APICS CPIM-8.0 Exam - Topic 4 Question 21 Discussion

Actual exam question for APICS's CPIM-8.0 exam

Question #: 21
Topic #: 4

While doing a penetration test, auditors found an old credential hash for a privileged user. To prevent a privileged user's hash from being cached, what is the MOST appropriate policy to mandate?

AAdd privileged user to the domain admin group.

BAdd privileged users to the protected users group.

CEnable security options for each privileged user.

DPlace each privileged user in a separate Kerberos policy.

Show Suggested Answer

Suggested Answer: B

by Lashandra at Mar 31, 2026, 04:00 PM

Limited Time Offer

25%

Off

Get Premium CPIM-8.0 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Lacey

18 days ago

Totally agree, B makes the most sense!

upvoted 0 times

...

Earlean

23 days ago

B is the best choice for protecting hashes.

upvoted 0 times

...

Ma

1 month ago

I thought placing users in a separate Kerberos policy was more about access control rather than preventing hash caching, so I'm leaning towards B as well.

upvoted 0 times

...

Haydee

2 months ago

I feel like option C could be relevant, but it seems too vague compared to the others.

upvoted 0 times

...

Vallie

2 months ago

I remember a similar question about user privileges and security policies, but I can't recall if enabling security options is enough.

upvoted 0 times

...

Chuck

2 months ago

I think the answer might be B, adding privileged users to the protected users group, but I'm not entirely sure how that works in practice.

upvoted 0 times

...