最新的Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA免費考試真題
An OSC seeking Level 2 certification has a fully cloud-based environment. The assessor must evaluate fulfillment of Level 2 requirements the OSC implements versus those handled by the cloud service provider.
Which document would be BEST to identify the Level 2 requirements handled by the OSC's cloud provider?
Which document would be BEST to identify the Level 2 requirements handled by the OSC's cloud provider?
正確答案: C
說明:(僅 Fast2test 成員可見)
NIST SP 800-171A specifies the assessment methods for defining the nature and the extent of a CCA's actions. What is the purpose of the test assessment method?
正確答案: C
說明:(僅 Fast2test 成員可見)
An OSC is preparing for an assessment and wants to gather evidence that will be used by the Lead Assessor to determine the scope of the assessment. The OSC currently operates a hybrid network, with part of their infrastructure at their physical location and part of their infrastructure in a cloud environment.
What evidence should the OSC collect that would assist the Lead Assessor in determining cloud and hybrid environment constraints?
What evidence should the OSC collect that would assist the Lead Assessor in determining cloud and hybrid environment constraints?
正確答案: D
說明:(僅 Fast2test 成員可見)
Which of the following can be taken into consideration when assessing AC.L2-3.1.3 Privacy & Security Notices?
正確答案: B
說明:(僅 Fast2test 成員可見)
An assessor is reviewing whether an organization appropriately analyzed the security impact of a new release of an application. Which of the following documents is MOST useful for the assessor to review?
正確答案: A
說明:(僅 Fast2test 成員可見)
During a CMMC Level 2 Assessment, a CCA interviewed a system administrator on the OSC's procedures around configuration management and endpoint security. The system administrator described how they build and deploy new systems, and noted that some users require specialized applications for their jobs. Users have been asked to email IT when they install and run an additional application so IT can add it to their list of allowed software.
What must the CCA conclude?
What must the CCA conclude?
正確答案: B
說明:(僅 Fast2test 成員可見)
An OSC outsources all of its security incident and event monitoring work to a third-party SOC. Additionally, the OSC utilizes a cloud-hosted antivirus (AV) system to fulfill the requirement of having virus protection without hosting additional servers on-site.
During the scoping discussion, both the SOC and AV should be listed as what type of asset?
During the scoping discussion, both the SOC and AV should be listed as what type of asset?
正確答案: C
說明:(僅 Fast2test 成員可見)
The OSC POC has prepared evidence from an internal pre-assessment for the C3PAO in preparation for a third-party assessment. The OSC POC has identified that there are several ESPs (External Service Providers) involved in protecting the security of the infrastructure. While reviewing the pre-assessment documentation regarding ESPs, the Lead Assessor will be looking for items that are:
正確答案: C
說明:(僅 Fast2test 成員可見)
To meet AC.L2-3.1.5: Least Privilege, the following procedure is established:
* All employees are given a basic (non-privileged) user account.
* System Administrators are given a separate System Administrator account.
* Database Administrators are given a separate Database Administrator account.
Which steps should be added to BEST meet all of the standards for least privilege?
* All employees are given a basic (non-privileged) user account.
* System Administrators are given a separate System Administrator account.
* Database Administrators are given a separate Database Administrator account.
Which steps should be added to BEST meet all of the standards for least privilege?
正確答案: B
說明:(僅 Fast2test 成員可見)
An OSC seeking Level 2 certification has recently configured system auditing capabilities for all systems within the assessment scope. The audit logs are generated based on the required events and contain the correct content that the organization has defined.
Which of the following BEST describes the next system auditing objective that the organization should define?
Which of the following BEST describes the next system auditing objective that the organization should define?
正確答案: A
說明:(僅 Fast2test 成員可見)
A CCA is prohibited from doing which of the following?
正確答案: D
說明:(僅 Fast2test 成員可見)
An OSC uses an External Service Provider (ESP) to support part of its CUI processing scope. The OSC has selected an accredited ESP with FedRAMP MODERATE authorization. The OSC has a contract requiring the ESP to meet its security requirements. The ESP has provided a Shared Responsibility Matrix (SRM) consistent with the contract terms.
When assessing these assets, what should the assessor MOST carefully review?
When assessing these assets, what should the assessor MOST carefully review?
正確答案: D
說明:(僅 Fast2test 成員可見)
An OSC seeking Level 2 certification wants to develop and launch a website for customers to purchase items online and submit contact forms. The OSC plans to host the web server in their own data center while also maintaining the security of their internal IT environment. Based on this information, what would be the BEST approach?
正確答案: A
說明:(僅 Fast2test 成員可見)
When assessing an environment, the CCA determines that CUI is contained within an IoT device. Which statement MUST be true?
正確答案: D
說明:(僅 Fast2test 成員可見)