- All Exams Instant Download
A company is about to conduct a press release. According to AC.L1-3.1.22: Control information posted or processed on publicly accessible systems, what is the MOST important factor to consider when addressing CMMC requirements?
A company is about to conduct a press release. According to AC.L1-3.1.22: Control information posted or processed on publicly accessible systems, what is the MOST important factor to consider when addressing CMMC requirements?A . That the information is correctB . That the CEO approved the messageC . That the company...
Which document is the BEST source for descriptions of each practice or process contained within the various CMMC domains?
Which document is the BEST source for descriptions of each practice or process contained within the various CMMC domains?A . CMMC GlossaryB . CMMC AppendicesC . CMMC Assessment ProcessD . CMMC Assessment Guide Levels 1 and 2View AnswerAnswer: C
What is a PRIMARY activity that is performed while conducting an assessment?
What is a PRIMARY activity that is performed while conducting an assessment?A . Develop assessment plan.B . Collect and examine evidence.C . Verify readiness to conduct assessment.D . Deliver recommended assessment results.View AnswerAnswer: B
With respect to user-installed software, what facet should the CCP's interview focus on?
A CCP is working as an Assessment Team Member on a CMMC Level 2 Assessment. The Lead Assessor has assigned the CCP to assess the OSC's Configuration Management (CM) domain. The CCP's first interview is with a subject-matter expert for user-installed software. With respect to user-installed software, what facet should...
Which determination should be reached?
There are 15 practices that are NOT MET for an OSC's Level 2 Assessment. All practices are applicable to the OSC. Which determination should be reached?A . The OSC may have 90 days for remediating NOT MET practices.B . The OSC is not eligible for an option to remediate NOT...
Which term describes "the protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to. or modification of information"?
Which term describes "the protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to. or modification of information"?A . Adopted securityB . Adaptive securityC . Adequate securityD . Advanced securityView AnswerAnswer: C
Who will verify the adequacy and sufficiency of evidence to determine whether the practices and related components for each in-scope Host Unit. Supporting Organization/Unit, or enclave has been met?
Who will verify the adequacy and sufficiency of evidence to determine whether the practices and related components for each in-scope Host Unit. Supporting Organization/Unit, or enclave has been met?A . OSCB . Assessment TeamC . Authorizing officialD . Assessment officialView AnswerAnswer: B
Who is responsible for identifying and verifying Assessment Team Member qualifications?
Who is responsible for identifying and verifying Assessment Team Member qualifications?A . C3PAOB . CMMC-ABC . Lead AssessorD . CMMC MarketplaceView AnswerAnswer: A
What set of established security requirements MUST that cloud provider meet?
A client uses an external cloud-based service to store, process, or transmit data that is reasonably believed to qualify as CUI. According to DFARS clause 252.204-7012. What set of established security requirements MUST that cloud provider meet?A . FedRAMP LowB . FedRAMP ModerateC . FedRAMP HighD . FedRAMP SecureView AnswerAnswer:...
Which term describes the people, processes, and technology external to the HQ Organization that participate in the assessment but will not receive a CMMC Level unless an enterprise Assessment is conducted?
During the planning phase of the Assessment Process. C3PAO staff are reviewing the various entities associated with an OSC that has requested a CMMC Level 2 Assessment. Which term describes the people, processes, and technology external to the HQ Organization that participate in the assessment but will not receive a...
