Question 1

A contractor allows for the use of mobile devices in contract performance. Some employees access designs and specifications classified as CUI on such devices like tablets and smartphones. After assessing AC.L2-3.1.18 ? Mobile Device Connection, you find that the contractor maintains a meticulous record of mobile devices that connect to its information systems. AC.L2.3.1.19 ? Encrypt CUI on Mobile, requires that the contractor implements measures to encrypt CUI on mobile devices and mobile computing platforms. The contractor uses device-based encryption where all the data on a mobile device is encrypted. Which of the following is a reason why would you recommend container-based over full-device-based encryption?

Options :

A : Container-based encryption offers granular control over sensitive data, improves device performance by encrypting selectively, and enhances security in Bring-Your-Own-Device (BYOD) environments

B : Container-based encryption is more cost-effective

C : It is more user-friendly and easier to deploy on a large scale.

D : Full-device encryption is not compatible with modern mobile operating systems.

Answer: A

Question 2

You are part of an Assessment Team that has just completed a CMMC assessment for an OSC. The assessment is deemed complete after the CMMC results and artifacts are uploaded to the CMMC eMASS system. You overhear one of the CCAs chatting with their friends about how sloppily the OSC categorized their evidence. They even share some information about the assessor's network designs. Based on this scenario, which of the following statements is true?

Options :

A : The CCA has violated the confidentiality principle of the CoPC

B : The CCA is well within their rights to express their feelings

C : The CCA has failed to use materials and methods properly

D : The CCA is not behaving objectively

Answer: A

Question 3

During an interview with network administrators responsible for managing remote access, they mentioned using a next-generation firewall (NGFW) to secure the VPN connection, which can inspect remote device configurations and identify signs of potential split tunneling. How can the functionality of this NGFW contribute to achieving the objectives of CMMC practice SC.L2-3.13.7-Split Tunneling?

Options :

A : By detecting and potentially blocking remote device connections that exhibit signs of split tunneling.

B : By automatically reconfiguring remote devices to disable split tunneling.

C : By encrypting all traffic on the local network, the system can prevent unauthorized access even if split tunneling occurs.

D : By creating a centralized repository of allowed split-tunnel configurations for different user groups.

Answer: A

Question 4

Members of the CMMC ecosystem take due care to ensure that privileged information gathered during assessments or consulting remains private, even after the work engagement has ended. Which CoPC practice is described in this scenario?

Options :

A : Lawful and ethical practices

B : Information integrity

C : Confidentiality

D : Adherence to materials and methods

Answer: C

Question 5

You were the Lead Assessor on a team that conducted a CMMC assessment for an OSC that passed and earned a CMMC L2 Certification. Meeting this requirement, the OSC bid on and won a DoD contract. However, a rival company disputes the OSC's CMMC certification status in court. As part of the evidence, the court has directed you to release the assessment results and any evidence you might have relied on to arrive at the assessment results.Based on the CoPC, what action should you take in this situation?

Options :

A : Release the assessment results only after obtaining written permission from the OSC being assessed

B : Release the assessment results

C : Do not release the assessment results under any circumstances

D : Release only a summary of the assessment results

Answer: B