最新的Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA免費考試真題

問題1
A cloud-native OSC uses a vendor's FedRAMP MODERATE authorized cloud environment for all aspects of their CUI needs (identity, email, file storage, office suite, etc.) as well as the vendor's locally installable applications. The OSC properly configured the vendor's cloud-based SIEM system to monitor all aspects of the cloud environment. The OSC's SSP documents SI.L2-3.14.7: Identify Unauthorized Use, defining authorized use and referencing procedures for identifying unauthorized use.
How should the Certified Assessor score this practice?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題2
During an assessment, the Lead Assessor determines certain assets to be in-scope which the OSC had considered out-of-scope.
The CCA should reply that for assets to be considered out-of-scope they:

正確答案: C
說明:(僅 VCESoft 成員可見)
問題3
Both the SSP and network diagrams presented to the Lead Assessor by the OSC indicate managed service providers (MSPs) within the assessment boundary. In order to BEST understand the impact of the MSPs, what should the Lead Assessor do?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題4
During an assessment, the IT security engineers responsible for password policy for the OSC provided documentation that all passwords are protected using a one-way hashing methodology. As a result, which statement is true?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題5
An OSC has a minimal physical footprint consisting only of network equipment, workstations, and a centralized domain environment. File storage is centralized in a third-party vendor's FedRAMP Moderate authorized cloud environment, and employees access files using the cloud integration with their workstations. Since CUI is stored in the FedRAMP Moderate authorized environment, the OSC should prepare to have which environment(s) assessed?

正確答案: B
說明:(僅 VCESoft 成員可見)
問題6
The Lead Assessor is reviewing the Assessment Plan to identify people for interviews regarding a specific Level 2 practice. Some OSC personnel previously interviewed provided only brief answers without meaningful verification. What can the Lead Assessor do to improve this situation going forward?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題7
Phase 2 of the CMMC Assessment Process specifies that the Assessment Team shall generate the final recommended assessment results. The status and recommended scores of the implemented CMMC practices are collected throughout the assessment and are reviewed with the OSC during the final daily review.
What are the key sequential subphases that support the generation of final recommended assessment results?

正確答案: C
說明:(僅 VCESoft 成員可見)
問題8
A company is undergoing a CMMC Level 2 Assessment. During the Conduct Assessment phase, an Assessment Team member is reviewing the policies and procedures in the incident response plan.
Which assessment method is being utilized?

正確答案: D
說明:(僅 VCESoft 成員可見)
問題9
The OSC has changed its manner of operations in the past year to isolate its manufacturing division (which handles CUI) from its managerial team (which does not). Upon review of the provided information, the Lead Assessor was unable to identify this isolation in the environment. Which step should the Assessor take NEXT to understand how the current documentation isolates the operational components?

正確答案: D
說明:(僅 VCESoft 成員可見)