Free Cyber AB CMMC-CCA Exam Questions
Absolute Free CMMC-CCA Exam Practice for Comprehensive Preparation
-
Cyber AB CMMC-CCA Exam Questions
-
Provided By: Cyber AB
- Exam: Certified CMMC Assessor (CCA) Level 2
- Certification: CMMC
-
Total Questions: 500
-
Updated On: Apr 07, 2025
-
Rated: 4.9 |
-
Online Users: 1000
-
Question 1
-
Angela, a CCA, is conducting a CMMC assessment for Obsidian Technologies, the OSC. During the assessment, Angela learns that her spouse owns a significant amount of stock in Obsidian Technologies, and she has not disclosed this information to Obsidian Technologies or the C3PAO. Which CMMC CoPC guiding principle has Angela violated in this scenario?
Answer: A
-
Angela, a CCA, is conducting a CMMC assessment for Obsidian Technologies, the OSC. During the assessment, Angela learns that her spouse owns a significant amount of stock in Obsidian Technologies, and she has not disclosed this information to Obsidian Technologies or the C3PAO. Which CMMC CoPC guiding principle has Angela violated in this scenario?
-
Question 2
-
A C3PAO and OSC have agreed to proceed with CMMC assessment planning. The OSC assessment official and the C3PAO are working to determine the planning details and purview of the Assessment, which includes scoping. When should the C3PAO and OSC conduct the high-level contract framing?
Answer: B
-
A C3PAO and OSC have agreed to proceed with CMMC assessment planning. The OSC assessment official and the C3PAO are working to determine the planning details and purview of the Assessment, which includes scoping. When should the C3PAO and OSC conduct the high-level contract framing?
-
Question 3
-
A software development company is applying for a CMMC Level 2 assessment. As the Lead Assessor, you request access to the company?s System Security Plan (SSP) as part of the initial objective evidence for validating the scope. Which of the following is true about the software development companys obligations in honoring the request?
Answer: D
-
A software development company is applying for a CMMC Level 2 assessment. As the Lead Assessor, you request access to the company?s System Security Plan (SSP) as part of the initial objective evidence for validating the scope. Which of the following is true about the software development companys obligations in honoring the request?
-
Question 4
-
Members of the CMMC ecosystem take due care to ensure that privileged information gathered during assessments or consulting remains private, even after the work engagement has ended. Which CoPC practice is described in this scenario?
Answer: C
-
Members of the CMMC ecosystem take due care to ensure that privileged information gathered during assessments or consulting remains private, even after the work engagement has ended. Which CoPC practice is described in this scenario?
-
Question 5
-
When assessing an OSC?s compliance with IR requirements, you realize they have deployed a system that tracks incidents, documents details, and updates the status throughout the incident response process. Personnel to whom incidents must be reported are identified and designated. While examining their documentation, you come across an incident response template that they use to capture all relevant information and ensure consistency in reporting to the identified authorities and organizational officials. Interviewing the IR team, you learn there is an escalation process that the contractor?s cybersecurity team can use to address more serious incidents. How would you score the contractor?s implementation of IR.L2-3.6.2-Incident Reporting?
Answer: D
-
When assessing an OSC?s compliance with IR requirements, you realize they have deployed a system that tracks incidents, documents details, and updates the status throughout the incident response process. Personnel to whom incidents must be reported are identified and designated. While examining their documentation, you come across an incident response template that they use to capture all relevant information and ensure consistency in reporting to the identified authorities and organizational officials. Interviewing the IR team, you learn there is an escalation process that the contractor?s cybersecurity team can use to address more serious incidents. How would you score the contractor?s implementation of IR.L2-3.6.2-Incident Reporting?