CMMC-CCP Cyber-AB Exam Questions and Free Practice Test

Question 13

The evidence needed for each practice and/or process is weighed for:

A. Adequacy and sufficiency

B. Adequacy and thoroughness

C. Sufficiency and thoroughness

D. Sufficiency and appropriateness

Correct Answer:A

Question 14

Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?

A. Access Control (AC)

B. Media Protection (MP)

C. Asset Management (AM)

D. Configuration Management (CM)

Correct Answer:D

Question 15

A contractor has implemented IA.L2-3.5.3: Multifactor Authentication practice for their privileged users, however, during the assessment it was discovered that the OSC's standard users do not require MFA to access their endpoints and network resources. What would be the BEST finding?

A. The process is running correctly.

B. It is out of scope as this is a new acquisition.

C. The new acquisition is considered Specialized Assets.

D. Practice is NOT MET since the objective was not implemented.

Correct Answer:D

Question 16

A Lead Assessor is ensuring all actions have been completed to conclude a Level 2 Assessment. The final Assessment Results Package has been properly reviewed and is ready to be uploaded. What other materials is the Lead Assessor responsible for maintaining and protecting?

A. Any additional notes and information from the Assessment

B. A final assessment plan, and a Quality Control report from C3PAO

C. A final assessment plan, and a letter from the Lead Assessor explaining the process

D. A final assessment plan, a letter from the Lead Assessor explaining the results, and a Quality Control report from C3PAO

Correct Answer:A

Question 17

An Assessment Team Member is conducting a CMMC Level 2 Assessment for an OSC that is in the process of inspecting Assessment Objects for AC.L1-3.1.1: Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems) to determine the adequacy of evidence provided by the OSC. Which Assessment Method does this activity fall under?

A. Test

B. Observe

C. Examine

D. Interview

Correct Answer:C

Question 18

A company is about to conduct a press release. According to AC.L1-3.1.22: Control information posted or processed on publicly accessible systems, what is the MOST important factor to consider when addressing CMMC requirements?

A. That the information is correct

B. That the CEO approved the message

C. That the company has to safeguard the release of FCI

D. That so long as the information is only FCI, it can be released

Correct Answer:C

START CMMC-CCP EXAM