CMMC-CCP試験無料問題集（172題）「Cyber AB Certified CMMC Professional (CCP) 認定」

出題：1

During a CMMC readiness review, the OSC proposes that an associated enclave should not be applicable in the scope. Who is responsible for verifying this request?

A. CCP

B. C3PAO

C. Lead Assessor

D. Advisory Board

正解：C 解答を投票する

出題：2

In late September. CA.L2-3.12.1: Periodically assess the security controls in organizational systems to determine if the controls are effective in their application is assessed. Procedure specifies that a security control assessment shall be conducted quarterly. The Lead Assessor is only provided the first quarter assessment report because the person conducting the second quarter's assessment is currently out of the office and will return to the office in two hours. Based on this information, the Lead Assessor should determine that the evidence is;

A. sufficient, and rate the audit finding as MET

B. insufficient, and re-rate the audit finding after a quarter two assessment report is examined.

C. sufficient, and re-rate the audit finding after a quarter two assessment report is examined.

D. insufficient, and rate the audit finding as NOT MET.

正解：D 解答を投票する

出題：3

Who is responsible for identifying and verifying Assessment Team Member qualifications?

A. CMMC-AB

B. CMMC Marketplace

C. C3PAO

D. Lead Assessor

正解：C 解答を投票する

出題：4

The IT manager is scoping the company's CMMC Level 1 Self-Assessment. The manager considers which servers, laptops. databases, and applications are used to store, process, or transmit FCI. Which asset type is being considered by the IT manager?

A. Facilities

B. People

C. Technology

D. ESP

正解：C 解答を投票する

出題：5

Per DoDI 5200.48: Controlled Unclassified Information (CUI), CUI is marked by whom?

A. Presidentialauthorized Original Classification Authority

B. Information Disclosure Official

C. DoD OUSD

D. Authorized holder

正解：D 解答を投票する

出題：6

Which standard and regulation requirements are the CMMC Model 2.0 based on?

A. DFARS, FIPS 100, NIST SP 800-171,and Carnegie Mellon University

B. DFARS, FIPS 100,and NIST SP 800-171

C. DFARS, NIST, and Carnegie Mellon University

D. NIST SP 800-171 and NIST SP 800-172

正解：D 解答を投票する

出題：7

When are data and documents with legacy markings from or for the DoD required to be re-marked or redacted?

A. When a derivative document's original information is not CUI

B. When under the control of the DoD

C. When the document is considered secret

D. When a document is being shared outside of the organization

正解：D 解答を投票する

出題：8

Which statement BEST describes an assessor's evidence gathering activities?

A. Use interviews for assessing a Level 2 practice.

B. Test certain assessment objectives to determine findings.

C. Test all practices or objectives for a Level 2 practice

D. Use examinations, interviews, and tests to gather sufficient evidence.

正解：D 解答を投票する

出題：9

A Level 2 Assessment of an OSC is winding down and the final results are being prepared to present to the OSC. When should the final results be delivered to the OSC?

A. Either at the final Daily Checkpoint, or during a separately scheduled findings and recommendation review

B. Either after approval from the C3PAO. or during a separately scheduled final recommended findings review

C. Daily and during a final separately scheduled review

D. At the end of every day of the assessment

正解：A 解答を投票する

出題：10

An employee is the primary system administrator for an OSC. The employee will be a core part of the assessment, as they perform most of the duties in managing and maintaining the systems. What would the employee be BEST categorized as?

A. Inspector

B. Analyzer

C. Demonstration staff

D. Applicable staff

正解：D 解答を投票する

CMMC-CCP試験無料問題集「Cyber AB Certified CMMC Professional (CCP) 認定」