- All Exams Instant Download
Is this sufficient to pass the practice?
An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?A . No,...
For a Level 1 Self-Assessment, what type of asset is this?
A machining company has been awarded a contract with the DoD to build specialized parts. Testing of the parts will be done by the company using in-house staff and equipment. For a Level 1 Self-Assessment, what type of asset is this?A . CUI AssetB . In-scope AssetC . Specialized AssetD...
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?
Where does the requirement to include a required practice of ensuring that personnel are trained to carry out their assigned information security-related duties and responsibilities FIRST appear?A . Level 1B . Level 2C . Level 3D . All levelsView AnswerAnswer: A
Which document stipulates these reporting requirements?
Prior to initiating an OSC's CMMC Assessment, the Lead Assessor briefed the team on the most important requirements of the assessment. The assessor also insisted that the same results of the findings summary, practice ratings, and Level recommendations must be submitted to the C3PAO for initial processes and review. After...
During the assessment process, who is the final interpretation authority for recommended findings?
During the assessment process, who is the final interpretation authority for recommended findings?A . C3PAOB . CMMC-ABC . OSC sponsorD . Assessment Team MembersView AnswerAnswer: D
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?
Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?A . Access Control (AC)B . Media Protection (MP)C . Asset Management (AM)D . Configuration Management (CM)View AnswerAnswer: D
Which resource contains authoritative data classifications of CUI?
Which resource contains authoritative data classifications of CUI?A . NARAB . CMMC-ABC . DoD Contractors FAQD . OSC's privacy policiesView AnswerAnswer: A
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?
Which MINIMUM Level of certification must a contractor successfully achieve to receive a contract award requiring the handling of CUI?A . Level 1B . Level 2C . Level 3D . Any levelView AnswerAnswer: A
Which document is the BEST source for determining the sources of evidence for a given practice?
Which document is the BEST source for determining the sources of evidence for a given practice?A . NISTSP 800-53B . NISTSP 800-53AC . CMMC Assessment ScopeD . CMMC Assessment GuideView AnswerAnswer: B
What can this file cabinet BEST be determined to be?
In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?A . In scope, because it is an asset that stores FCIB...
