CMMC-CCA 무료 덤프문제 온라인 액세스

Both FCI and CUI are stored by an OSC on the same network. Server A contains file shares with FCI, and Server B contains file shares with CUI. The OSC hopes each server would only undergo the assessment for the classification of data it contains. What is the MOST correct assessment situation in this scenario?

• A.Due to the presence of CUI on the network, a Level 2 certification is required for the network
• B.The network must be segmented to separate FCI from CUI before any assessments can be conducted
• C.Due to the presence of FCI on the network, only a Level 1 self-assessment is required for the network
• D.Server A may undergo a Level 1 self-assessment, while Server B must obtain a Level 2 certification

A company has a firewall to regulate how data flows into and out of its network. Based on an interview with their IT staff, all connections to their systems are logged, and suspicious traffic generates alerts. Examination of which artifact should give the CCA the details on how these are implemented?

• A.Physical access logs
• B.Boundary protection procedures
• C.Configuration management policy
• D.Account management document

A Lead Assessor is preparing to conduct a Level 2 Assessment for an OSC. The assessor already determined the assessment scope and systems included. In addition, the assessor requests:
* Results of the most recent OSC self-assessment or any pre-assessments by an RPO,
* The System Security Plan (SSP), and
* A list of all OSC staff who play a role in in-scope procedures.
Based on this information, which item would the assessor MOST LIKELY request when preparing to conduct a Level 2 Assessment?

• A.A list of objectives
• B.A manual for each system
• C.A preliminary list of the anticipated evidence
• D.A list of assets that are determined to be out-of-scope

A company is undergoing a CMMC Level 2 Assessment. The Assessment Team is planning and preparing the assessment. Who is responsible for identifying methods, techniques, and responsibilities for collecting, managing, and reviewing evidence?

• A.C3PAO Quality Oversight Manager
• B.Lead Assessor
• C.CMMC Quality Assurance Professional
• D.Assessment Team Member

An OSC is a wholly owned subsidiary of a large conglomerate (parent organization). The OSC and the parent organization use ID badges (PKI cards) that contain a PKI certificate and a radio frequency identification (RFID) tag used for building and system access (including systems that process, transmit, or store CUI). The parent organization does not make any decisions on how the OSC runs its security program or other matters of significance. The large conglomerate operates a machine that is used to activate the badges for both itself and the OSC. This machine is isolated in a locked room and has no network connectivity to the OSC.
The badge activation system is:

• A.In-scope because the OSC is part of the large conglomerate and thus any CMMC requirements of the OSC are imputed onto the large conglomerate.
• B.In-scope because the parent organization acts as an External Service Provider to the OSC by providing PKI cards.
• C.Out-of-scope because the badge activation machine is physically and logically isolated from the OSC and it is under the control of the parent organization.
• D.Out-of-scope because the OSC is the one that assigns the appropriate access to a particular PKI card.