Online Access Free CMMC-CCA Practice Test

An OSC seeking Level 2 certification is reviewing the physical security of their building. Currently, the building manager unlocks and locks the doors for business operations. The OSC would like the ability to automatically unlock the door for authorized personnel, track access individually, and maintain access history for all personnel. The BEST approach is for the OSC to:

• A.Maintain a list of authorized personnel and assign them a building key.
• B.Install a keypad system and require the entry code to be changed when an individual leaves the company.
• C.Maintain security cameras to continuously monitor access to the building.
• D.Install a badge system and require each individual to use their badge to gain entry to the building.

An OSC seeking Level 2 certification has recently configured system auditing capabilities for all systems within the assessment scope. The audit logs are generated based on the required events and contain the correct content that the organization has defined.
Which of the following BEST describes the next system auditing objective that the organization should define?

• A.Integration of all system audit logs
• B.Centralized audit log collection
• C.Retention requirements for audit records
• D.Review and update of logged events

While scoping the assessment, the assessor learns that the OSC uses various cloud-based solutions sporadically as part of its normal course of business. The OSC states that most business is conducted on- premises and that only a small amount of business uses the cloud. The OSC thinks the cloud is only used for system backups, but there are isolated exceptions.
Are the data provided sufficient to determine that the OSC limits connection to external information systems?

• A.No, the OSC stated most of its business is on-premises.
• B.Yes, the OSC confirmed that external connections occur.
• C.Yes, the OSC confirmed that external connections occur for system backups.
• D.No, the OSC did not fully define the extent external connections are used.

An assessor is assigned by the Lead Assessor to the pre-assessment template regarding evidence. There are several entries that include how the Assessment Team will identify, obtain, and inventory evidence. What else is required to determine readiness to conduct the assessment?

• A.Identify the scope of the OSC.
• B.Delineate observations by the Assessment Team.
• C.Delineate what is required to verify the evidence.
• D.Identify additional people to interview to gather more evidence.

An OSC creates standard user accounts with limited capabilities and administrator accounts with full system access. A standard user initiates the uninstall of the anti-virus software, which is organizationally defined as a privileged function. Which of the following would indicate AC.L2-3.1.7: Privileged Functions is properly implemented?

• A.The antivirus software is not uninstalled, and the attempt is captured in an application audit log.
• B.The antivirus software is not uninstalled.
• C.The antivirus software is successfully uninstalled.
• D.The antivirus software is successfully uninstalled, and the event is captured in an application audit log.