1091 お客様のコメント
質問 1:
Which government agency are DoD contractors required to report breaches of CUI to?
A. Under Secretary of Defense for Intelligence and Security
B. NARA
C. FBI
D. DoD Cyber Crime Center
正解:D
質問 2:
The Lead Assessor is presenting the Final Findings Presentation to the OSC. During the presentation, the Assessment Sponsor and OSC staff inform the assessor that they do not agree with the assessment results.
Who has the final authority for the assessment results?
A. CMMC-AB
B. Assessment Team
C. C3PAO
D. Assessment Sponsor
正解:C
質問 3:
When are contractors required to achieve a CMMC certificate at the Level specified in the solicitation?
A. Upon solicitation submission
B. Before the due date of submission
C. At the time of award
D. Thirty days from the award date
正解:C
質問 4:
When assessing SI.L1-3.14.2: Provide protection from malicious code at appropriate locations within organizational information systems, evidence shows that all of the OSC's workstations and servers have antivirus software installed for malicious code protection. A centralized console for the antivirus software management is in place and records show that all devices have received the most updated antivirus patterns.
What is the BEST determination that the Lead Assessor should reach regarding the evidence?
A. It is insufficient, and the audit finding can be rated NOT MET.
B. It is insufficient, and the Lead Assessor should seek more evidence.
C. It is sufficient, and the audit finding can be rated as MET.
D. It is sufficient, and the Lead Assessor should seek more evidence.
正解:C
質問 5:
During Phase 4 of the Assessment process, what MUST the Lead Assessor determine and recommend to the C3PAO concerning the OSC?
A. Capability
B. Ability
C. Eligibility
D. Suitability
正解:A
質問 6:
An Assessment Team is conducting a Level 2 Assessment at the request of an OSC. The team has begun to score practices based on the evidence provided. At a MINIMUM what is required of the Assessment Team to determine if a practice is scored as MET?
A. Complete two of the following: examine one artifact, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.
B. All three types of evidence are documented for every control.
C. Examine and accept evidence from one of the three evidence types.
D. Complete one of the following; examine two artifacts, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.
正解:A
質問 7:
A C3PAO is conducting High Level Scoping for an OSC that requested an assessment Which term describes the people, processes, and technology that will be applied to the contract who are requesting a CMMC Level assessment?
A. Branch Office
B. Coordinating Unit
C. Supporting Organization/Units
D. Host Unit
正解:C
質問 8:
While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?
A. Procedures for implementing access control lists
B. List of unauthorized users that identifies their identities and roles
C. User names associated with system accounts assigned to those individuals
D. Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."
正解:C
質問 9:
Which assessment method compares actual-specified conditions with expected behavior?
A. Interview
B. Examine
C. Test
D. Compile
正解:C
Which government agency are DoD contractors required to report breaches of CUI to?
A. Under Secretary of Defense for Intelligence and Security
B. NARA
C. FBI
D. DoD Cyber Crime Center
正解:D
質問 2:
The Lead Assessor is presenting the Final Findings Presentation to the OSC. During the presentation, the Assessment Sponsor and OSC staff inform the assessor that they do not agree with the assessment results.
Who has the final authority for the assessment results?
A. CMMC-AB
B. Assessment Team
C. C3PAO
D. Assessment Sponsor
正解:C
質問 3:
When are contractors required to achieve a CMMC certificate at the Level specified in the solicitation?
A. Upon solicitation submission
B. Before the due date of submission
C. At the time of award
D. Thirty days from the award date
正解:C
質問 4:
When assessing SI.L1-3.14.2: Provide protection from malicious code at appropriate locations within organizational information systems, evidence shows that all of the OSC's workstations and servers have antivirus software installed for malicious code protection. A centralized console for the antivirus software management is in place and records show that all devices have received the most updated antivirus patterns.
What is the BEST determination that the Lead Assessor should reach regarding the evidence?
A. It is insufficient, and the audit finding can be rated NOT MET.
B. It is insufficient, and the Lead Assessor should seek more evidence.
C. It is sufficient, and the audit finding can be rated as MET.
D. It is sufficient, and the Lead Assessor should seek more evidence.
正解:C
質問 5:
During Phase 4 of the Assessment process, what MUST the Lead Assessor determine and recommend to the C3PAO concerning the OSC?
A. Capability
B. Ability
C. Eligibility
D. Suitability
正解:A
質問 6:
An Assessment Team is conducting a Level 2 Assessment at the request of an OSC. The team has begun to score practices based on the evidence provided. At a MINIMUM what is required of the Assessment Team to determine if a practice is scored as MET?
A. Complete two of the following: examine one artifact, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.
B. All three types of evidence are documented for every control.
C. Examine and accept evidence from one of the three evidence types.
D. Complete one of the following; examine two artifacts, either observe a satisfactory demonstration of one control or receive one affirmation from the OSC personnel.
正解:A
質問 7:
A C3PAO is conducting High Level Scoping for an OSC that requested an assessment Which term describes the people, processes, and technology that will be applied to the contract who are requesting a CMMC Level assessment?
A. Branch Office
B. Coordinating Unit
C. Supporting Organization/Units
D. Host Unit
正解:C
質問 8:
While conducting a CMMC Assessment, a Lead Assessor is given documentation attesting to Level 1 identification and authentication practices by the OSC. The Lead Assessor asks the CCP to review the documentation to determine if identification and authentication controls are met. Which documentation BEST satisfies the requirements of IA.L1-3.5.1: Identify system users. processes acting on behalf of users, and devices?
A. Procedures for implementing access control lists
B. List of unauthorized users that identifies their identities and roles
C. User names associated with system accounts assigned to those individuals
D. Physical access policy that states. "All non-employees must wear a special visitor pass or be escorted."
正解:C
質問 9:
Which assessment method compares actual-specified conditions with expected behavior?
A. Interview
B. Examine
C. Test
D. Compile
正解:C
椎名** -
本格的なCMMC-CCP問題も掲載されてるし、索引も充実!