Free Access CyberAB.CMMC-CCA.v2025-11-28.q157 Practice Test (Page 12)

Question 51

A CCA is conducting a CMMC assessment and notices that the OSC's evidence includes screenshots of system configurations that are not dated. The OSC claims the screenshots are current. How should the CCA proceed?

A.Accept the screenshots as evidence since the OSC claims they are current.

B.Document the lack of dates as an evidence gap and request additional verification of currency.

C.Reject the screenshots and score the related practice as "NOT MET."

D.Ask the OSC to recreate the screenshots with current dates during the assessment.

Question 52

You have been sent to assess an OSC's implementation of CMMC practices, one of which is AC.L2-3.1.11 - Session Termination. In assessing the contractor's implementation of AC.L2-3.1.11, you'll likely need to examine the following specifications, EXCEPT?

A.Mechanisms for implementing user session termination

B.The access control policy

C.The session termination policy

D.System security plan

Question 53

After completing a CMMC assessment, the OSC should hash all the evidence artifacts in accordance with the CMMC Artifact Hashing Tool User Guide. However, you have just realized that this requirement was not fulfilled, and the OSC Assessment Official cannot be reached to confirm it was done. To avoid any issues, you quickly complete this step and later inform the OSC Assessment Official. Which CoPC principle have you just violated by hashing the evidence artifacts in place of the OSC?

A.Professionalism

B.Confidentiality

C.Objectivity

D.Information Integrity

Question 54

During an assessment, the OSC was found to have implemented 68% of CMMC practice SC.L2-3.13.11 - CUI Encryption. However, the OSC Assessment Official cited issues with the vendor for not fully implementing the practice. Nonetheless, it has been listed in their POA&M. Which of the following is true regarding the use of a POA&M during a CMMC assessment?

A.A POA&M addressing unimplemented security requirements is not a substitute for a completed CMMC practice

B.A POA&M can be used as evidence of full implementation for any unimplemented CMMC practices

C.If a practice is listed in the POA&M, it is considered fully implemented during the assessment

D.Assessors are required to accept any POA&M as evidence of implementation for partially implemented practices

Question 55

A contractor allows for the use of mobile devices in contract performance. Some employees access designs and specifications classified as CUI on such devices like tablets and smartphones. After assessing AC.L2-
3.1.18 - Mobile Device Connection, you find that the contractor maintains a meticulous record of mobile devices that connect to its information systems. AC.L2-3.1.19 - Encrypt CUI on Mobile, requires that the contractor implements measures to encrypt CUI on mobile devices and mobile computing platforms. The contractor uses device-based encryption where all the data on a mobile device is encrypted. Which of the following personnel should you interview to determine how well the contractor has implemented AC.L2-
3.1.19 - Encrypt CUI on Mobile?

A.Executives in the company

B.Personnel with access control responsibilities for mobile devices

C.IT helpdesk staff who troubleshoot basic mobile device issues

D.Staff in the Human Resources department

Latest Upload: 119Talend.Talend-Core-Developer.v2026-01-15.q20; 150Salesforce.Marketing-Cloud-Administrator.v2026-01-15.q146; 202Salesforce.ADX-211.v2026-01-14.q223; 121Salesforce.B2B-Solution-Architect.v2026-01-14.q111; 128BICSI.RCDD.v2026-01-14.q121; 119NBMTM.BCMTMS.v2026-01-14.q33; 126Microsoft.GH-200.v2026-01-13.q64; 145SAP.C_C4HCX_2405.v2026-01-13.q80; 154Microsoft.GH-300.v2026-01-13.q69; 140Microsoft.GH-100.v2026-01-12.q22

Question 51

Question 52

Question 53

Question 54

Question 55

Download PDF File