Summer Sale Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

Cyber AB CMMC-CCP - Certified CMMC Professional (CCP) Exam

Page: 7 / 7
Total 228 questions

While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?

A.

Procedures for implementing access control lists

B.

List of unauthorized users that identifies their identities and roles

C.

User names associated with system accounts assigned to those individuals

D.

Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."

A Lead Assessor has been assigned to a CMMC Assessment During the assessment, one of the assessors approaches with a signed policy. There is one signatory, and that person has since left the company. Subsequently, another person was hired into that position but has not signed the document. Is this document valid?

A.

The signatory is the authority to implement and enforce the policy, and since that person is no longer with the company, the policy is not valid.

B.

More research on the company policy of creating, implementing, and enforcing policies is needed. If the company has a policy identifying the authority as with the position or person, then the policy is valid.

C.

The signatory does not validate or invalidate the policy. For the purpose of this assessment, ensuring that the policy is current and is being implemented by the individuals who are performing the work is sufficient.

D.

The authority to implement and enforce lies with the position, not the person. As long as that position's authority and responsibilities have not been removed from implementing that domain, it is still a valid policy.

During assessment planning, the OSC recommends a person to interview for a certain practice. The person being interviewed MUST be the person who:

A.

funds that practice.

B.

audits that practice.

C.

supports, audits, and performs that practice.

D.

implements, performs, or supports that practice.

The evidence needed for each practice and/or process is weight for:

A.

adequacy and sufficiency.

B.

adequacy and thoroughness.

C.

sufficiency and thoroughness.

D.

sufficiency and appropriateness.

Within what amount of time MUST convictions, guilty pleas, or no contest pleas to crimes of fraud, larceny, embezzlement, misappropriation of funds, misrepresentation, perjury, false swearing, conspiracy to conceal, or a similar offense in any legal proceeding, civil or criminal, whether or not connected with activities that relate to carrying out a Lead Assessor role, be reported to the CMMC Accreditation Body?

A.

90 days.

B.

30 days.

C.

3 days.

D.

7 days.

For CMMC Assessments, during Phase 1 of the CMMC Assessment Process, which are responsible for identifying potential conflicts of information?

A.

C3PAO and OSC

B.

OSC and CMMC-AB

C.

CMMC-AB and C3PAO

D.

Lead Assessor and Assessment Team Members

Which statement BEST describes a LTP?

A.

Creates DoD-licensed training

B.

Instructs a curriculum approved by CMMC-AB

C.

May market itself as a CMMC-AB Licensed Provider for testing

D.

Delivers training using some CMMC body of knowledge objectives

Which term describes the prevention of damage to. protection of, and restoration of computers and electronic communications systems/services, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation?

A.

Cybersecurity

B.

Data security

C.

Network security

D.

Information security