Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cyber AB CMMC-CCP - Certified CMMC Professional (CCP) Exam

Page: 6 / 7
Total 228 questions

Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?

A.

Level 1

B.

Level 2

C.

Level 3

D.

All levels

To develop an assessment contract and establish a scope of work, which organization does an OSC work with?

A.

OUSD

B.

RPOs

C.

C3PAOs

D.

CMMC-AB

A company is working with a CCP from a contracted CMMC consulting company. The CCP is asked where the Host Unit is required to document FCI and CUI for a CMMC Assessment. How should the CCP respond?

A.

"In the SSP. within the asset inventory, and in the network diagranY'

B.

"Within the hardware inventory, data (low diagram, and in the network diagram"

C.

"Within the asset inventory, in the proposal response, and in the network diagram"

D.

"In the network diagram, in the SSP. within the base inventory, and in the proposal response'"

An OSC lead has provided company information, identified that they are seeking CMMC Level 2, stated that they handle FCI. identified stakeholders, and provided assessment logistics. The OSC has provided the company's cyber hygiene practices that are posted on every workstation, visitor logs, and screenshots of the configuration of their FedRAMP-approved applications. The OSC has not won any DoD government contracts yet but is working on two proposals Based on this information, which statement BEST describes the CMMC Level 2 Assessment requirements?

A.

Ready because there is no need to certify this company until after they win a DoD contract.

B.

Not ready because the OSC is not on contract because they do not know the scope of FCI protection required by the contract.

C.

Not ready because the OSC still lacks artifacts that prove they have implemented all the CMMC Level 2 Assessment requirements.

D.

Ready because all DoD contractors are required to achieve CMMC Level 2; therefore, they are being proactive in seeking certification.

A CCP is on their first assessment for CMMC Level 2 with an Assessment Team and is reviewing the CMMC Assessment Process to understand their responsibilities. Which method gathers information from the subject matter experts to facilitate understanding and achieve clarification?

A.

Test

B.

Examine

C.

Interview

D.

Assessment

After completing a Level 2 Assessment, a C3PAO is preparing to upload the Assessment Results Package to Enterprise Mission Assurance Support Service. Which document MUST be included as part of the final assessment results package?

A.

Final Report

B.

Certification rating

C.

Summary-level findings

D.

All Daily Checkpoint logs

How many cybersecurity levels does the CMMC Model structure contain?

A.

2 Levels.

B.

3 Levels.

C.

5 Levels.

D.

4 Levels.

Per DoDI 5200.48: Controlled Unclassified Information (CUI), CUI is marked by whom?

A.

DOD OUSD

B.

Authorized holder

C.

Information Disclosure Official

D.

Presidentially authorized Original Classification Authority

Which resource contains authoritative data classifications of CUI?

A.

NARA

B.

CMMC-AB

C.

DoD Contractors FAQ

D.

OSC's privacy policies

During a Level 2 Assessment, an OSC provides documentation that attests that they utilize multifactor authentication on nonlocal remote maintenance sessions. The OSC feels that they have met the controls for the Level 2 certification. What additional measures should the OSC perform to fully meet the maintenance requirement?

A.

Connections for nonlocal maintenance sessions should be terminated when maintenance is complete.

B.

Connections for nonlocal maintenance sessions should be unlimited to ensure maintenance is performed properly

C.

The nonlocal maintenance personnel complain that restrictions slow down their response time and should be removed.

D.

The maintenance policy states multifactor authentication must have at least two factors applied for nonlocal maintenance sessions.