
(2025)CMMC-CCP問題集と練習テスト(172問題)
ガイド(2025年最新)リアルなCyber AB CMMC-CCP試験問題
質問 # 28
A CCP is working as an Assessment Team Member on a CMMC Level 2 Assessment. The Lead Assessor has assigned the CCP to assess the OSC's Configuration Management (CM) domain. The CCP's first interview is with a subject-matter expert for user-installed software. With respect to user-installed software, what facet should the CCP's interview focus on?
- A. Controlled and monitored
- B. Scanned for malicious code
- C. Limited to mission-essential use only
- D. Removed from the system
正解:C
質問 # 29
In the CMMC Model, how many practices are included in Level 1?
- A. 17 practices
- B. 72 practices
- C. 110 practices
- D. 15 practices
正解:A
質問 # 30
In many organizations, the protection of FCI includes devices that are used to scan physical documentation into digital form and print physical copies of digital FCI. What technical control can be used to limit multi- function device (MFD) access to only the systems authorized to access the MFD?
- A. Access lists only known to the IT administrator
- B. Virtual LAN restrictions
- C. Documentation showing MFD configuration
- D. Single administrative account
正解:B
質問 # 31
Which NIST SP defines the Assessment Procedure leveraged by the CMMC?
- A. NISTSP800-53a
- B. NISTSP800-171a
- C. NIST SP 800-171
- D. NIST SP 800-53
正解:B
質問 # 32
There are 15 practices that are NOT MET for an OSC's Level 2 Assessment. All practices are applicable to the OSC. Which determination should be reached?
- A. The OSC is not eligible for an option to remediate after the assessment is canceled.
- B. The OSC may have 90 days for remediating NOT MET practices.
- C. The OSC is not eligible for an option to remediate NOT MET practices.
- D. The OSC may be eligible for an option to remediate NOT MET practices.
正解:D
質問 # 33
The CMMC Level 2 assessment methods include examination and can include:
- A. policies, procedures, security plans, penetration tests, and security requirements.
- B. specific hardware, software, or firmware safeguards employed within a system.
- C. observation of system backup operations, exercising a contingency plan, and monitoring network traffic.
- D. documents, mechanisms, or activities.
正解:A
質問 # 34
Which organization is the governmental authority responsible for identifying and marking CUI?
- A. Department of Homeland Security
- B. NIST
- C. NARA
- D. CMMC-AB
正解:C
質問 # 35
Which standard and regulation requirements are the CMMC Model 2.0 based on?
- A. NIST SP 800-171 and NIST SP 800-172
- B. DFARS, NIST, and Carnegie Mellon University
- C. DFARS, FIPS 100, NIST SP 800-171,and Carnegie Mellon University
- D. DFARS, FIPS 100,and NIST SP 800-171
正解:A
質問 # 36
An assessment procedure consists of an assessment objective, potential assessment methods, and assessment objects. Which statement is part of an assessment objective?
- A. Specifications and mechanisms
- B. Determination statement related to the practice
- C. Exercising assessment objects under specified conditions
- D. Examination, interviews, and testing
正解:B
質問 # 37
What is DFARS clause 252.204-7012 required for?
- A. Solicitations and contracts that use FAR part 12 procedures
- B. Commercial off-the-shelf sold in the marketplace without modifications
- C. All DoD solicitations and contracts
- D. Procurements solely for the acquisition of commercial off-the-shelf
正解:C
質問 # 38
How does the CMMC define a practice?
- A. An activity or activities performed to meet defined CMMC objectives
- B. A series of changes taking place in a defined manner
- C. A condition arrived at by experience or exercise
- D. A business transaction
正解:A
質問 # 39
During the review of information that was published to a publicly accessible site, an OSC correctly identifies that part of the information posted should have been restricted. Which item did the OSC MOST LIKELY identify?
- A. FCI
- B. Launching of their new business service line
- C. Change of leadership in the organization
- D. Public releases identifying major deals signed with commercial entities
正解:A
質問 # 40
Which document is the BEST source for descriptions of each practice or process contained within the various CMMC domains?
- A. CMMC Assessment Guide Levels 1 and 2
- B. CMMC Glossary
- C. CMMC Appendices
- D. CMMC Assessment Process
正解:D
質問 # 41
Which domains are a part of a Level 1 Self-Assessment?
- A. Risk Management (RM). Access Control (AC), and Physical Protection (PE)
- B. Access Control (AC), Physical Protection (PE), and Identification and Authentication (IA)
- C. Risk Management (RM). Media Protection (MP), and Identification and Authentication (IA)
- D. Access Control (AC), Risk Management <RM), and Media Protection (MP)
正解:D
質問 # 42
A Level 2 Assessment of an OSC is winding down and the final results are being prepared to present to the OSC. When should the final results be delivered to the OSC?
- A. Either at the final Daily Checkpoint, or during a separately scheduled findings and recommendation review
- B. Either after approval from the C3PAO. or during a separately scheduled final recommended findings review
- C. Daily and during a final separately scheduled review
- D. At the end of every day of the assessment
正解:A
質問 # 43
What is the primary intent of the verify evidence and record gaps activity?
- A. Map test and demonstration responses to CMMC practices.
- B. Conduct interviews to test process implementation knowledge.
- C. Determine the one-to-one relationship between a practice and an assessment object.
- D. Identify and describe differences between what the Assessment Team required and the evidence collected.
正解:D
質問 # 44
An OSC has requested a C3PAO to conduct a Level 2 Assessment. The C3PAO has agreed, and the two organizations have collaborated to develop the Assessment Plan. Who agrees to and signs off on the Assessment Plan?
- A. C3PAO and Assessment Official
- B. OSC and Sponsor
- C. Lead Assessor and C3PAO
- D. OSC and CMMC-AB
正解:C
質問 # 45
......
CMMC-CCP試験問題集パスできる2025年最新の認証された試験問題:https://jp.fast2test.com/CMMC-CCP-premium-file.html
CMMC-CCP試験問題リアルな最新問題PDF:https://drive.google.com/open?id=1TzBg3rwZD8uvlCcCT5nGWtCibXEFpM-5