CMMC-CCP Cyber-AB Exam Questions and Free Practice Test

Question 19

A C3PAO is near completion of a Level 2 Assessment for an OSC. The CMMC Findings Brief and CMMC Assessment Results documents have been developed. The Final Recommended Assessment Results are being generated. When generating these results, what MUST be included?

A. An updated Assessment Plan

B. Recorded and final updated Daily Checkpoint

C. Fully executed CMMC Assessment contract between the C3PAO and the OSC

D. Review documentation for the CMMC Quality Assurance Professional (CQAP)

Correct Answer:D

Question 20

Which government agency are DoD contractors required to report breaches of CUI to?

A. FBI

B. NARA

C. DoD Cyber Crime Center

D. Under Secretary of Defense for Intelligence and Security

Correct Answer:C

Question 21

The practices in CMMC Level 2 consists of the security requirements specified in:

A. NISTSP 800-53.

B. NISTSP 800-171.

C. 48 CFR 52.204-21.

D. DFARS 252.204-7012.

Correct Answer:B

Question 22

A CCP is on their first assessment for CMMC Level 2 with an Assessment Team and is reviewing the CMMC Assessment Process to understand their responsibilities. Which method gathers information from the subject matter experts to facilitate understanding and achieve clarification?

A. Test

B. Examine

C. Interview

D. Assessment

Correct Answer:C

Question 23

How are the Final Recommended Assessment Findings BEST presented?

A. Using the CMMC Findings Brief template

B. Using a C3PAO-provided template that is preferred by the OSC

C. Using a C3PAO-branded version of the CMMC Findings Brief template

D. Using the proprietary template created by the Lead Assessor after approval from theC3PAO

Correct Answer:A

Question 24

SC.L2-3 13.14: Control and monitor the use of VoIP technologies is marked as NOT APPLICABLE for an OSC's assessment. How does this affect the assessment scope?

A. Any existing telephone system is in scope even if it is not using VoIP technology.

B. An error has been made and the Lead Assessor should be contacted to correct the error.

C. VoIP technology is within scope, and it uses FlPS-validated encryption, so it does not need to be assessed.

D. VoIP technology is not used within scope boundary, so no assessment procedures are specified for this practice.

Correct Answer:D

START CMMC-CCP EXAM