Online CMMC-CCP Questions Video

Page: 8 / 12

Question 32

While developing an assessment plan for an OSC. it is discovered that the certified assessor will be interviewing a former college roommate. What is the MOST correct action to take?

Options:

Do not inform the OSC and the C3PAO of the possible conflict of interest, and continue as planned.

Inform the OSC and the C3PAO of the possible conflict of interest, and start the entire process over without the conflicted team member.

Inform the OSC and the C3PAO of the possible conflict of interest but since it has been an acceptable amount of time since college, no conflict of interest exists, and continue as planned.

Inform the OSC and the C3PAO of the possible conflict of interest, document the conflict and mitigation actions in the assessment plan, and if the mitigation actions are acceptable, continue with the assessment.

Question 33

At which CMMC Level do the Security Assessment (CA) practices begin?

Options:

Level 1

Level 2

Level 3

Level 4

Question 34

When executing a remediation review, the Lead Assessor should:

Options:

help OSC to complete planned remediation activities.

plan two consecutive remediation reviews for an OSC.

submit a delta assessment remediation package for C3PAO's internal quality review.

validate that practices previously listed on the POA&M have been removed on an updated Risk Assessment.

Question 35

While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?