CMMC-CCP無料問題集「Cyber AB Certified CMMC Professional (CCP)」

質問 1

In the CMMC Model, how many practices are included in Level 2?

（A）180 practices

（B）72 practices

（C）17 practices

（D）110 practices

正解：B 解答を投票する

質問 2

Which document is the BEST source for descriptions of each practice or process contained within the various CMMC domains?

（A）CMMC Assessment Process

（B）CMMC Assessment Guide Levels 1 and 2

（C）CMMC Glossary

（D）CMMC Appendices

正解：A 解答を投票する

質問 3

An assessor needs to get the most accurate answers from an OSC's team members. What is the BEST method to ensure that the OSC's team members are able to describe team member responsibilities?

（A）Let team members know the questions prior to the assessment.

（B）Understand that testing is more important that interviews.

（C）Ensure confidentiality and non-attribution of team members.

（D）Interview groups of people to get collective answers.

正解：C 解答を投票する

質問 4

Which NIST SP discusses protecting CUI in nonfederal systems and organizations?

（A）NIST SP 800-53

（B）NIST SP 800-171

（C）NIST SP 800-88

（D）NIST SP 800-37

正解：B 解答を投票する

質問 5

When assessing SI.L2-3.14.6: Monitor communications for attack, the CCA interviews the person responsible for the intrusion detection system and examines relevant policies and procedures for monitoring organizational systems. What would be a possible next step the CCA could conduct to gather sufficient evidence?

（A）Conduct a penetration test

（B）Interview the intrusion detection system's supplier.

（C）Upload known malicious code and observe the system response.

（D）Review an artifact to check key references for the configuration of the IDS or IPS practice for additional guidance on intrusion detection and prevention systems.

正解：D 解答を投票する

質問 6

In performing scoping, what should the assessor ensure that the scope of the assessment covers?

（A）All entities, regardless of the line of business, associated with the organization

（B）All assets processing, storing, or transmitting FCI/CUI and security protection assets

（C）All assets documented in the business plan

（D）All assets regardless if they do or do not process, store, or transmit FCI/CUI

正解：B 解答を投票する

質問 7

What is the LAST step when developing an assessment plan for an OSC?

（A）Obtain and record commitment to the assessment plan.

（B）Update the assessment plan and schedule as needed

（C）Perform certification assessment readiness review.

（D）Verify the readiness to conduct the assessment.

正解：A 解答を投票する

質問 8

A Level 2 Assessment of an OSC is winding down and the final results are being prepared to present to the OSC. When should the final results be delivered to the OSC?

（A）Either after approval from the C3PAO. or during a separately scheduled final recommended findings review

（B）Daily and during a final separately scheduled review

（C）At the end of every day of the assessment

（D）Either at the final Daily Checkpoint, or during a separately scheduled findings and recommendation review

正解：D 解答を投票する

質問 9

During a Level 2 Assessment, an OSC provides documentation that attests that they utilize multifactor authentication on nonlocal remote maintenance sessions. The OSC feels that they have met the controls for the Level 2 certification. What additional measures should the OSC perform to fully meet the maintenance requirement?

（A）The nonlocal maintenance personnel complain that restrictions slow down their response time and should be removed.

（B）Connections for nonlocal maintenance sessions should be unlimited to ensure maintenance is performed properly

（C）The maintenance policy states multifactor authentication must have at least two factors applied for nonlocal maintenance sessions.

（D）Connections for nonlocal maintenance sessions should be terminated when maintenance is complete.

正解：D 解答を投票する

質問 10

Which assessment method compares actual-specified conditions with expected behavior?

（A）Compile

（B）Examine

（C）Test

（D）Interview

正解：C 解答を投票する

CMMC-CCP 無料問題集「Cyber AB Certified CMMC Professional (CCP)」

弊社を連絡する

関連リンク

トップ試験