Online Access Free CMMC-CCA Practice Test

Phase 2 of the CMMC Assessment Process specifies that the Assessment Team shall generate the final recommended assessment results. The status and recommended scores of the implemented CMMC practices are collected throughout the assessment and are reviewed with the OSC during the final daily review.
What are the key sequential subphases that support the generation of final recommended assessment results?

• A.Determine final practice MET/NOT MET/NA results
  Validate OSC POA&M
  Create, finalize, and record recommended final findings
• B.Determine final practice MET/NOT MET/NA results
  Create, finalize, and record recommended final findings
  Resolve assessment findings disputes
• C.Create, finalize, and record recommended final findings
  Execute POA&M review
  Resolve assessment findings disputes
• D.Validate preliminary recommended findings and scores
  Resolve assessment findings disputes
  Submit, package, and archive assessment documentation

The Lead Assessor concludes that the OSC is not ready for the assessment. After the Readiness Assessment Review, the OSC and the Lead Assessor could choose to:

• A.Proceed as planned or reschedule the assessment.
• B.Replan or reschedule the assessment.
• C.Proceed as planned or cancel the assessment.
• D.Replan or cancel the assessment.

During an assessment, an assessor is trying to determine if the organization provides protection from malicious code at appropriate locations within organizational information systems. The assessor has decided to use the Interview method to gather evidence. It is BEST to interview:

• A.System developers
• B.Personnel with security alert and advisory responsibilities
• C.Personnel with audit and accountability responsibilities
• D.System or network administrators

During the Planning Phase of the Assessment Plan, the assessor determines that the Client will likely include sensitive and proprietary CUI. What should the assessor consider as part of their virtual data collection techniques for this information?

• A.The client and assessor should record the risks and mitigations to protect the CUI categories handled.
• B.The assessor should record the risks and mitigations to protect the CUI categories handled.
• C.The assessor is responsible for safeguarding the data during collection, not the client.
• D.The Client is responsible for safeguarding the data during collection, not the assessor.

Different mechanisms can be used to protect information at rest. Which mechanism is MOST LIKELY to afford protection for information at rest?

• A.File share
• B.Cryptographic mechanisms
• C.Patching
• D.Secure offline storage