Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA Exam Practice Test

An OSC seeking Level 2 certification has a fully cloud-based environment. The assessor must evaluate fulfillment of Level 2 requirements the OSC implements versus those handled by the cloud service provider.
Which document would be BEST to identify the Level 2 requirements handled by the OSC's cloud provider?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During preparations for a CMMC Level 2 Assessment, a client submits a request to their consulting RP to learn more about Specialized Asset requirements. The client is unsure if their camera system, used for safety data collection purposes within their machining shop, should be documented within the SSP. Which reason is a satisfactory reason to exclude the camera system from the SSP, and thus the assessment scope?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During an assessment interview, the interviewee states that anyone can connect to the company Wi-Fi without prior approval. Within which domains is the Wi-Fi configuration covered?
Correct Answer: A Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During the assessment of a company, the CCA learns that 50% of employees work from home using remote access. After reviewing the Access Control policy and audit logs, the CCA is unsure how the system ensures only employees with correct privileges can access CUI. The CCA decides a Test of functionality is required.
Which question is of the LEAST concern to the CCA?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
An in-house compliance expert for a large defense contractor is reviewing the organization's training materials for personnel handling CUI. After a widely publicized insider threat incident, management requires that training address insider threat risks. What is a critical component of insider threat awareness training?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
Both the SSP and network diagrams presented to the Lead Assessor by the OSC indicate managed service providers (MSPs) within the assessment boundary. In order to BEST understand the impact of the MSPs, what should the Lead Assessor do?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
The team is assessing an OSC that uses the cloud for hosting its online services. Which of the following is NOT important for the assessor to consider?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
An OSC seeking Level 2 certification is working with an ESP. The organization is trying to determine if the ESP is considered within the assessment and is reviewing the Service Level Agreement (SLA) between the organization and the ESP. Which SLA component should be taken into consideration to determine if the ESP is within the assessment scope?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
The OSC's network consists of a single network switch that connects all devices. This includes the OSC's OT equipment, which processes CUI. The OT controller requires an unsupported operating system.
What can the Lead Assessor BEST conclude about the overall compliance with MA.L2-3.7.1: Perform Maintenance?
Correct Answer: C Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
A company is seeking Level 2 CMMC certification. During the Limited Practice Deficiency Correction Evaluation, the Lead Assessor is deciding whether the company can be moved to a POA&M Close-Out. What condition will result if a POA&M Close-Out option cannot be utilized?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
An OSC has a testing laboratory. The lab has several pieces of equipment, including a workstation that is used to analyze test information collected from the test equipment. All equipment is on the same VLAN that is part of the certification assessment. The OSC claims that the workstation is part of the test equipment (Specialized Asset) and only needs to be addressed under risk-based security policies. However, the OSC states that the data analysis output is CUI. What is the assessor's BEST response?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
NIST SP 800-171A specifies the assessment methods for defining the nature and the extent of a CCA's actions. What is the purpose of the test assessment method?
Correct Answer: B Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).
During an assessment, the OSC IT security team provided documentation on how they use replay-resistant authentication to protect CUI. What can be used as a replay-resistant mechanism?
Correct Answer: D Vote an answer
Explanation: Only visible for PassTestking members. You can sign-up / login (it's free).