[2026] Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA 무료 시험 문제

문제1

A C3PAO has contracted by an OSC to perform its assessment. Before the assessment, the Lead Assessor asks the OSC to provide an extensive list of evidence, some of which is optional and beyond the minimum requirements. The OSC is not able to fulfill the entire request. One missing document was a current and organized list of the OSC's evidence and mappings.
Given that this is a Level 2 Assessment, what should the Lead Assessor tell the OSC?

A. "The OSC must provide the Assessment Team with hardcopy evidence. Electronic evidence will only be collected when needed."

B. "The OSC's Assessment Official will be asked to collect evidence when requested by the assessment team."

C. "It's okay that the document is missing. The Assessment Team will collect all evidence themselves to ensure its integrity."

D. "The OSC should provide the Assessment Team with a current and organized list of their evidence and process mappings, but the assessment can continue."

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제2

During a CMMC Level 2 Assessment, a CCA interviewed a system administrator on the OSC's procedures around configuration management and endpoint security. The system administrator described how they build and deploy new systems, and noted that some users require specialized applications for their jobs. Users have been asked to email IT when they install and run an additional application so IT can add it to their list of allowed software.
What must the CCA conclude?

A. IT does not have a policy that users notify IT when they install new applications.

B. IT must deploy an application to report newly installed software.

C. The OSC has not properly implemented application allow listing.

D. The OSC has properly implemented application deny listing.

정답: C

설명: (Fast2test 회원만 볼 수 있음)

문제3

An Assessor is examining documents provided by the OSC POC. While reviewing them, the Assessor notes that several of the procedures have very current dates while the bulk do not. What should the Assessor do in order to decide if these new documents are acceptable as evidence?

A. Set up an observation session to determine if the procedures are in use and people are knowledgeable of their deployment and use.

B. Determine if the people involved in writing the procedures are on the list of those who can be interviewed.

C. Ensure the documents were approved by a senior-level manager.

D. Determine the outlined reasonableness of the procedures.

정답: A

설명: (Fast2test 회원만 볼 수 있음)

문제4

The OSC POC has supplied all of the procedures, policies, and plans at the start of the assessment. One of the assessors notes that some of the documents have very recent approval dates, while others have been in place for several years based on the document history.
In order to ensure the review of this evidence is sufficient, what is the BEST step to validate the sufficiency of these documents?

A. Examine the documents to determine if they are complete.

B. Examine if the procedure in question replaced another document.

C. Interview OSC team members who should be using the procedure.

D. Interview people who hold leadership roles named in the documents.

정답: C

설명: (Fast2test 회원만 볼 수 있음)

문제5

When a new employee is issued a laptop, only the user's credentials need to be set up. According to the IT department, the IT manager is the only person who can change laptop setup and user privileges. What documentation should be examined to determine if this is the case?

A. Remote access procedures

B. System audit logs

C. Inventory records

D. Acceptable use policy

정답: B

설명: (Fast2test 회원만 볼 수 있음)

문제6

A Lead Assessor is conducting an assessment for an OSC. The Lead Assessor is collecting evidence regarding the OSC's network separation techniques. Which technique would be considered a logical separation technique and would fall within the scope of the assessment?

A. Role-based access control within a properly implemented identity and access management tool

B. Access limitation based on badge access assigned to employees based on role

C. Data loss alerting configured at the edge of the network containing CUI assets

D. A proxy-configured firewall that prevents data from flowing along the physical connection path

정답: A

설명: (Fast2test 회원만 볼 수 있음)

문제7

During a CMMC Assessment, the assessor is determining if the Escort Visitors practice is MET. Personnel with which of the following responsibilities would be MOST appropriate to interview?

A. Local access control and information security

B. Information technology management and operations

C. Repair and facilities maintenance

D. Physical access control and information security

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제8

A company employs an encrypted VPN to enhance confidentiality over remote connections. The CCA reads a document describing the VPN. It states the VPN allows automated monitoring and control of remote access sessions, helps detect cyberattacks, and supports auditing of remote access to ensure compliance with CMMC requirements.
What document is the CCA MOST LIKELY reviewing to see how these VPNs are controlled and monitored?

A. Configuration Management Policy

B. Audit and Accountability Policy

C. Media Protection Policy

D. Access Control Policy

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제9

The assessment team has divided responsibilities to review portions of the OSC's scope, including the Host Unit, the specific enclave, and supporting teams such as a Managed Security Service Provider (MSSP).
During evidence review, the team notices that MSSP personnel answered interview questions somewhat differently than OSC personnel. To clarify this inconsistency, the Lead Assessor decides to take all the following steps EXCEPT:

A. Review the agreement with the MSSP.

B. Review interview questionnaire consistency.

C. Review the network diagrams.

D. Review the notes to determine what was different.

정답: B

설명: (Fast2test 회원만 볼 수 있음)

문제10

The OSC prints out documents it receives via email that are marked as CUI. According to MP.L2-3.8.4:
Media Markings,
what should the Assessor expect to see on the printouts?

A. A red stamp that states the document contains CUI

B. The original markings from the document and a distribution list with limitations

C. Written limitations to the distribution of the CUI within the OSC

D. The original markings that were on the document emailed to the OSC

정답: D

설명: (Fast2test 회원만 볼 수 있음)

문제11

The OSC's network consists of a single unmanaged switch that connects all devices, including OT equipment which cannot run a vendor-supported operating system. The OSC correctly scoped the OT equipment as a Specialized Asset, listed it in their inventory and SSP, and provided a network diagram showing plans to isolate the OT and apply additional security measures. What information does the Lead Assessor still require to ensure compliance?

A. Installation and configuration documentation for the OT to ensure it was correctly built

B. Evidence that the network isolation is completed by the end of the assessment as well as supporting evidence for all other applicable CMMC practices

C. Wording in the scoping document detailing how the OT adheres to all other applicable CMMC practices

D. Wording in the SSP detailing how the OT is managed using the OSC's risk-based security policies, procedures, and practices

정답: B

설명: (Fast2test 회원만 볼 수 있음)

Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA무료 덤프문제 풀어보기

우리와 연락하기

유용한 링크

최신 업데이트