CMMC-CCP Cyber-AB Exam Questions and Free Practice Test

Question 37

There are 15 practices that are NOT MET for an OSC's Level 2 Assessment. All practices are applicable to the OSC. Which determination should be reached?

A. The OSC may have 90 days for remediating NOT MET practices.

B. The OSC is not eligible for an option to remediate NOT MET practices.

C. The OSC may be eligible for an option to remediate NOT MET practices.

D. The OSC is not eligible for an option to remediate after the assessment is canceled.

Correct Answer:C

Question 38

Which document is the BEST source for determining the sources of evidence for a given practice?

A. NISTSP 800-53

B. NISTSP 800-53A

C. CMMC Assessment Scope

D. CMMC Assessment Guide

Correct Answer:D

Question 39

When assessing SI.L2-3.14.6: Monitor communications for attack, the CCA interviews the person responsible for the intrusion detection system and examines relevant policies and procedures for monitoring organizational systems. What would be a possible next step the CCA could conduct to gather sufficient evidence?

A. Conduct a penetration test

B. Interview the intrusion detection system's supplier.

C. Upload known malicious code and observe the system response.

D. Review an artifact to check key references for the configuration of the IDS or IPS practice for additional guidance on intrusion detection and prevention systems.

Correct Answer:D

Question 40

A Level 2 Assessment was conducted for an OSC, and the results are ready to be submitted. Prior to uploading the assessment results, what step MUST the C3PAO complete?

A. Pay an assessment submission fee.

B. Complete an internal review of the results.

C. Notify the CMMC-AB that submission is forthcoming.

D. Coordinate a final briefing between the Lead Assessor and the OSC.

Correct Answer:B

Question 41

A cyber incident is discovered that affects a covered contractor IS and the CDI residing therein. How long does the contractor have to inform the DoD?

A. 24 hours

B. 48 hours

C. 72 hours

D. 96 hours

Correct Answer:C

Question 42

Exercising due care to ensure the information gathered during the assessment is protected even after the engagement has ended meets which code of conduct requirement?

A. Availability

B. Confidentiality

C. Information Integrity

D. Respect for Intellectual Property

Correct Answer:B

START CMMC-CCP EXAM