Firewall (NGFW) from a
traditional firewall?
B
An organization’s computer incident response team PRIMARILY responds to which type of control?
D