Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA Exam Questions
QUESTION NO: 1
In order to perform an interview, the Lead Assessor MUST ensure interview questions are:
In order to perform an interview, the Lead Assessor MUST ensure interview questions are:
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 2
A Lead Assessor is conducting an assessment for an OSC. The OSC is currently using doors and badge access to limit access to private areas of their campus to only authorized personnel. Which item is another means of controlling physical access to areas that contain CUI?
A Lead Assessor is conducting an assessment for an OSC. The OSC is currently using doors and badge access to limit access to private areas of their campus to only authorized personnel. Which item is another means of controlling physical access to areas that contain CUI?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 3
FIPS-validated cryptography is required to meet CMMC practices that protect CUI when transmitted or stored outside the OSC's CMMC enclave. What source does the CCA use to verify that the cryptography the OSC has implemented is FIPS-validated?
FIPS-validated cryptography is required to meet CMMC practices that protect CUI when transmitted or stored outside the OSC's CMMC enclave. What source does the CCA use to verify that the cryptography the OSC has implemented is FIPS-validated?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 4
During an assessment, the OSC IT security team provided documentation on how they use replay-resistant authentication to protect CUI. What can be used as a replay-resistant mechanism?
During an assessment, the OSC IT security team provided documentation on how they use replay-resistant authentication to protect CUI. What can be used as a replay-resistant mechanism?
Correct Answer: C
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 5
While examining evidence, a CCA is trying to confirm the claim that the OSC has identified all information system users, processes acting on behalf of users, and all devices.
Which of the following provides the STRONGEST evidence of this practice?
While examining evidence, a CCA is trying to confirm the claim that the OSC has identified all information system users, processes acting on behalf of users, and all devices.
Which of the following provides the STRONGEST evidence of this practice?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 6
AC.L2-3.1.6: Non-Privileged Account Use is being assessed. Which procedure BEST meets all of the standards for non-privileged account use?
AC.L2-3.1.6: Non-Privileged Account Use is being assessed. Which procedure BEST meets all of the standards for non-privileged account use?
Correct Answer: D
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 7
What is NOT required for the Lead Assessor to confirm when verifying readiness to conduct an assessment?
What is NOT required for the Lead Assessor to confirm when verifying readiness to conduct an assessment?
Correct Answer: A
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 8
A Lead Assessor is preparing to conduct a Level 2 Assessment for an OSC. During the planning phase, the Lead Assessor and OSC have:
* Developed evidence collection approach;
* Identified the team members, resources, schedules, and logistics;
* Identified and managed conflicts of interest;
* Gained access to the OSC's relevant documentation.
Based on the information provided, which would be an additional element to be discussed during the planning phase of the assessment?
A Lead Assessor is preparing to conduct a Level 2 Assessment for an OSC. During the planning phase, the Lead Assessor and OSC have:
* Developed evidence collection approach;
* Identified the team members, resources, schedules, and logistics;
* Identified and managed conflicts of interest;
* Gained access to the OSC's relevant documentation.
Based on the information provided, which would be an additional element to be discussed during the planning phase of the assessment?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
QUESTION NO: 9
A company employs an encrypted VPN to enhance confidentiality over remote connections. The CCA reads a document describing the VPN. It states the VPN allows automated monitoring and control of remote access sessions, helps detect cyberattacks, and supports auditing of remote access to ensure compliance with CMMC requirements.
What document is the CCA MOST LIKELY reviewing to see how these VPNs are controlled and monitored?
A company employs an encrypted VPN to enhance confidentiality over remote connections. The CCA reads a document describing the VPN. It states the VPN allows automated monitoring and control of remote access sessions, helps detect cyberattacks, and supports auditing of remote access to ensure compliance with CMMC requirements.
What document is the CCA MOST LIKELY reviewing to see how these VPNs are controlled and monitored?
Correct Answer: B
Explanation: Only visible for Pass4Test members. You can sign-up / login (it's free).
