- All Exams Instant Download
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?A . Access Control (AC)B . Media Protection (MP)C . Asset Management (AM)D . Configuration Management (CM)View AnswerAnswer: D
Which resource contains authoritative data classifications of CUI?
Which resource contains authoritative data classifications of CUI?A . NARAB . CMMC-ABC . DoD Contractors FAQD . OSC's privacy policiesView AnswerAnswer: A
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?A . Level 1B . Level 2C . Level 3D . Any levelView AnswerAnswer: A
Which document is the BEST source for determining the sources of evidence for a given practice?
Which document is the BEST source for determining the sources of evidence for a given practice?A . NISTSP 800-53B . NISTSP 800-53AC . CMMC Assessment ScopeD . CMMC Assessment GuideView AnswerAnswer: B
What can this file cabinet BEST be determined to be?
In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?A . In scope, because it is an asset that stores FCIB...
What is the BEST way to handle this file?
A CMMC Assessment is being conducted at an OSC's HQ. which is a shared workspace in a multi-tenant building. The OSC is renting four offices on the first floor that can be locked individually. The first-floor conference room is shared with other tenants but has been reserved to conduct the...
As a part of this presentation, which document MUST include the attendee list, time/date, location/meeting link, results from all discussed topics, including any resulting actions, and due dates from the OSC or Assessment Team?
During an assessment, the Lead Assessor reviews the evidence for each CMMC in-scope practice that has been reviewed, verified, rated, and discussed with the OSC during the daily reviews. The Assessment Team records the final recommended MET or NOT MET rating and prepares to present the results to the assessment...
When are data and documents with legacy markings from or for the DoD required to be re-marked or redacted?
When are data and documents with legacy markings from or for the DoD required to be re-marked or redacted?A . When under the control of the DoDB . When the document is considered secretC . When a document is being shared outside of the organizationD . When a derivative document's...
Which certified individual should they approach for implementation support?
An organization that manufactures night vision cameras is looking for help to address the gaps identified in physical access control systems. Which certified individual should they approach for implementation support?A . CCA of the C3PAO performing the assessmentB . RP of an organization not part of the assessmentC . Practitioner...
For this company's CMMC Level 1 Self-Assessment, how should the assets supporting the commercial services division be categorized?
A company has a government services division and a commercial services division. The government services division interacts exclusively with federal clients and regularly receives FCI. The commercial services division interacts exclusively with non-federal clients and processes only publicly available information. For this company's CMMC Level 1 Self-Assessment, how should the...
