- All Exams Instant Download
What type of asset is this?
During a Level 1 Self-Assessment, a smart thermostat was identified. It is connected to the Internet on the OSC's WiFi network. What type of asset is this?A . FCI AssetB . CUI AssetC . In-scope AssetD . Specialized AssetView AnswerAnswer: C
Which organization is the governmental authority responsible for identifying and marking CUI?
Which organization is the governmental authority responsible for identifying and marking CUI?A . NARAB . NISTC . CMMC-ABD . Department of Homeland SecurityView AnswerAnswer: A
Is this sufficient to pass the practice?
An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?A . No,...
For a Level 1 Self-Assessment, what type of asset is this?
A machining company has been awarded a contract with the DoD to build specialized parts. Testing of the parts will be done by the company using in-house staff and equipment. For a Level 1 Self-Assessment, what type of asset is this?A . CUI AssetB . In-scope AssetC . Specialized AssetD...
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?A . Level 1B . Level 2C . Level 3D . All levelsView AnswerAnswer: A
Which document stipulates these reporting requirements?
Prior to initiating an OSC's CMMC Assessment, the Lead Assessor briefed the team on the most important requirements of the assessment. The assessor also insisted that the same results of the findings summary, practice ratings, and Level recommendations must be submitted to the C3PAO for initial processes and review. After...
During the assessment process, who is the final interpretation authority for recommended findings?
During the assessment process, who is the final interpretation authority for recommended findings?A . C3PAOB . CMMC-ABC . OSC sponsorD . Assessment Team MembersView AnswerAnswer: D
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?A . Access Control (AC)B . Media Protection (MP)C . Asset Management (AM)D . Configuration Management (CM)View AnswerAnswer: D
Which resource contains authoritative data classifications of CUI?
Which resource contains authoritative data classifications of CUI?A . NARAB . CMMC-ABC . DoD Contractors FAQD . OSC's privacy policiesView AnswerAnswer: A
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?A . Level 1B . Level 2C . Level 3D . Any levelView AnswerAnswer: A
