- All Exams Instant Download
The Advanced Level in CMMC will contain Access Control {AC) practices from:
The Advanced Level in CMMC will contain Access Control {AC) practices from:A . Level 1.B . Level 3.C . Levels 1 and 2.D . Levels 1,2, and 3.View AnswerAnswer: D
Is this document valid?
A Lead Assessor has been assigned to a CMMC Assessment During the assessment, one of the assessors approaches with a signed policy. There is one signatory, and that person has since left the company. Subsequently, another person was hired into that position but has not signed the document. Is this...
Is this adequate for the practice?
An Assessment Team is conducting interviews with team members about their roles and responsibilities. The team member responsible for maintaining the antivirus program knows that it was deployed but has very little knowledge on how it works. Is this adequate for the practice?A . Yes, the antivirus program is available,...
As part of CMMC 2.0, the change to Level 1 Self-Assessments supports "reduced assessment costs" allows all companies at Level 1 (Foundational) to:
As part of CMMC 2.0, the change to Level 1 Self-Assessments supports "reduced assessment costs" allows all companies at Level 1 (Foundational) to:A . to conduct self-assessments.B . opt out of CMMC Assessments.C . have assessment costs reimbursed by the DoD.D . pay no more than $500.00 for their annual...
Who agrees to and signs off on the Assessment Plan?
An OSC has requested a C3PAO to conduct a Level 2 Assessment. The C3PAO has agreed, and the two organizations have collaborated to develop the Assessment Plan. Who agrees to and signs off on the Assessment Plan?A . OSC and SponsorB . OSC and CMMC-ABC . Lead Assessor and C3PAOD...
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"A . Adequacy criteriaB . Objectivity criteriaC . Sufficiency criteriaD . Subjectivity criteriaView AnswerAnswer: C
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or simple transactional information, such as necessary to process payments?
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or...
A defense contractor needs to share FCI with a subcontractor and sends this data in an email.
A defense contractor needs to share FCI with a subcontractor and sends this data in an email. The email system involved in this process is being used to:A . manage FCI.B . process FCI.C . transmit FCI.D . generate FCIView AnswerAnswer: C
What type of asset is this?
During a Level 1 Self-Assessment, a smart thermostat was identified. It is connected to the Internet on the OSC's WiFi network. What type of asset is this?A . FCI AssetB . CUI AssetC . In-scope AssetD . Specialized AssetView AnswerAnswer: C
Which organization is the governmental authority responsible for identifying and marking CUI?
Which organization is the governmental authority responsible for identifying and marking CUI?A . NARAB . NISTC . CMMC-ABD . Department of Homeland SecurityView AnswerAnswer: A
