Certified CMMC Professional v1.0

Page:    1 / 14   
Exam contains 201 questions
Expand All

Which example represents a Specialized Asset?

  • A. SOCs
  • B. Hosted VPN services
  • C. Consultants who provide cybersecurity services
  • D. All property owned or leased by the government


Answer : D

When assessing an OSC for CMMC, the Lead Assessor should use the information from the Discussion and Further Discussion sections in each practice because it:

  • A. is normative for an OSC to follow.
  • B. contains examples that an OSC must implement.
  • C. is mandatory and aligns with FAR Clause 52.204-21.
  • D. provides additional information to facilitate the assessment of the practice.


Answer : D

An OSC has requested a C3PAO to conduct a Level 2 Assessment. The C3PAO has agreed, and the two organizations have collaborated to develop the Assessment Plan. Who agrees to and signs off on the Assessment Plan?

  • A. OSC and Sponsor
  • B. OSC and CMMC-AB
  • C. Lead Assessor and C3PAO
  • D. C3PAO and Assessment Official


Answer : C

Which regulation allows for whistleblowers to sue on behalf of the federal government?

  • A. NIST SP 800-53
  • B. NIST SP 800-171
  • C. False Claims Act
  • D. Code of Professional Conduct


Answer : C

Within how many days from the Assessment Final Recommended Findings Brief should the Lead Assessor and Assessment Team Members, if necessary, review the accuracy and validity of the OSC’s updated POA&M with any accompanying evidence or scheduled collections?

  • A. 90 days
  • B. 180 days
  • C. 270 days
  • D. 360 days


Answer : A

Ethics is a shared responsibility between:

  • A. DoD and CMMC-AB.
  • B. OSC and sponsors.
  • C. CMMC-AB and members of the CMMC Ecosystem.
  • D. members of the CMMC Ecosystem and Lead Assessors.


Answer : C

Which phase of the CMMC Assessment Process includes developing the assessment plan?

  • A. Phase 1
  • B. Phase 2
  • C. Phase 3
  • D. Phase 4


Answer : A

During Phase 4 of the Assessment process, what MUST the Lead Assessor determine and recommend to the C3PAO concerning the OSC?

  • A. Ability
  • B. Eligibility
  • C. Capability
  • D. Suitability


Answer : D

The CMMC Level 2 assessment methods include examination and can include:

  • A. documents, mechanisms, or activities.
  • B. specific hardware, software, or firmware safeguards employed within a system.
  • C. policies, procedures, security plans, penetration tests, and security requirements.
  • D. observation of system backup operations, exercising a contingency plan, and monitoring network traffic.


Answer : A

Who is responsible for ensuring that subcontractors have a valid CMMC Certification?

  • A. CMMC-AB
  • B. OUSD A&S
  • C. DoD agency or client
  • D. Contractor organization


Answer : D

When are data and documents with legacy markings from or for the DoD required to be re-marked or redacted?

  • A. When under the control of the DoD
  • B. When the document is considered secret
  • C. When a document is being shared outside of the organization
  • D. When a derivative document’s original information is not CUI


Answer : D

An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?

  • A. No, the work is not being done as stated.
  • B. Yes, the practice is being done as documented.
  • C. No, all three assessment methods must be met to pass.
  • D. Yes, the interview process is enough to pass a practice.


Answer : A

Which phase of the CMMC Assessment Process includes the task to identify, obtain inventory, and verify evidence?

  • A. Phase 1: Plan and Prepare Assessment
  • B. Phase 2: Conduct Assessment
  • C. Phase 3: Report Recommended Assessment Results
  • D. Phase 4: Remediation of Outstanding Assessment Issues


Answer : B

What is the MOST common purpose of assessment procedures?

  • A. Obtain evidence.
  • B. Define level of effort.
  • C. Determine information flow.
  • D. Determine value of hardware and software.


Answer : A

What are CUI protection responsibilities?

  • A. Shielding
  • B. Governing
  • C. Correcting
  • D. Safeguarding


Answer : D

Page:    1 / 14   
Exam contains 201 questions
Expand All

Talk to us!

Have any questions or issues ? Please dont hesitate to contact us

[email protected]

Certlibrary.com is owned by MBS Tech Limited: Room 1905 Nam Wo Hong Building, 148 Wing Lok Street, Sheung Wan, Hong Kong. Company registration number: 2310926
Certlibrary doesn't offer Real Microsoft Exam Questions. Certlibrary Materials do not contain actual questions and answers from Cisco's Certification Exams.
CFA Institute does not endorse, promote or warrant the accuracy or quality of Certlibrary. CFA® and Chartered Financial Analyst® are registered trademarks owned by CFA Institute.
Terms & Conditions | Privacy Policy | Amazon Exams | Cisco Exams | CompTIA Exams | Databricks Exams | Fortinet Exams | Google Exams | Microsoft Exams | VMware Exams