- All Exams Instant Download
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"A . Adequacy criteriaB . Objectivity criteriaC . Sufficiency criteriaD . Subjectivity criteriaView AnswerAnswer: C
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or simple transactional information, such as necessary to process payments?
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or...
A defense contractor needs to share FCI with a subcontractor and sends this data in an email.
A defense contractor needs to share FCI with a subcontractor and sends this data in an email. The email system involved in this process is being used to:A . manage FCI.B . process FCI.C . transmit FCI.D . generate FCIView AnswerAnswer: C
What type of asset is this?
During a Level 1 Self-Assessment, a smart thermostat was identified. It is connected to the Internet on the OSC's WiFi network. What type of asset is this?A . FCI AssetB . CUI AssetC . In-scope AssetD . Specialized AssetView AnswerAnswer: C
Which organization is the governmental authority responsible for identifying and marking CUI?
Which organization is the governmental authority responsible for identifying and marking CUI?A . NARAB . NISTC . CMMC-ABD . Department of Homeland SecurityView AnswerAnswer: A
Is this sufficient to pass the practice?
An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?A . No,...
For a Level 1 Self-Assessment, what type of asset is this?
A machining company has been awarded a contract with the DoD to build specialized parts. Testing of the parts will be done by the company using in-house staff and equipment. For a Level 1 Self-Assessment, what type of asset is this?A . CUI AssetB . In-scope AssetC . Specialized AssetD...
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?A . Level 1B . Level 2C . Level 3D . All levelsView AnswerAnswer: A
Which document stipulates these reporting requirements?
Prior to initiating an OSC's CMMC Assessment, the Lead Assessor briefed the team on the most important requirements of the assessment. The assessor also insisted that the same results of the findings summary, practice ratings, and Level recommendations must be submitted to the C3PAO for initial processes and review. After...
During the assessment process, who is the final interpretation authority for recommended findings?
During the assessment process, who is the final interpretation authority for recommended findings?A . C3PAOB . CMMC-ABC . OSC sponsorD . Assessment Team MembersView AnswerAnswer: D
