Question 1

Which domain has a practice requiring an organization to restrict, disable, or prevent the use of nonessential programs?

Options :

A : Access Control (AC)

B : Media Protection (MP)

C : Asset Management (AM)

D : Configuration Management (CM)

Answer: D

Question 2

Which term describes "the protective measures that are commensurate with the consequences and probability of loss, misuse, or unauthorized access to. or modification of information"?

Options :

A : Adopted security

B : Adaptive security

C : Adequate security

D : Advanced security

Answer: C

Question 3

An OSC has requested a C3PAO to conduct a Level 2 Assessment. The C3PAO has agreed, and the two organizations have collaborated to develop the Assessment Plan. Who agrees to and signs off on the Assessment Plan?

Options :

A : OSC and Sponsor

B : OSC and CMMC-AB

C : Lead Assessor and C3PAO

D : C3PAO and Assessment Official

Answer: C

Question 4

How does the CMMC define a practice?

Options :

A : A business transaction

B : A condition arrived at by experience or exercise

C : A series of changes taking place in a defined manner

D : An activity or activities performed to meet defined CMMC objectives

Answer: D

Question 5

When assessing an OSC for CMMC: the Lead Assessor should use the information from the Discussion and Further Discussion sections in each practice because it:

Options :

A : is normative for an OSC to follow.

B : contains examples that an OSC must implement.

C : is mandatory and aligns with FAR Clause 52.204-21.

D : provides additional information to facilitate the assessment of the practice.

Answer: D