• ホーム
  • ブログ
  • 究極のガイド準備CMMC-CCP認証試験Cyber AB CMMCは2025年更新 [Q47-Q69]

究極のガイド準備CMMC-CCP認証試験Cyber AB CMMCは2025年更新 [Q47-Q69]

Share

究極のガイド準備CMMC-CCP認証試験Cyber AB CMMCは2025年更新

リアルCMMC-CCP問題集でCyber AB正確なアンサーは最新問題は2025年更新

質問 # 47
On a Level 2 Assessment Team, what are the roles of the CCP and the CCA?

  • A. The CCP leads the Level 2 Assessment Team, which consists of one or more CCAs.
  • B. The CCA leads the Level 2 Assessment Team, which can include 3 CCP with US Citizenship.
  • C. The CCP leads the Level 2 Assessment Team, which can include a CCA. regardless of citizenship.
  • D. The CCA leads the Level 2 Assessment Team, which can include a CCP regardless of citizenship.

正解:B


質問 # 48
In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?

  • A. In scope, because it is part of the same physical location
  • B. Out of scope, because they are all only paper documents
  • C. In scope, because it is an asset that stores FCI
  • D. Out of scope, because it does not process or transmit FCI

正解:C


質問 # 49
Who makes the final determination of the assessment method used for each practice?

  • A. osc
  • B. Site Manager
  • C. Lead Assessor
  • D. CCP

正解:C


質問 # 50
During the review of information that was published to a publicly accessible site, an OSC correctly identifies that part of the information posted should have been restricted. Which item did the OSC MOST LIKELY identify?

  • A. Change of leadership in the organization
  • B. Launching of their new business service line
  • C. FCI
  • D. Public releases identifying major deals signed with commercial entities

正解:C


質問 # 51
Which document is the BEST source for determining the sources of evidence for a given practice?

  • A. CMMC Assessment Guide
  • B. NISTSP 800-53
  • C. NISTSP 800-53A
  • D. CMMC Assessment Scope

正解:C


質問 # 52
An organization's sales representative is tasked with entering FCI data into various fields within a spreadsheet on a company-issued laptop. This laptop is an FCI Asset being used to:

  • A. store, process, and transmit FCI.
  • B. store, process, and organize FCI.
  • C. process and organize FCI.
  • D. process and transmit FCI.

正解:A


質問 # 53
During an assessment, the Lead Assessor reviews the evidence for each CMMC in-scope practice that has been reviewed, verified, rated, and discussed with the OSC during the daily reviews. The Assessment Team records the final recommended MET or NOT MET rating and prepares to present the results to theassessment participants during the final review with the OSC and sponsor. As a part of this presentation, which document MUST include the attendee list, time/date, location/meeting link, results from all discussed topics, including any resulting actions, and due dates from the OSC or Assessment Team?

  • A. Final and recorded OSC CMMC report
  • B. Final log report
  • C. Final CMMC report
  • D. Final and recorded Daily Checkpoint log

正解:C


質問 # 54
In many organizations, the protection of FCI includes devices that are used to scan physical documentation into digital form and print physical copies of digital FCI. What technical control can be used to limit multi- function device (MFD) access to only the systems authorized to access the MFD?

  • A. Documentation showing MFD configuration
  • B. Virtual LAN restrictions
  • C. Single administrative account
  • D. Access lists only known to the IT administrator

正解:B


質問 # 55
What is the BEST description of the purpose of FAR clause 52 204-21?

  • A. It describes all of the safeguards that contractors must take to secure covered contractor IS.
  • B. It directs all covered contractors to install the cyber security systems listed in that clause.
  • C. It describes the minimum standard of care that contractors must take to secure covered contractor IS.
  • D. It directs covered contractors to obtain CMMC Certification at the level equal to the lowest requirement of their contracts.

正解:C


質問 # 56
A C3PAO is near completion of a Level 2 Assessment for an OSC. The CMMC Findings Brief and CMMC Assessment Results documents have been developed. The Final Recommended Assessment Results are being generated. When generating these results, what MUST be included?

  • A. An updated Assessment Plan
  • B. Review documentation for the CMMC Quality Assurance Professional (CQAP)
  • C. Recorded and final updated Daily Checkpoint
  • D. Fully executed CMMC Assessment contract between the C3PAO and the OSC

正解:D


質問 # 57
The Lead Assessor interviews a network security specialist of an OSC. The incident monitoring report for the month shows that no security incidents were reported from OSC's external SOC service provider. This is provided as evidence for RA.L2-3.11.2: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified. Based on this information, the Lead Assessor should conclude that the evidence is:

  • A. adequate because it fits well for expected artifacts.
  • B. inadequate because the OSC's service provider should be interviewed.
  • C. inadequate because it is irrelevant to the practice.
  • D. adequate because no security incidents were reported.

正解:C


質問 # 58
What are CUI protection responsibilities?

  • A. Shielding
  • B. Correcting
  • C. Governing
  • D. Safeguarding

正解:D


質問 # 59
A company has a government services division and a commercial services division. The government services division interacts exclusively with federal clients and regularly receives FCI. The commercial services division interacts exclusively with non-federal clients and processes only publicly available information. For this company's CMMC Level 1 Self-Assessment, how should the assets supporting the commercial services division be categorized?

  • A. Out-of-Scope Assets
  • B. FCI Assets
  • C. Specialized Assets
  • D. Operational Technology Assets

正解:D


質問 # 60
When scoping the organizational system, the scope of applicability for the cybersecurity CUI practices applies to the components of:

  • A. nonfederal systems that process, store, or transmit CUI.
  • B. federal systems that process, store, or transmit CUI. or that provide protection for the system components.
  • C. federal systems that process, store, or transmit CUI.
  • D. nonfederal systems that process, store, or transmit CUI. or that provide protection for the system components.

正解:D


質問 # 61
An Assessment Team is conducting interviews with team members about their roles and responsibilities. The team member responsible for maintaining the antivirus program knows that it was deployed but has very little knowledge on how it works. Is this adequate for the practice?

  • A. Yes,antivirus programs are automated to run independently.
  • B. Yes,the antivirus program is available, so it is sufficient.
  • C. No, the team member's interview answers about deployment and maintenance are insufficient.
  • D. No, the team member must know how the antivirus program is deployed and maintained.

正解:D


質問 # 62
An Assessment Team is conducting a Level 2 Assessment at the request of an OSC. The team has begun to score practices based on the evidence provided. At a MINIMUM what is required of the Assessment Team to determine if a practice is scored as MET?

  • A. All three types of evidence are documented for every control.
  • B. Complete one of the following; examine two artifacts, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.
  • C. Examine and accept evidence from one of the three evidence types.
  • D. Complete two of the following: examine one artifact, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.

正解:D


質問 # 63
Which statement BEST describes the requirements for a C3PA0?

  • A. A C3PAO must be authorized by CMMC-AB before being able to conduct assessments.
  • B. An accredited C3PAO must meet all DoD and some ISO/IEC 17020 requirements.
  • C. An authorized C3PAO must meet some DoD and all ISO/IEC 17020 requirements.
  • D. AC3PAO must be accredited by DoD before being able to conduct assessments.

正解:A


質問 # 64
The evidence needed for each practice and/or process is weight for:

  • A. sufficiency and thoroughness.
  • B. adequacy and thoroughness.
  • C. sufficiency and appropriateness.
  • D. adequacy and sufficiency.

正解:D


質問 # 65
How does the CMMC define a practice?

  • A. A series of changes taking place in a defined manner
  • B. A business transaction
  • C. A condition arrived at by experience or exercise
  • D. An activity or activities performed to meet defined CMMC objectives

正解:D


質問 # 66
Which assessment method compares actual-specified conditions with expected behavior?

  • A. Interview
  • B. Test
  • C. Compile
  • D. Examine

正解:B


質問 # 67
Regarding the Risk Assessment (RA) domain, what should an OSC periodically assess?

  • A. Organizational operations, business processes, and employees
  • B. Organizational operations, organizational processes, and individuals
  • C. Organizational operations, business assets, and employees
  • D. Organizational operations, organizational assets, and individuals

正解:D


質問 # 68
A C3PAO is conducting High Level Scoping for an OSC that requested an assessment Which term describes the people, processes, and technology that will be applied to the contract who are requesting a CMMC Level assessment?

  • A. Host Unit
  • B. Branch Office
  • C. Coordinating Unit
  • D. Supporting Organization/Units

正解:D


質問 # 69
......

Cyber AB CMMC CMMC-CCP試験練習問題集:https://www.goshiken.com/Cyber-AB/CMMC-CCP-mondaishu.html

CMMC-CCPプレミアム資料テストPDFで無料問題集お試しセット:https://drive.google.com/open?id=1uHS8wZYPI9ZpUiH76GIH5-nPzS0fCmFg

関するブログ

もっと
CMMC-CCP無料問題集