Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search Store documents

The best documents sold by students who completed their studies

Search through all study resources
Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

University Rankings

Discover the best universities in your country according to Docsity users

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

From our blog

Exams and Study
Go to the blog

CMMC EXAM WITH 100% CORRECT ANSWER, Exams of Cybercrime, Cybersecurity and Data Privacy

London School of Hygiene & Tropical Medicine (LSHTM)Cybercrime, Cybersecurity and Data Privacy

CMMC EXAM WITH 100% CORRECT ANSWER

Typology: Exams

2023/2024

Available from 10/07/2024

DANTUTOR
DANTUTOR 🇬🇧

62 documents

1 / 8

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
CMMC
1. Which statement is true?
a. FAR implements and supplements the DFARS and defines additional requirements
for safeguarding
b. DFARS implements and supplements FAR, which is the primary set of rules in the
FAR framework.
c. Far and DFARS are unified cybersecurity standards used by all nonfederal systems
and organizations that store FCI and CUI -
B
Which document describes the procedures used to asses the maturity level of the
processes and practices of the CMMC?
a. CMMC Assessment Guide Level 3
b. CMMC Assessment Methodology
c. CMMC model -
B
Amy is a CMMC-AB Certified professional that has participated in three ML-2
assessments this year. During The assessment, Amy supervised one of the new
Certified Assessors (CA). How do you describe this situation?
a) Acceptable, a CP is a prerequisite for the CA credential, so supervising other CA is
allowed
b) Unacceptable, a CP is neither authorized to participate in ML-2 assessments not
supervise other assessment team members.
c) Unacceptable, a CP is only authorized to participate as an assessment team member
under supervision of the of a CA -
C
ASO is an American Company that supplies communications, intelligence and
surveillance systems to the department of defense. They have implemented all CMMC
Level 3 requirements. Who do ASO need to contact to issue an assessment request?
a) An organization seeking certification (OSC)
b) A third part assessor (C3PAO)
c) A registered provider organization -
B
To whom should the assessment results be submitted after conducting a CMMC level 4
Assessment?
a) Certified Quality Auditors
b) Licensed Partner Publishers
c) Certified Instructors -
A
What is the role of Licensed Training providers LTP in the CMMC-AB ecosystem?
pf3
pf4
pf5
pf8

Partial preview of the text

Download CMMC EXAM WITH 100% CORRECT ANSWER and more Exams Cybercrime, Cybersecurity and Data Privacy in PDF only on Docsity!

CMMC

  1. Which statement is true? a. FAR implements and supplements the DFARS and defines additional requirements for safeguarding b. DFARS implements and supplements FAR, which is the primary set of rules in the FAR framework. c. Far and DFARS are unified cybersecurity standards used by all nonfederal systems and organizations that store FCI and CUI - B Which document describes the procedures used to asses the maturity level of the processes and practices of the CMMC? a. CMMC Assessment Guide Level 3 b. CMMC Assessment Methodology c. CMMC model - B Amy is a CMMC-AB Certified professional that has participated in three ML- assessments this year. During The assessment, Amy supervised one of the new Certified Assessors (CA). How do you describe this situation? a) Acceptable, a CP is a prerequisite for the CA credential, so supervising other CA is allowed b) Unacceptable, a CP is neither authorized to participate in ML-2 assessments not supervise other assessment team members. c) Unacceptable, a CP is only authorized to participate as an assessment team member under supervision of the of a CA - C ASO is an American Company that supplies communications, intelligence and surveillance systems to the department of defense. They have implemented all CMMC Level 3 requirements. Who do ASO need to contact to issue an assessment request? a) An organization seeking certification (OSC) b) A third part assessor (C3PAO) c) A registered provider organization - B To whom should the assessment results be submitted after conducting a CMMC level 4 Assessment? a) Certified Quality Auditors b) Licensed Partner Publishers c) Certified Instructors - A What is the role of Licensed Training providers LTP in the CMMC-AB ecosystem?

a) Deliver the CMMC-AB training to participants through certified instructors. b) Develop the CMMC-AB training courses and certification exams c) Offer consultancy services doe assessment preparation through certified assessors. - A How should GCraft Inc's processes be if the company wants to implement CMMC level 3? a) Reviewed b) Managed c) Optimizing - B What type of information is not addressed in CMMC levels? a) Classified Information b) Unclassified Information Federal Contract Information - A Company A is a federal agency that handles its critical energy infrastructure information, including banner format and mailing based on the: a) CMMC model b) CUI registry c) NIST SP 800-171 - B Educavo is an accredited Licensed Training Provider (LTP) that delivers training services through CMMC-AB certified individuals. The same individuals also participate in certified assessment teams. Which practice of the CMMC-AB Code of Professional Conduct (CoPC) is violated here? a) Professionalism b) Confidentiality c) Lawful and ethical practices - A Under no circumstances are credentialed or registered individuals permitted to conduct a certified assessment, or participate on a certified assessment team, if they have also served as a consultant to prepare the organization for that assessment. Consulting is defined as "providing direct assistance to the creation of processes, training, and technology required to meet the intent of CMMC controls and processes."

  1. CMMC-AB CoPC practices are (1)___________ and include professionalism, confidentiality, and (2)_____________ a) (1) Optional requirements (2) objectivity b) (1) Guiding Expectations (2) Proper use of methods c) (1) Mandatory requirements (2) respect for intellectual Property -
  1. Among others, the implementation of which of the following practices is required by CMMC level 2? a) AU.2.042 and AC.3. b) AC.1.003 and AC.2. c) AM.4.023 and AM.3.045 - B
  2. Mcalls is a contractor of the US federal Government which handles FCI through the supply chain. As such, what access control requirements do they need to meet? a) Limit connections to and use of external information systems b) Limit use of non-privileged accounts when accessing publicly accessible information systems. c) Limit information system access via managed access control points. - A
  3. Maturity Processes are not assessed at ML 1 because CMMC level 1 practices: a) Are only performed b) Safeguard FCI c) Are not based on NIST SP 800-171 - A
  4. After implementing all the 156 practices required by level 4, Company X performed documented and managed the CMMC processes. Based on these activities, does Company X achieve CMMC level 4 process maturity. a) Yes, requirements of CMMC process maturity for level 4 are achieved b) No, practices should also be planned c) No, Practices should also be reviewed. - C
  5. Company ABC, needs to fulfill the requirements for CMMC level 3. Based on this which of the following configuration management (CM) practices should the company implement. a) CA.3.161 Monitor security controls on an ongoing basis to ensure that their configuration in appropriate. b) CM.3.069 Apply deny-by-exception (Blacklisting) policy to prevent the use of unauthorized software. c) CM.3.124 Control access to information systems by employing application whitelisting - B 23.Which option is a practice of identification and authentication (IA), domain, process maturity level 2? a) Identify unauthorized use of organizational systems b) Require multifactor authentication to establish non local maintenance sessions via external network connections.

c) Enhance a minimum password complexity and change of characters when new passwords are created. - C

  1. By Implementing the system and information integrity (SI) practices of level 1, an organization does not comply with FAR clause 52.204-21 requirements for SI, is this statement correct? a) Yes, because the CMMC level 1 practices are equivalent to all safeguarding requirements of FAR, Clause 52.204-21. b) No, because practices of SI are not addressed in CMMC level 1 c) No, because FAR, clause 52.204-21 has no requirements related to SI. - A
  2. A DoD contractor has defined procedures for handling CUI data. Which practice have they implemented? a) AM.3.036 practice of the asset management (AM)domain b) CM.4.073 practice of the configuration management (CM) domain c) MA.5.024 practice of the access control (AC) domain - A
  3. What does CMMC process maturity level 3 require organizations to do? a) Review and measure the effectiveness of the practices b) Control and standardize the implementation of the practices c) Establish, maintain and resource a plan to address the CMMC activities. - C
  4. TechX has conducted screening procedures for all its personel, as required by the DMMD practices. Did TechX implemented all practices of personel security (PS) domain in this case? a) Yes, the personnel security (PS) domain includes only one capability, personnel screening b) No, the protection of CUI during and after personnel actions such as terminations and traders should also be removed. c) No, implementing a screening process is a requirement of the physical protection (PE) domain. - B
  5. How does the situational awareness (SA) domain help organizations make risk- based decisions? a) By implementing threat monitoring b) By identifying and controlling systems and communications that handle CUI c) By eliminating single points of failure. - A 29.What should and organization do to meet the requirements of maintenance (MA) domain?
  1. Which phase of the CMMC assessment process includes assessment methods such as interviews and -----? a) Phase 1: Plan and prepare assessment b) Phase 2: Conduct assessment c) Phase 3: Report recommended assessment results - B
  2. Which of the following is not the responsibility of a certified assessor during the CMMC assessment process? a) Presenting the final recommended CMMC level rating to the organization seeking certification. b) Developing the assessment plan based on the identified risk sources c) Performing the final quality review of the assessment results. - A
  3. What should an organization do to fulfill the CMMC level 3 requirements regarding the system and information integrity? a) Use threat indicator information relevant to the information and system being protected and effective..... organizations to inform intrusion detection and threat hunting, b) Analyze system behavior to detect and mitigate the execution of normal system commands and monitor individuals and system components on an ongoing basis for anomalous behavior. c) Employ spam protection mechanisms, update malicious code protection mechanisms when new releases are available and mask system securities alerts and advisories - C
  4. Which of the following is a requirement of CMMC level 4 security assessment (CA) domain? a) Conduct penetration testing periodically b) Establish a cyber threat hunting capability c) Automate the analysis of audit logs - A
  5. CMMC requires from organizations to perform unannounced operational exercises as part of the_______. a) CMMC level 5 incident response practices b) CMMC level 3 incident response practices c) CMMC level 4 risk management practices - A
  6. What should an organization employ to fulfill the asset management (AM) requirements of CMMC level 4? a) A capability to discover and identify systems with specific component attributes withing its inventory b) Cryptographic mechanisms to protect the confidentiality of remote sessions

c) A monitoring system to record packets passing through the internet network boundaries. - A

  1. By identifying assets that do not report audit logs and assuring that appropriate organizationally defined systems are logging the organization implements the audit and accountability (AU) practice required to achieve. a) Level 5: Advanced/progressive level b) Level 4: Proactive level c) Level 3: Good Cyber Hygiene level - A