CMMC-CCA Exam Question 116
You are working as a CCA on a Level 2 Assessment for a DoD prime contractor. The Organization Seeking Certification (OSC) seeks to keep assessment costs down, and the C3PAO and OSC have decided to conduct all possible work remotely. You are assigned to work primarily on the Media Protection (MP), Personnel Security (PS), and Physical Protection (PE) domains. In addition, the Lead Assessor has designated you as the one person from the Assessment Team to conduct all the on-premises work. Which of the following factors do you and the Assessment Team not need to consider as part of your on-site work?
CMMC-CCA Exam Question 117
You are a CCA conducting a CMMC assessment for an OSC. While evaluating Risk Assessment (RA) practices, you check how the OSC has addressed assessment objective [a] of RA.L2-3.11.1, "Determine if the frequency for assessing risk to organizational operations, organizational assets, and individuals is defined." Which Assessment Object would most likely provide the answer to this requirement?
CMMC-CCA Exam Question 118
A CCA was part of an Assessment Team tasked with conducting a CMMC assessment for an OSC. Happy to have been part of the team that completed the assessment, the CCA posted the OSC's assessment results on their Twitter/X account. Which CMMC Code of Professional Conduct (CoPC) principle has the CCA violated?
CMMC-CCA Exam Question 119
An engineering company works on DoD contracts that involve handling CUI. They use hardcopy media such as printed paper, microfilms, and digital media, including flash drives, SSDs, DVDs, and internal and external hard drives. During a CMMC assessment, you discover the engineering company has defined procedures addressing media storage and access governed by an access control policy. All media containing CUI is marked and stored in biometrically locked cabinets. To store CUI on digital media, an authorized user must be identified using their biometrics or authenticated using an integrated MFA solution. To access non-digital media, the user must be on a defined list of authorized personnel and sign three forms. You also learn that the contractor maintains a comprehensive inventory of all CUI media. The scenario describes a multi-factor authentication (MFA) solution being used to access digital media containing CUI. However, the access control procedures for non-digital media require authorized personnel to sign three separate forms. While both methods aim to verify user identity, which of the following is the MOST significant security concern associated with the reliance on a paper-based form process?
CMMC-CCA Exam Question 120
An OSC uses a cloud-based database for storing customer information. Employees access this database through a secure application on their company laptops. The database itself resides on servers managed by the Cloud Service Provider (CSP). When employees use the application to access customer data, what type of location are they reaching?