Assessment results must:

Meet internal C3PAO review, quality assurance, and approval procedures before the Assessment result data are uploaded into CMMC eMASS

Be approved in signature by the OSC prior to upload into CMMC eMASS

Formatted by the CMMC Concept of Operations Data Custodian prior to upload into CMMC eMASS

Be approved by the Cyber AB prior to upload into CMMC eMASS

To verify and validate that a contractor is meeting CMMC practice evidence needs to exist demonstrating that the contractor:

Has fulfilled the objectives of the Level 1 practices

Has fulfilled at least 70% of the objectives of the Level 1 practices

Has fulfilled at least 80% of the objectives of the Level 1 practices

Had fulfilled the objectives of the Level 1 and 2 practices

Organizations can monitor systems:

By observing characteristics of access

By observing audit record activities in real time

General Data Protection Regulation

General Data Privacy Regulation

Global Defense Protection Regulation

Which of the following are potential assessment considerations for IA.L1-3.5.1 - Identification?

Are unique identifiers issues to individual users?

Are device identifiers used in authentication processes?

Are unique identifiers issued to groups?

Are user credentials authenticated in system processes?

The recommended security requirements contained in NIST Special Publication 800-171 Revision 2 are only applicable to:

A non-federal system or organization when mandated by a federal agency in a contract, grant, or other agreement

A non-federal system or organization when mandated by the U.S. Department of Justice

A federal system or organization

A non-federal system or organization when mandated by a federal agency in a contract

If the government intervenes in the qui tam action, the person bringing the action is entitled to receive:

Between 15 and 25 percent of the amount recovered by the government through the qui tam action

0.5 percent of the amount recovered by the government through the qui tam action

Between 10 and 20 percent of the amount recovered by the government through the qui tam action

15 percent of the amount recovered by the government through the qui tam action

The CMMC Self Assessment scope informs:

Which assets within the contractor's environment will be assessed

The date on which the assessment will be completed

Which assets within the contractor's environment will not be assessed

The desired outcome of the assessment

A severe or catastrophic adverse effect means that, for example, the loss of confidentiality, integrity, or availability might:

Result in major damage to organizational assets

Cause a severe degradation in or loss of mission capability to an extent and duration that the organization is not able to perform one or more of its primary functions

Consulting is defined as:

Providing direct assistance to the creation of processing, training, and technology required to meet the intent of CMMC controls and processes

Reporting results and data from Assessments Training objectively, completely, clearly, and accurately

Disclosing any conflict of interest transparently to affected stakeholders

Conducting a certified assessment, or participating on a certified assessment team

For a CMMC Level 1 self-assessment, which of the following is correct?

The assets that process, store or transmit FCI are considered in scope

The assets that process, store or transmit PII are considered in scope

The assets that process, store or transmit FCI are considered out of scope

The assets that process, store or transmit restricted data are considered in scope

The OSC Assessment Official is responsible for:

Ensuring Assessment documentation completeness and accuracy

Providing daily coordination and liaison support between the OSC and the Assessment Team

Ensuring all OSC-required actions during the Assessment are carried out, including the funding and payment for the Assessment

Implementing CMMC practices for the target CMMC Level to which the OSC aspires

Prior to a Level 1 CMMC Self Assessment, the contractor must specify:

The company's board integration

The responsibility of federal agencies to protect CUI:

Does not change when such information is shared with nonfederal partners

Changes when such information is shared with nonfederal partners

Is established in FAR 52.204-21

The process of exercising assessment objects under specific conditions to compare actual with expected behavior

The process of reviewing evidence to determine the effectiveness of a control

The process of evaluating a system performance

The process of evaluating the probability of an incident to occur

Unauthorized disclosure occurs when:

An Authorized Holder of CUI intentionally or unintentionally discloses CUI without a lawful government

An Unauthorized Holder of CUI intentionally modifies CUI

An Unauthorized Holder of CUI intentionally access CUI

An Authorized Holder of CUI intentionally discloses CUI to a third party

Controlled environment is:

Any area or space an authorized holder deems to have adequate physical or procedural controls to protect CUI from unauthorized access or disclosure

Any area or space where CUI is stored and processed

Any area or space an authorized holder deems to have adequate physical or procedural controls to protect data back ups

Any area or space where CUI is stored

The creation of classified information from the accumulation of unclassified data or information from several areas within a document

The creation of classified information from the accumulation of classified data

The creation of unclassified information from the accumulation of unclassified data

The disposal of classified information by destroying classified data

In order for Defense Industrial Base (DIB) contractor to achieve CMMC Level 2 certification:

It must demonstrate achievement of all Level 1 and Level 2 practices

It must demonstrate achievement of 80 percent of Level 2 practices

It must demonstrate achievement of all Level 2 practices

The critical foundation for a successful Assessment engagement between C3PAOs and OSCs is established in phase:

Plan and prepare the assessment

American Board of Accredited Certifications

Attribute Binary Access Control

Which of these are part of the CMMC level 1 practices?

Authorized access control, Transaction & function control, External connections

Shared resource control, Network communication by exception, Split tunneling

Protect backups, Screen individuals, Personnel actions

Voice over internet protocol, Communications authenticity, Data at rest

Computer Emergency Response Team

Communication Emergency Response Team

Computer Emergency Readiness Team

If nonfederal organizations designate specific system components for the processing, storage or transmission of CUI, those organizations:

May limit the scope of the security requirements by isolating those components in a separate CUI security domain

May obtain a single certification

May limit the scope of the security requirements by eliminating those components

Have to accept the risk of those components

Which is the ISO regime that includes specific measures for ensuring impartiality of conformity Assessments?

ISO/IEC 17020 Conformity Assessment - Requirements for the operation of various types of bodies performing inspection

NIST 800-171A Conformity Assessment - Requirements for the operation of various types of bodies performing inspection

ISO/IEC 27002 Conformity Assessment - Requirements for the operation of various types of bodies performing inspection

ISO/IEC 27001 Conformity Assessment - Requirements for the operation of various types of bodies performing inspection

Information flow control regulates:

Where information can travel within a system and between systems

Which users can access the information that travels between systems

Where information can travel within a system

Which information can travel between systems

Authenticity protection includes:

Protecting against man-in-the-middle attacks, session hijacking, and the insertion of false information into communications sessions

Protecting against the insertion of false information into communications sessions and DoD attacks

Protecting against man-in-the-middle and DOS attacks

Protecting against session hijacking and DDoS attacks

Also includes those components not directly associated with information processing and/or data/information retention

Does not include scanners, copiers, and printers

Only include those components directly associated with information processing and/or data/information retention

The scope of the safeguarding requirements in the federal CUI regulation is:

Limited to the security objective of confidentiality

Limited to the security objective of integrity

Not directly addressing security

Directly addressing integrity and availability

The Lead Assessor is required to:

Validate the OSC's CMMC Assessment Scope

Determine the OSC's CMMC Assessment Scope

Propose the OSC's CMMC Assessment Scope

Secret Quiz 3

Authored by ASHLEY TRIVITT

Education

Professional Development

Used 1+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

A SPRS stands for:

Service Provider Risk System

Supplier Performance Risk System

Service Provider Reservation System

Service Priority Release Sequence

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The initial contact from the OSC:

Must be made via the CMMC Marketplace's online intake form

Can be made via the CMMC Marketplace's online intake form or by direct email or phone call

Must be made via the CMMC Marketplace's online intake form and direct email

Must be made by phone call

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The Evidence collection approach has implications for the following aspects of the Assessment:

Usefulness and accuracy of the Assessment results

The amount of time and effort expended by the OSC in preparing for the assessment

All of these

Ability of the Assessment Team to make accurate judgment

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Sanitization techniques include:

Formatting

Copying

Authenticating

Purging

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

CRM stands for:

Conceptual Reference Model

Customer Responsibility Matrix

Customer Relationship Management

Common Risk Management

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

A control is deemed inheritable when:

The system receives protection from the implemented control, but the control is implemented by an external entity

The system or program receives protection from the implemented control, but the control is developed, implemented, assessed, authorized, and monitored by an internal or external entity other than the entity responsible for the system or program

The program receives protection from the implemented control, but the control is monitored by an internal or external entity other than the entity responsible for the system or program

The system or program receives protection from the implemented control, but the control is implemented by an external entity other than the entity responsible for the system or program

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Which of the following is the best answer for describing Event?

An event is any observable occurence in a system, which includes unlawful or unauthorized system activity

An event is any logged occurrence in a system

An event is the occurrence of an attack

An event is any observable malicious system activity

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

LET Reviewer - General Education (1-50)

Quiz

•

KG - Professional Dev...

51 questions

UNIT -1 INTRODUCTION TO DIGITAL ELECTRONICS

Quiz

•

Professional Development

50 questions

Simulasi CAT Panwaslu Kecamatan 2024 - 02

Quiz

•

Professional Development

50 questions

Cerdas Cermat Besama Mama Papa

Quiz

•

Professional Development

50 questions

TOEFL Listening (Post-test)

Quiz

•

9th Grade - Professio...

50 questions

Latihan MOOC

Quiz

•

10th Grade - Professi...

50 questions

Prelims - THE TEACHER AND THE SCHOOL CURRICULUM

Quiz

•

Professional Development

48 questions

Module A PPB Unit 15- Ancillary Services

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

29 questions

Alg. 1 Section 5.1 Coordinate Plane

Quiz

•

9th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

11 questions

FOREST Effective communication

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

20 questions

Context Clues

Quiz

•

6th Grade

Discover more resources for Education

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L3_22-23

Lesson

•

KG - Professional Dev...

20 questions

Employability Skills

Quiz

•

Professional Development

Secret Quiz 3

A SPRS stands for:

The initial contact from the OSC:

The Evidence collection approach has implications for the following aspects of the Assessment:

Sanitization techniques include:

CRM stands for:

A control is deemed inheritable when:

Which of the following is the best answer for describing Event?

Assessment results must:

Incorporating, restating, or paraphrasing information from its originally designated form into a newly created document means:

The cui program is founded on the prerequisite that only information requiring protection based in a law, Federal regulation, or government-wide policy can qualify as:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Education