CMMC CCP Practice Exam Questions With Correct
Answers
What |is |a |CUI |Asset?
Asset |that |stores, |processes, |or |transmits |CUI
Examples: |Servers, |Printers, |Endpoints, |Cloud |Services, |ERP |Systems
Where |do |you |document |a |CUI |Asset?
Document |in |Asset |Inventory
Document |in |SSP
Document |in |Network |Diagram
What |practices |do |you |apply |to |a |CUI |Asset?
CMMC |Level |2
What |does |CMMC |stand |for?
Cybersecurity |Maturity |Model |Certification
How |many |controls |are |in |CMMC |L2?
110 |controls
What |impact |level |is |required |when |storing |CUI?
IL4
What |contract |clause |is |used |for |CMMC |L1?
FAR |52.204-21 |(17 |practices |in |total)
If |you |want |to |be |CMMC |L2 |compliant, |do |you |need |to |also |be |CMMC |L1 |compliant?
Yes
What |do |you |call |the |part |before |the |first |period |in |the |following |control? |AC.L1-3.1.1
Domain
What |do |you |call |the |part |after |the |first |period |in |the |following |control? |AC.L1-3.1.1
,Level
What |do |you |call |the |part |after |the |dash |in |the |following |control? |AC.L1-3.1.1
Security |Practice |Number
What |is |confidentiality?
Information |Access |and |disclosure |includes |means |for |protecting |personal |privacy |and |
proprietary |information.
What |is |file |integrity?
Stored |information |is |sufficiently |guarded |against |modification |or |destruction.
What |are |the |three |levels |of |FedRAMP?
Low
Moderate
High
What |is |reciprocity?
Privileges |granted |by |one |organization |to |another |for |mutual |benefit.
What |is |an |Assessment |Objective?
Identify |the |specific |items |being |assessed |and |can |include |specifications, |mechanism, |
activities, |and |individuals |to |receive |MET |for |the |practice |as |defined |in |NIST |SP |800-171A
Means |to |gain |detailed |insight |about |practices |implemented |in |and |by |the |OSC |and |how |those
|practices |are |performed
What |are |the |six |components |of |a |CMMC |practice?
1. |Identifier |and |Practice |Statement
2. |Assessment |Objectives
3. |Potential |Assessment |Methods |and |Objects
4. |Discussion
5. |Further |Discussion
6. |Key |References
What |is |an |Assessment |Procedure?
Consists |of |an |Assessment |Objective |and |a |set |of |potential |assessment |methods
What |is |an |Assessment |Method?
, *Examine
*Interview
*Test
The |nature |and |extent |of |the |Assessors |action
What |are |the |three |characteristics |of |FCI?
1. |Not |intended |for |public |release
2. |It |is |provided |by |or |for |the |government
3. |It |is |not |transactional |bidding |information |or |publicly |released |information
Is |all |CUI |considered |FCI?
Yes
What |is |a |Specialized |Asset |(SA)?
May |or |may |not |have |CUI |- |specialized |equipment |that |can't |be |updated
Example: |Government |Property, |Operational |Tech, |Test |Equipment, |CNC |Machine
What |three |places |do |you |need |to |document |an |SA?
Document |in |Asset |Inventory
Document |in |SSP
Document |in |Network |Diagram
What |is |a |specialized |asset |assessed |against |in |L2?
Assessed |against |CA.L2-3.12.4 |(The |SSP)
What |is |a |Security |Protection |Asset |(SPA) |for |CUI?
Assets |that |provide |security |functions |or |capabilities |to |the |contractor's |CMMC |Assessment |
Scope
Support |CMMC |Compliance |state
Answers
What |is |a |CUI |Asset?
Asset |that |stores, |processes, |or |transmits |CUI
Examples: |Servers, |Printers, |Endpoints, |Cloud |Services, |ERP |Systems
Where |do |you |document |a |CUI |Asset?
Document |in |Asset |Inventory
Document |in |SSP
Document |in |Network |Diagram
What |practices |do |you |apply |to |a |CUI |Asset?
CMMC |Level |2
What |does |CMMC |stand |for?
Cybersecurity |Maturity |Model |Certification
How |many |controls |are |in |CMMC |L2?
110 |controls
What |impact |level |is |required |when |storing |CUI?
IL4
What |contract |clause |is |used |for |CMMC |L1?
FAR |52.204-21 |(17 |practices |in |total)
If |you |want |to |be |CMMC |L2 |compliant, |do |you |need |to |also |be |CMMC |L1 |compliant?
Yes
What |do |you |call |the |part |before |the |first |period |in |the |following |control? |AC.L1-3.1.1
Domain
What |do |you |call |the |part |after |the |first |period |in |the |following |control? |AC.L1-3.1.1
,Level
What |do |you |call |the |part |after |the |dash |in |the |following |control? |AC.L1-3.1.1
Security |Practice |Number
What |is |confidentiality?
Information |Access |and |disclosure |includes |means |for |protecting |personal |privacy |and |
proprietary |information.
What |is |file |integrity?
Stored |information |is |sufficiently |guarded |against |modification |or |destruction.
What |are |the |three |levels |of |FedRAMP?
Low
Moderate
High
What |is |reciprocity?
Privileges |granted |by |one |organization |to |another |for |mutual |benefit.
What |is |an |Assessment |Objective?
Identify |the |specific |items |being |assessed |and |can |include |specifications, |mechanism, |
activities, |and |individuals |to |receive |MET |for |the |practice |as |defined |in |NIST |SP |800-171A
Means |to |gain |detailed |insight |about |practices |implemented |in |and |by |the |OSC |and |how |those
|practices |are |performed
What |are |the |six |components |of |a |CMMC |practice?
1. |Identifier |and |Practice |Statement
2. |Assessment |Objectives
3. |Potential |Assessment |Methods |and |Objects
4. |Discussion
5. |Further |Discussion
6. |Key |References
What |is |an |Assessment |Procedure?
Consists |of |an |Assessment |Objective |and |a |set |of |potential |assessment |methods
What |is |an |Assessment |Method?
, *Examine
*Interview
*Test
The |nature |and |extent |of |the |Assessors |action
What |are |the |three |characteristics |of |FCI?
1. |Not |intended |for |public |release
2. |It |is |provided |by |or |for |the |government
3. |It |is |not |transactional |bidding |information |or |publicly |released |information
Is |all |CUI |considered |FCI?
Yes
What |is |a |Specialized |Asset |(SA)?
May |or |may |not |have |CUI |- |specialized |equipment |that |can't |be |updated
Example: |Government |Property, |Operational |Tech, |Test |Equipment, |CNC |Machine
What |three |places |do |you |need |to |document |an |SA?
Document |in |Asset |Inventory
Document |in |SSP
Document |in |Network |Diagram
What |is |a |specialized |asset |assessed |against |in |L2?
Assessed |against |CA.L2-3.12.4 |(The |SSP)
What |is |a |Security |Protection |Asset |(SPA) |for |CUI?
Assets |that |provide |security |functions |or |capabilities |to |the |contractor's |CMMC |Assessment |
Scope
Support |CMMC |Compliance |state
