Question 1

Ethics is a shared responsibility between:

Options :

A : DoD and CMMC-AB.

B : OSC and sponsors.

C : CMMC-AB and members of the CMMC Ecosystem.

D : members of the CMMC Ecosystem and Lead Assessors.

Answer: C

Question 2

The CMMC Level 2 assessment methods include examination and can include:

Options :

A : documents, mechanisms, or activities.

B : specific hardware, software, or firmware safeguards employed within a system.

C : policies, procedures, security plans, penetration tests, and security requirements.

D : observation of system backup operations, exercising a contingency plan, and monitoring network traffic.

Answer: C

Question 3

In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?

Options :

A : In scope, because it is an asset that stores FCI

B : In scope, because it is part of the same physical location

C : Out of scope, because they are all only paper documents

D : Out of scope, because it does not process or transmit FCI

Answer: A

Question 4

A contractor provides services and data to the DoD. The transactions that occur to handle FCI take place over the contractor's business network, but the work is performed on contractor-owned systems, which must be configured based on government requirements and are used to support a contract. What type of Specialized Asset are these systems?

Options :

A : loT

B : Restricted IS

C :

Test equipment

D : Government property

Answer: B

Question 5

An OSC receives an email with "CUI//SP-PRVCY//FED Only" in the body of the message Which organization's website should the OSC go to identify what this marking means?

Options :

A : NARA

B : CMMC-AB

C : DoD Contractors FAQ page

D : DoD 239.7601 Definitions page

Answer: A

Smartly Prepare Exam with Free Online CMMC-CCP Practice Test

Buying Options: