Summer Sale Limited Time 75% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code = simple75

Pass the Cyber AB CMMC CMMC-CCP Questions and answers with Dumpstech

Exam CMMC-CCP Premium Access

View all detail and faqs for the CMMC-CCP exam

Practice at least 50% of the questions to maximize your chances of passing.
Viewing page 8 out of 8 pages
Viewing questions 71-80 out of questions
Questions # 71:

An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?

Options:

A.

No, the work is not being done as stated.

B.

Yes, the practice is being done as documented.

C.

No, all three assessment methods must be met to pass.

D.

Yes. the interview process is enough to pass a practice.

Questions # 72:

Which statement BEST describes an assessor's evidence gathering activities?

Options:

A.

Use interviews for assessing a Level 2 practice.

B.

Test all practices or objectives for a Level 2 practice

C.

Test certain assessment objectives to determine findings.

D.

Use examinations, interviews, and tests to gather sufficient evidence.

Questions # 73:

An employee is the primary system administrator for an OSC. The employee will be a core part of the assessment, as they perform most of the duties in managing and maintaining the systems. What would the employee be BEST categorized as?

Options:

A.

Analyzer

B.

Inspector

C.

Applicable staff

D.

Demonstration staff

Questions # 74:

In many organizations, the protection of FCI includes devices that are used to scan physical documentation into digital form and print physical copies of digital FCI. What technical control can be used to limit multi-function device (MFD) access to only the systems authorized to access the MFD?

Options:

A.

Virtual LAN restrictions

B.

Single administrative account

C.

Documentation showing MFD configuration

D.

Access lists only known to the IT administrator

Questions # 75:

A company has a government services division and a commercial services division. The government services division interacts exclusively with federal clients and regularly receives FCI. The commercial services division interacts exclusively with non-federal clients and processes only publicly available information. For this company's CMMC Level 1 Self-Assessment, how should the assets supporting the commercial services division be categorized?

Options:

A.

FCI Assets

B.

Specialized Assets

C.

Out-of-Scope Assets

D.

Operational Technology Assets

Questions # 76:

During assessment planning, the OSC recommends a person to interview for a certain practice. The person being interviewed MUST be the person who:

Options:

A.

funds that practice.

B.

audits that practice.

C.

supports, audits, and performs that practice.

D.

implements, performs, or supports that practice.

Questions # 77:

The results package for a Level 2 Assessment is being submitted. What MUST a Final Report. CMMC Assessment Results include?

Options:

A.

Affirmation for each practice or control

B.

Documented rationale for each failed practice

C.

Suggested improvements for each failed practice

D.

Gaps or deltas due to any reciprocity model are recorded as met

Questions # 78:

What is the BEST description of the purpose of FAR clause 52 204-21?

Options:

A.

It directs all covered contractors to install the cyber security systems listed in that clause.

B.

It describes all of the safeguards that contractors must take to secure covered contractor IS.

C.

It describes the minimum standard of care that contractors must take to secure covered contractor IS.

D.

It directs covered contractors to obtain CMMC Certification at the level equal to the lowest requirement of their contracts.

Questions # 79:

In scoping a CMMC Level 1 Self-Assessment, it is determined that an ESP employee has access to FCI. What is the ESP employee considered?

Options:

A.

In scope

B.

Out of scope

C.

OSC point of contact

D.

Assessment Team Member

Questions # 80:

When are data and documents with legacy markings from or for the DoD required to be re-marked or redacted?

Options:

A.

When under the control of the DoD

B.

When the document is considered secret

C.

When a document is being shared outside of the organization

D.

When a derivative document's original information is not CUI

Viewing page 8 out of 8 pages
Viewing questions 71-80 out of questions