When planning an assessment, the Lead Assessor should work with the OSC to select personnel to be interviewed who could:
A. have a security clearance.
B. be a senior person in the company.
C. demonstrate expertise on the CMMC requirements.
D. provide clarity and understanding of their practice activities.
As defined in the CMMC-AB Code of Professional Conduct, what term describes any contract between two legal entities?
A. Union
B. Accord
C. Alliance
D. Agreement
Which statement BEST describes the requirements for a C3PA0?
A. An authorized C3PAO must meet some DoD and all ISO/IEC 17020 requirements.
B. An accredited C3PAO must meet all DoD and some ISO/IEC 17020 requirements.
C. AC3PAO must be accredited by DoD before being able to conduct assessments.
D. A C3PAO must be authorized by CMMC-AB before being able to conduct assessments.
Which term describes "the protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to. or modification of information"?
A. Adopted security
B. Adaptive security
C. Adequate security
D. Advanced security
Who will verify the adequacy and sufficiency of evidence to determine whether the practices and related components for each in-scope Host Unit, Supporting Organization/Unit, or enclave have been met?
A. OSC
B. Assessment Team
C. Authorizing official
D. Assessment official
A contractor has implemented IA.L2-3.5.3: Multifactor Authentication practice for their privileged users, however, during the assessment it was discovered that the OSC's standard users do not require MFA to access their endpoints and network resources. What would be the BEST finding?
A. The process is running correctly.
B. It is out of scope as this is a new acquisition.
C. The new acquisition is considered Specialized Assets.
D. Practice is NOT MET since the objective was not implemented.
Before submitting the assessment package to the Lead Assessor for final review, a CCP decides to review the Media Protection (MP) Level 1 practice evidence to ensure that all media containing FCI are sanitized or destroyed before disposal or release for reuse. After a thorough review, the CCP tells the Lead Assessor that all supporting documents fully reflect the performance of the practice and should be accepted because the evidence is:
A. official.
B. adequate.
C. compliant.
D. subjective.
Recording evidence as adequate is defined as the criteria needed to:
A. verify, based on an assessment and organizational scope.
B. verify, based on an assessment and organizational practice.
C. determine if a given artifact, interview response, demonstration, or test meets the CMMC scope.
D. determine if a given artifact, interview response, demonstration, or test meets the CMMC practice.
Exercising due care to ensure the information gathered during the assessment is protected even after the engagement has ended meets which code of conduct requirement?
A. Availability
B. Confidentiality
C. Information Integrity
D. Respect for Intellectual Property
In performing scoping, what should the assessor ensure that the scope of the assessment covers?
A. All assets documented in the business plan
B. All assets regardless if they do or do not process, store, or transmit FCI/CUI
C. All entities, regardless of the line of business, associated with the organization
D. All assets processing, storing, or transmitting FCI/CUI and security protection assets
An OSC performing a CMMC Level 1 Self-Assessment uses a legacy Windows 95 computer, which is the only system that can run software that the government contract requires. Why can this asset be considered out of scope?
A. It handles CUI
B. It is a restricted IS
C. It is government property
D. It is operational technology
While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?
A. Procedures for implementing access control lists
B. List of unauthorized users that identifies their identities and roles
C. User names associated with system accounts assigned to those individuals
D. Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."
| Page 5 out of 17 Pages |
| 234567 |
| CMMC-CCP Practice Test Home |
Real-World Scenario Mastery: Our CMMC-CCP practice exam don't just test definitions. They present you with the same complex, scenario-based problems you'll encounter on the actual exam.
Strategic Weakness Identification: Each practice session reveals exactly where you stand. Discover which domains need more attention, before Certified CMMC Professional (CCP) Exam exam day arrives.
Confidence Through Familiarity: There's no substitute for knowing what to expect. When you've worked through our comprehensive CMMC-CCP practice exam questions pool covering all topics, the real exam feels like just another practice session.
Copyright © All Rights Reserved