Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: Board70

CMMC-CCP Exam Dumps - Cyber AB CMMC Questions and Answers

Question # 34

When scoping the organizational system, the scope of applicability for the cybersecurity CUI practices applies to the components of:

Options:

A.

federal systems that process, store, or transmit CUI.

B.

nonfederal systems that process, store, or transmit CUI.

C.

federal systems that process, store, or transmit CUI. or that provide protection for the system components.

D.

nonfederal systems that process, store, or transmit CUI. or that provide protection for the system components.

Buy Now
Question # 35

While developing an assessment plan for an OSC. it is discovered that the certified assessor will be interviewing a former college roommate. What is the MOST correct action to take?

Options:

A.

Do not inform the OSC and the C3PAO of the possible conflict of interest, and continue as planned.

B.

Inform the OSC and the C3PAO of the possible conflict of interest, and start the entire process over without the conflicted team member.

C.

Inform the OSC and the C3PAO of the possible conflict of interest but since it has been an acceptable amount of time since college, no conflict of interest exists, and continue as planned.

D.

Inform the OSC and the C3PAO of the possible conflict of interest, document the conflict and mitigation actions in the assessment plan, and if the mitigation actions are acceptable, continue with the assessment.

Buy Now
Question # 36

At which CMMC Level do the Security Assessment (CA) practices begin?

Options:

A.

Level 1

B.

Level 2

C.

Level 3

D.

Level 4

Buy Now
Question # 37

When executing a remediation review, the Lead Assessor should:

Options:

A.

help OSC to complete planned remediation activities.

B.

plan two consecutive remediation reviews for an OSC.

C.

submit a delta assessment remediation package for C3PAO's internal quality review.

D.

validate that practices previously listed on the POA&M have been removed on an updated Risk Assessment.

Buy Now
Question # 38

While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?

Options:

A.

Procedures for implementing access control lists

B.

List of unauthorized users that identifies their identities and roles

C.

User names associated with system accounts assigned to those individuals

D.

Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."

Buy Now
Question # 39

An Assessment Team is conducting a Level 2 Assessment at the request of an OSC. The team has begun to score practices based on the evidence provided. At a MINIMUM what is required of the Assessment Team to determine if a practice is scored as MET?

Options:

A.

All three types of evidence are documented for every control.

B.

Examine and accept evidence from one of the three evidence types.

C.

Complete one of the following; examine two artifacts, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.

D.

Complete two of the following: examine one artifact, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.

Buy Now
Question # 40

Who makes the final determination of the assessment method used for each practice?

Options:

A.

CCP

B.

osc

C.

Site Manager

D.

Lead Assessor

Buy Now
Question # 41

In late September. CA.L2-3.12.1: Periodically assess the security controls in organizational systems to determine if the controls are effective in their application is assessed. Procedure specifies that a security control assessment shall be conducted quarterly. The Lead Assessor is only provided the first quarter assessment report because the person conducting the second quarter's assessment is currently out of the office and will return to the office in two hours. Based on this information, the Lead Assessor should determine that the evidence is;

Options:

A.

sufficient, and rate the audit finding as MET

B.

insufficient, and rate the audit finding as NOT MET.

C.

sufficient, and re-rate the audit finding after a quarter two assessment report is examined.

D.

insufficient, and re-rate the audit finding after a quarter two assessment report is examined.

Buy Now
Question # 42

An OSC has submitted evidence for an upcoming assessment. The assessor reviews the evidence and determines it is not adequate or sufficient to meet the CMMC practice. What can the assessor do?

Options:

A.

Notify the CMMC-AB.

B.

Cancel the assessment.

C.

Postpone the assessment.

D.

Contact the C3PAO for guidance.

Buy Now
Question # 43

In scoping a CMMC Level 1 Self-Assessment, it is determined that an ESP employee has access to FCI. What is the ESP employee considered?

Options:

A.

In scope

B.

Out of scope

C.

OSC point of contact

D.

Assessment Team Member

Buy Now
Exam Code: CMMC-CCP
Exam Name: Certified CMMC Professional (CCP) Exam
Last Update: Apr 2, 2025
Questions: 170
CMMC-CCP pdf

CMMC-CCP PDF

$25.5  $84.99
CMMC-CCP Engine

CMMC-CCP Testing Engine

$28.5  $94.99
CMMC-CCP PDF + Engine

CMMC-CCP PDF + Testing Engine

$40.5  $134.99