최신 CMMC-CCP 무료덤프 - Cyber AB Certified CMMC Professional (CCP)

문제1

How are the Final Recommended Assessment Findings BEST presented?

A. Using the proprietary template created by the Lead Assessor after approval from the C3PAO

B. Using a C3PAO-branded version of the CMMC Findings Brief template

C. Using a C3PAO-provided template that is preferred by the OSC

D. Using the CMMC Findings Brief template

정답: D

문제2

While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?

A. Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."

B. Procedures for implementing access control lists

C. List of unauthorized users that identifies their identities and roles

D. User names associated with system accounts assigned to those individuals

정답: D

문제3

The Lead Assessor interviews a network security specialist of an OSC. The incident monitoring report for the month shows that no security incidents were reported from OSC's external SOC service provider. This is provided as evidence for RA.L2-3.11.2: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. Based on this information, the Lead Assessor should conclude that the evidence is:

A. adequate because it fits well for expected artifacts.

B. inadequate because the OSC's service provider should be interviewed.

C. inadequate because it is irrelevant to the practice.

D. adequate because no security incidents were reported.

정답: C

문제4

Which statement BEST describes the requirements for a C3PA0?

A. An accredited C3PAO must meet all DoD and some ISO/IEC 17020 requirements.

B. AC3PAO must be accredited by DoD before being able to conduct assessments.

C. An authorized C3PAO must meet some DoD and all ISO/IEC 17020 requirements.

D. A C3PAO must be authorized by CMMC-AB before being able to conduct assessments.

정답: D

문제5

The evidence needed for each practice and/or process is weight for:

A. sufficiency and thoroughness.

B. sufficiency and appropriateness.

C. adequacy and thoroughness.

D. adequacy and sufficiency.

정답: D

문제6

After completing a Level 2 Assessment, a C3PAO is preparing to upload the Assessment Results Package to Enterprise Mission Assurance Support Service. Which document MUST be included as part of the final assessment results package?

A. All Daily Checkpoint logs

B. Certification rating

C. Summary-level findings

D. Final Report

정답: D

문제7

During Phase 4 of the Assessment process, what MUST the Lead Assessor determine and recommend to the C3PAO concerning the OSC?

A. Ability

B. Suitability

C. Eligibility

D. Capability

정답: D

문제8

In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?

A. In scope, because it is an asset that stores FCI

B. In scope, because it is part of the same physical location

C. Out of scope, because it does not process or transmit FCI

D. Out of scope, because they are all only paper documents

정답: A

문제9

Which term describes the process of granting or denying specific requests to obtain and use information, related information processing services, and enter specific physical facilities?

A. Mandatory access control

B. Access control

C. Discretionary access control

D. Physical access control

정답: B

문제10

An Assessment Team is conducting interviews with team members about their roles and responsibilities. The team member responsible for maintaining the antivirus program knows that it was deployed but has very little knowledge on how it works. Is this adequate for the practice?

A. No, the team member must know how the antivirus program is deployed and maintained.

B. No, the team member's interview answers about deployment and maintenance are insufficient.

C. Yes,antivirus programs are automated to run independently.

D. Yes,the antivirus program is available, so it is sufficient.

정답: A

최신 CMMC-CCP 무료덤프 - Cyber AB Certified CMMC Professional (CCP)

우리와 연락하기

유용한 링크

최신 업데이트