- All Exams Instant Download
What is the BEST determination that the Lead Assessor should reach regarding the evidence?
When assessing SI.L1-3.14.2: Provide protection from malicious code at appropriate locations within organizational information systems, evidence shows that all of the OSC's workstations and servers have antivirus software installed for malicious code protection. A centralized console for the antivirus software management is in place and records show that all devices...
Which phase of the CMMC Assessment Process includes developing the assessment plan?
Which phase of the CMMC Assessment Process includes developing the assessment plan?A . Phase 1B . Phase 2C . Phase 3D . Phase 4View AnswerAnswer: A
The Advanced Level in CMMC will contain Access Control {AC) practices from:
The Advanced Level in CMMC will contain Access Control {AC) practices from:A . Level 1.B . Level 3.C . Levels 1 and 2.D . Levels 1,2, and 3.View AnswerAnswer: D
Is this document valid?
A Lead Assessor has been assigned to a CMMC Assessment During the assessment, one of the assessors approaches with a signed policy. There is one signatory, and that person has since left the company. Subsequently, another person was hired into that position but has not signed the document. Is this...
Is this adequate for the practice?
An Assessment Team is conducting interviews with team members about their roles and responsibilities. The team member responsible for maintaining the antivirus program knows that it was deployed but has very little knowledge on how it works. Is this adequate for the practice?A . Yes, the antivirus program is available,...
As part of CMMC 2.0, the change to Level 1 Self-Assessments supports "reduced assessment costs" allows all companies at Level 1 (Foundational) to:
As part of CMMC 2.0, the change to Level 1 Self-Assessments supports "reduced assessment costs" allows all companies at Level 1 (Foundational) to:A . to conduct self-assessments.B . opt out of CMMC Assessments.C . have assessment costs reimbursed by the DoD.D . pay no more than $500.00 for their annual...
Who agrees to and signs off on the Assessment Plan?
An OSC has requested a C3PAO to conduct a Level 2 Assessment. The C3PAO has agreed, and the two organizations have collaborated to develop the Assessment Plan. Who agrees to and signs off on the Assessment Plan?A . OSC and SponsorB . OSC and CMMC-ABC . Lead Assessor and C3PAOD...
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"
What type of criteria is used to answer the question "Does the Assessment Team have the right evidence?"A . Adequacy criteriaB . Objectivity criteriaC . Sufficiency criteriaD . Subjectivity criteriaView AnswerAnswer: C
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or simple transactional information, such as necessary to process payments?
What type of information is NOT intended for public release and is provided by or generated for the government under a contract to develop or deliver a product or service to the government, but not including information provided by the government to the public (such as on public websites) or...
A defense contractor needs to share FCI with a subcontractor and sends this data in an email.
A defense contractor needs to share FCI with a subcontractor and sends this data in an email. The email system involved in this process is being used to:A . manage FCI.B . process FCI.C . transmit FCI.D . generate FCIView AnswerAnswer: C
