Month End Special Sale - 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dm70dm

CMMC-CCP Certified CMMC Professional (CCP) Exam Questions and Answers

Questions 4

Which resource contains authoritative data classifications of CUI?

Options:

A.

NARA

B.

CMMC-AB

C.

DoD Contractors FAQ

D.

OSC's privacy policies

Buy Now
Questions 5

During a CMMC readiness review, the OSC proposes that an associated enclave should not be applicable in the scope. Who is responsible for verifying this request?

Options:

A.

CCP

B.

C3PAO

C.

Lead Assessor

D.

Advisory Board

Buy Now
Questions 6

Prior to conducting a CMMC Assessment, the contractor must specify the CMMC Assessment scope by categorizing all assets. Which two asset categories are always assessed against CMMC practices?

Options:

A.

CUI Assets and Specialized Assets

B.

Security Protection Assets and CUI Assets

C.

Specialized Assets and Contractor Risk Managed Assets

D.

Security Protection Assets and Contractor Risk Managed Assets

Buy Now
Questions 7

Exercising due care to ensure the information gathered during the assessment is protected even after the engagement has ended meets which code of conduct requirement?

Options:

A.

Availability

B.

Confidentiality

C.

Information Integrity

D.

Respect for Intellectual Property

Buy Now
Questions 8

Which standard and regulation requirements are the CMMC Model 2.0 based on?

Options:

A.

NIST SP 800-171 and NIST SP 800-172

B.

DFARS, FIPS 100,and NIST SP 800-171

C.

DFARS, NIST, and Carnegie Mellon University

D.

DFARS, FIPS 100, NIST SP 800-171,and Carnegie Mellon University

Buy Now
Questions 9

When scoping a Level 2 assessment, which document is useful for understanding the process to successfully implement practices required for the various Levels of CMMC?

Options:

A.

NISTSP 800-53

B.

NISTSP 800-88

C.

NISTSP 800-171

D.

NISTSP 800-172

Buy Now
Questions 10

In performing scoping, what should the assessor ensure that the scope of the assessment covers?

Options:

A.

All assets documented in the business plan

B.

All assets regardless if they do or do not process, store, or transmit FCI/CUI

C.

All entities, regardless of the line of business, associated with the organization

D.

All assets processing, storing, or transmitting FCI/CUI and security protection assets

Buy Now
Questions 11

Which NIST SP discusses protecting CUI in nonfederal systems and organizations?

Options:

A.

NIST SP 800-37

B.

NIST SP 800-53

C.

NIST SP 800-88

D.

NIST SP 800-171

Buy Now
Questions 12

During Phase 4 of the Assessment process, what MUST the Lead Assessor determine and recommend to the C3PAO concerning the OSC?

Options:

A.

Ability

B.

Eligibility

C.

Capability

D.

Suitability

Buy Now
Questions 13

An OSC receives an email with "CUI//SP-PRVCY//FED Only" in the body of the message Which organization's website should the OSC go to identify what this marking means?

Options:

A.

NARA

B.

CMMC-AB

C.

DoD Contractors FAQ page

D.

DoD 239.7601 Definitions page

Buy Now
Questions 14

Before submitting the assessment package to the Lead Assessor for final review, a CCP decides to review the Media Protection (MP) Level 1 practice evidence to ensure that all media containing FCI are sanitized or destroyed before disposal or release for reuse. After a thorough review, the CCP tells the Lead Assessor that all supporting documents fully reflect the performance of the practice and should be accepted because the evidence is:

Options:

A.

official.

B.

adequate.

C.

compliant.

D.

subjective.

Buy Now
Questions 15

In scoping a CMMC Level 1 Self-Assessment, all of the computers and digital assets that handle FCI are identified. A file cabinet that contains paper FCI is also identified. What can this file cabinet BEST be determined to be?

Options:

A.

In scope, because it is an asset that stores FCI

B.

In scope, because it is part of the same physical location

C.

Out of scope, because they are all only paper documents

D.

Out of scope, because it does not process or transmit FCI

Buy Now
Questions 16

An Assessment Team is reviewing a practice that is documented and being checked monthly. When reviewing the logs, the practice is only being completed quarterly. During the interviews, the team members say they perform the practice monthly but only document quarterly. Is this sufficient to pass the practice?

Options:

A.

No, the work is not being done as stated.

B.

Yes,the practice is being done as documented.

C.

No, all three assessment methods must be met to pass.

D.

Yes. the interview process is enough to pass a practice.

Buy Now
Questions 17

While developing an assessment plan for an OSC. it is discovered that the certified assessor will be interviewing a former college roommate. What is the MOST correct action to take?

Options:

A.

Do not inform the OSC and the C3PAO of the possible conflict of interest, and continue as planned.

B.

Inform the OSC and the C3PAO of the possible conflict of interest, and start the entire process over without the conflicted team member.

C.

Inform the OSC and the C3PAO of the possible conflict of interest but since it has been an acceptable amount of time since college, no conflict of interest exists, and continue as planned.

D.

Inform the OSC and the C3PAO of the possible conflict of interest, document the conflict and mitigation actions in the assessment plan, and if the mitigation actions are acceptable, continue with the assessment.

Buy Now
Questions 18

An OSC has submitted evidence for an upcoming assessment. The assessor reviews the evidence and determines it is not adequate or sufficient to meet the CMMC practice. What can the assessor do?

Options:

A.

Notify the CMMC-AB.

B.

Cancel the assessment.

C.

Postpone the assessment.

D.

Contact the C3PAO for guidance.

Buy Now
Questions 19

A dedicated local printer is used to print out documents with FCI in an organization. This is considered an FCI Asset Which function BEST describes what the printer does with the FCI?

Options:

A.

Encrypt

B.

Manage

C.

Process

D.

Distribute

Buy Now
Questions 20

Which organization is the governmental authority responsible for identifying and marking CUI?

Options:

A.

NARA

B.

NIST

C.

CMMC-AB

D.

Department of Homeland Security

Buy Now
Questions 21

A company is about to conduct a press release. According to AC.L1-3.1.22: Control information posted or processed on publicly accessible systems, what is the MOST important factor to consider when addressing CMMC requirements?

Options:

A.

That the information is correct

B.

That the CEO approved the message

C.

That the company has to safeguard the release of FCI

D.

That so long as the information is only FCI, it can be released

Buy Now
Questions 22

The evidence needed for each practice and/or process is weight for:

Options:

A.

adequacy and sufficiency.

B.

adequacy and thoroughness.

C.

sufficiency and thoroughness.

D.

sufficiency and appropriateness.

Buy Now
Questions 23

A Level 2 Assessment of an OSC is winding down and the final results are being prepared to present to the OSC. When should the final results be delivered to the OSC?

Options:

A.

At the end of every day of the assessment

B.

Daily and during a final separately scheduled review

C.

Either at the final Daily Checkpoint, or during a separately scheduled findings and recommendation review

D.

Either after approval from the C3PAO. or during a separately scheduled final recommended findings review

Buy Now
Questions 24

Per DoDI 5200.48: Controlled Unclassified Information (CUI), CUI is marked by whom?

Options:

A.

DoD OUSD

B.

Authorized holder

C.

Information Disclosure Official

D.

Presidentialauthorized Original Classification Authority

Buy Now
Questions 25

An organization's sales representative is tasked with entering FCI data into various fields within a spreadsheet on a company-issued laptop. This laptop is an FCI Asset being used to:

Options:

A.

process and transmit FCI.

B.

process and organize FCI.

C.

store, process, and transmit FCI.

D.

store, process, and organize FCI.

Buy Now
Questions 26

Validation of findings is an iterative process usually performed during the Daily Checkpoints throughout the entire assessment process. As a validation activity, why are the preliminary findings important?

Options:

A.

It allows the OSC to comment and provide additional evidence.

B.

It determines whether the OSC will be rated MET or NOT MET on their assessment.

C.

It confirms that the Assessment Team's findings are right and cannot be changed.

D.

It corroborates the Assessment Team's understanding of the CMMC practices and controls.

Buy Now
Questions 27

On a Level 2 Assessment Team, what are the roles of the CCP and the CCA?

Options:

A.

The CCP leads the Level 2 Assessment Team, which consists of one or more CCAs.

B.

The CCA leads the Level 2 Assessment Team, which can include 3 CCP with US Citizenship.

C.

The CCA leads the Level 2 Assessment Team, which can include a CCP regardless of citizenship.

D.

The CCP leads the Level 2 Assessment Team, which can include a CCA. regardless of citizenship.

Buy Now
Questions 28

While conducting a CMMC Assessment, an individual from the OSC provides documentation to the assessor for review. The documentation states an incident response capability is established and contains information on incident preparation, detection, analysis, containment, recovery, and user response activities. Which CMMC practice is this documentation attesting to?

Options:

A.

IR.L2-3.6.1: Incident Handling

B.

IR.L2-3.6.2: Incident Reporting

C.

IR.L2-3.6.3: Incident Response Testing

D.

IR.L2-3.6.4: Incident Spillage

Buy Now
Questions 29

Evidence gathered from an OSC is being reviewed. Based on the assessment and organizational scope, the Lead Assessor requests the Assessment Team to verify that the coverage by domain, practice. Host Unit. Supporting Organization/Unit, and enclaves are comprehensive enough to rate against each practice. Which criteria is the assessor referring to?

Options:

A.

Adequacy

B.

Capability

C.

Sufficiency

D.

Objectivity

Buy Now
Questions 30

Which authority leads the CMMC direction, standards, best practices, and knowledge framework for how to map the controls and processes across different Levels that range from basic cyber hygiene to advanced cyber practices?

Options:

A.

NIST

B.

DoD CIO office

C.

Federal CIO office

D.

Defense Federal Acquisition Regulation Council

Buy Now
Questions 31

The Assessment Team has completed Phase 2 of the Assessment Process. In conducting Phase 3 of the Assessment Process, the Assessment Team is reviewing evidence to address Limited Practice Deficiency Corrections. How should the team score practices in which the evidence shows the deficiencies have been corrected?

Options:

A.

MET

B.

POA&M

C.

NOT MET

D.

NOT APPLICABLE

Buy Now
Questions 32

Contractor scoping requirements for a CMMC Level 2 Assessment to document the asset in an inventory, in the SSP and on the network diagram apply to:

Options:

A.

GUI Assets.

B.

CUI and Security Protection Asset categories.

C.

all asset categories except for the Out-of-scope Assets.

D.

Contractor Risk Managed Assets and Specialized Assets.

Buy Now
Questions 33

CMMC scoping covers the CUI environment encompassing the systems, applications, and services that focus on where CUI is:

Options:

A.

received and transferred.

B.

stored, processed, and transmitted.

C.

entered, edited, manipulated, printed, and viewed.

D.

located on electronic media, on system component memory, and on paper.

Buy Now
Questions 34

An OSC needs to be assessed on RA.L2-3.11.1: Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. What is in scope for a Level 2 assessment of RA.L2-3.11.1?

Options:

A.

IT systems

B.

Enterprise systems

C.

CUI Marking processes

D.

Processes, people, physical entities, and IT systems in which CUI processed, stored, or transmitted

Buy Now
Questions 35

While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?

Options:

A.

Procedures for implementing access control lists

B.

List of unauthorized users that identifies their identities and roles

C.

User names associated with system accounts assigned to those individuals

D.

Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."

Buy Now
Questions 36

The Audit and Accountability (AU) domain has practices in:

Options:

A.

Level 1.

B.

Level 2.

C.

Levels 1 and 2.

D.

Levels 1 and 3.

Buy Now
Questions 37

Which statement BEST describes an assessor's evidence gathering activities?

Options:

A.

Use interviews for assessing a Level 2 practice.

B.

Test all practices or objectives for a Level 2 practice

C.

Test certain assessment objectives to determine findings.

D.

Use examinations, interviews, and tests to gather sufficient evidence.

Buy Now
Questions 38

A defense contractor needs to share FCI with a subcontractor and sends this data in an email. The email system involved in this process is being used to:

Options:

A.

manage FCI.

B.

process FCI.

C.

transmit FCI.

D.

generate FCI

Buy Now
Questions 39

The results package for a Level 2 Assessment is being submitted. What MUST a Final Report. CMMC Assessment Results include?

Options:

A.

Affirmation for each practice or control

B.

Documented rationale for each failed practice

C.

Suggested improvements for each failed practice

D.

Gaps or deltas due to any reciprocity model are recorded as met

Buy Now
Questions 40

Which phase of the CMMC Assessment Process includes the task to identify, obtain inventory, and verify evidence?

Options:

A.

Phase 1: Plan and Prepare Assessment

B.

Phase 2: Conduct Assessment

C.

Phase 3: Report Recommended Assessment Results

D.

Phase 4: Remediation of Outstanding Assessment Issues

Buy Now
Questions 41

A CMMC Level 1 Self-Assessment identified an asset in the OSC's facility that does not process, store, or transmit FCI. Which type of asset is this considered?

Options:

A.

FCI Assets

B.

Specialized Assets

C.

Out-of-Scope Assets

D.

Government-Issued Assets

Buy Now
Questions 42

When are contractors required to achieve a CMMC certificate at the Level specified in the solicitation?

Options:

A.

At the time of award

B.

Upon solicitation submission

C.

Thirty days from the award date

D.

Before the due date of submission

Buy Now
Questions 43

The director of sales, in a meeting, stated that the sales team received feedback on some emails that were sent, stating that the emails were not marked correctly. Which training should the director of sales refer the sales team to regarding information as to how to mark emails?

Options:

A.

FBI CUI Introduction to Marking

B.

NARA CUI Introduction to Marking

C.

C3PAO CUI Introduction to Marking

D.

CMMC-AB CUI Introduction to Marking

Buy Now
Questions 44

When scoping the organizational system, the scope of applicability for the cybersecurity CUI practices applies to the components of:

Options:

A.

federal systems that process, store, or transmit CUI.

B.

nonfederal systems that process, store, or transmit CUI.

C.

federal systems that process, store, or transmit CUI. or that provide protection for the system components.

D.

nonfederal systems that process, store, or transmit CUI. or that provide protection for the system components.

Buy Now
Questions 45

Which term describes the process of granting or denying specific requests to obtain and use information, related information processing services, and enter specific physical facilities?

Options:

A.

Access control

B.

Physical access control

C.

Mandatory access control

D.

Discretionary access control

Buy Now
Questions 46

Which domain references the requirements needed to handle physical or digital assets containing CUI?

Options:

A.

Media Protection (MP)

B.

Physical Protection (PE)

C.

System and Information Integrity (SI)

D.

System and Communications Protection (SC)

Buy Now
Questions 47

What is the MOST common purpose of assessment procedures?

Options:

A.

Obtain evidence.

B.

Define level of effort.

C.

Determine information flow.

D.

Determine value of hardware and software.

Buy Now
Questions 48

The practices in CMMC Level 2 consists of the security requirements specified in:

Options:

A.

NISTSP 800-53.

B.

NISTSP 800-171.

C.

48 CFR 52.204-21.

D.

DFARS 252.204-7012.

Buy Now
Questions 49

Which NIST SP defines the Assessment Procedure leveraged by the CMMC?

Options:

A.

NIST SP 800-53

B.

NISTSP800-53a

C.

NIST SP 800-171

D.

NISTSP800-171a

Buy Now
Questions 50

A contractor provides services and data to the DoD. The transactions that occur to handle FCI take place over the contractor's business network, but the work is performed on contractor-owned systems, which must be configured based on government requirements and are used to support a contract. What type of Specialized Asset are these systems?

Options:

A.

loT

B.

Restricted IS

C.

Test equipment

D.

Government property

Buy Now
Questions 51

During the planning phase of a CMMC Level 2 Assessment, the Lead Assessor is considering what would constitute the right evidence for each practice. What is the Assessor attempting to verify?

Options:

A.

Adequacy

B.

Sufficiency

C.

Process mapping

D.

Assessment scope

Buy Now
Exam Code: CMMC-CCP
Exam Name: Certified CMMC Professional (CCP) Exam
Last Update: Jan 16, 2025
Questions: 170

PDF + Testing Engine

$49.5  $164.99

Testing Engine

$37.5  $124.99
buy now CMMC-CCP testing engine

PDF (Q&A)

$31.5  $104.99
buy now CMMC-CCP pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 24 Jan 2025