Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

Certified CMMC Professional (CCP), Exams of Cybercrime, Cybersecurity and Data Privacy

London School of Hygiene & Tropical Medicine (LSHTM)Cybercrime, Cybersecurity and Data Privacy

Detailed information about the certified cmmc professional (ccp) certification, including the roles and responsibilities of the cmmc accreditation body (ab), the requirements to become a cmmc certified instructor, the proper handling of code of professional conduct (copc) violations, and the assessment process for cmmc certification. It covers key topics such as controlled unclassified information (cui), the cmmc model and its appendices, the dfars 252.204-7012 regulation, and the assessment phases and roles involved in the cmmc certification process. The document aims to equip professionals with the knowledge and skills necessary to navigate the cmmc certification landscape effectively.

Typology: Exams

2023/2024

Available from 10/07/2024

DANTUTOR
DANTUTOR 🇬🇧

62 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Certified CMMC Professional (CCP)
Which of the following is NOT a function of the CMMC Accreditation Body (AB)? -
Perform assessments or consulting to Organizations Seeking Certification
(OSC)
Which of the following is required to become a CMMC Certified Instructor who teaches
CMMC Certified Assessor (CCA) courses? -
DoD Tier 3 background check
What is the FIRST action you should take if you witness a Code of Professional
Conduct (COPC) violation? -
Privately request clarification or offer help to the violator
According to the CMMC AB, which of the following should you NOT do when using
methods properly? -
Make assertions about exam outcomes or assessments
Other than safeguarding CDI, which of the following is NOT a requirement of DFARS
252.204-7012? -
Submit a compliance score to the SPRS
With respect to FEDRAMP, what does CIS stand for? -
Control Implementation Summary (CIS)
Which of the following is a CORRECT definition of Controlled Unclassified Information
(CUI)? -
Information that the Government creates or possesses, or that an entity
creates or possesses for or on behalf of the Government, that a law, regulation, or
Government-wide policy requires or permits an agency to handle using safeguarding or
dissemination controls.
What part of Title 32 CFR provides context for safeguarding CUI? -
2002
Which of the following is NOT an appendix to the CMMC Model Overview? -
Glossary
Which of the following control framework is NOT included in the CMMC Model's
Appendix B - Source Mapping? -
PCI DSS
What prompted the creation of the CUI program? -
Executive Order 13556
pf3
pf4
pf5

Partial preview of the text

Download Certified CMMC Professional (CCP) and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

Certified CMMC Professional (CCP)

Which of the following is NOT a function of the CMMC Accreditation Body (AB)? - Perform assessments or consulting to Organizations Seeking Certification (OSC) Which of the following is required to become a CMMC Certified Instructor who teaches CMMC Certified Assessor (CCA) courses? - DoD Tier 3 background check What is the FIRST action you should take if you witness a Code of Professional Conduct (COPC) violation? - Privately request clarification or offer help to the violator According to the CMMC AB, which of the following should you NOT do when using methods properly? - Make assertions about exam outcomes or assessments Other than safeguarding CDI, which of the following is NOT a requirement of DFARS 252.204-7012? - Submit a compliance score to the SPRS With respect to FEDRAMP, what does CIS stand for? - Control Implementation Summary (CIS) Which of the following is a CORRECT definition of Controlled Unclassified Information (CUI)? - Information that the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that a law, regulation, or Government-wide policy requires or permits an agency to handle using safeguarding or dissemination controls. What part of Title 32 CFR provides context for safeguarding CUI? - 2002 Which of the following is NOT an appendix to the CMMC Model Overview? - Glossary Which of the following control framework is NOT included in the CMMC Model's Appendix B - Source Mapping? - PCI DSS What prompted the creation of the CUI program? - Executive Order 13556

Which resource/ruling provides and defines the basic 15 controls that make up the 17 CMMC Level 1 practices? - FAR 52.204- What function does DODI 5200.48 and Part 2002 of Title 32 CFR serve? - Provides contractors and authorized holders responsibilities in handling CUI What is a government authority for identifying and marking CUI? - National Archives and Records Administration (NARA) Which of the following is a type of CUI? - Basic When analyzing CMMC practices, which of the following is an acceptable way to mark the status of an assessment objective? - Not-applicable During the pre-assessment phase, where is pre-assessment information uploaded to by the CMMC Quality Assurance Professional (CQAP)? - eMASS Using the DOD Assessment Methodology (DODAM), how many points are deducted for security requirements that could lead to significant exploitation of the network, or exfiltration of DoD CUI that are not met? - 5 How many practices must be met to move the OSC to the POA&M Close-Out Assessment option? - 88 The Assessment package must be submitted to the CQAP NLT __ Business Days from the Final Findings Briefing and uploaded to eMASS NLT __ Business Days from the Final Findings Briefing. - 10, 20 During the planning phase of an assessment, you have finished organizing and preparing assessment documents and templates. Which of the following would be the next step? - Ascertain assessment conditions and requirements Which of the following assessment phases may not be necessary? - Close-out POA&Ms and assessment Which of the following is NOT a role within a CMMC level 2 assessment? - DOD contract officer

OSC assessment official - responsible for overseeing the assessment process within the organization seeking certification. They may liaise with the lead assessor and ensure that the assessment activities align with the organization's goals and compliance objectives 7012 - 800-171 - compliance, cyber incident reporting, fedRAMP or equivalency, flowdown Phase 1 - Plan and Prepare Assessment -

  1. Validation criteria of OSC's assessment evidence
  2. Analyzing the CMMC practice requirements
  3. What needs to be included in a CMMC Assessment Plan
  4. The review Readiness Review Process Step one of Phase 1 - Validation criteria of OSC's assessment evidence Step two of Phase 1 - Analyzing the CMMC practice requirements Step three of Phase 1 - What needs to be included in a CMMC Assessment Plan Step four of Phase 1 - The CMMC Readiness Review Process Office of the Undersecretary of Defense -
  • cybersecurity standards and best practices and knowledge of how to map these controls and process across several levels that range from basic to advanced cyber hygiene
  • regulation (DFARS 252.204-7012) that is based on trust by adding a verification component with respect to cybersecurity requirements DFARS 252.204-7012 -
  • 72 hours to report
  • cyber incident reporting
  • flowdown to subcontractors
  • cloud service --> FEDRAMP
  • 7012-800-171 compliance Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) - a non-profit organization responsible for overseeing the implementation and administration of the CMMC program Organizations Seeking Clarification (OSC) - purpose, requirements, and benefits of OSC involvement in the ecosystem

CMMC Third-Party Assessment Organizations (C3PAO) - CCPs and CCAs