問題1
A CCA is assessing the implementation of the Incident Reporting practice. To validate the control, what MUST the CCA ensure about the OSC?
A CCA is assessing the implementation of the Incident Reporting practice. To validate the control, what MUST the CCA ensure about the OSC?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題2
During the assessment of a company, the CCA learns that 50% of employees work from home using remote access. After reviewing the Access Control policy and audit logs, the CCA is unsure how the system ensures only employees with correct privileges can access CUI. The CCA decides a Test of functionality is required.
Which question is of the LEAST concern to the CCA?
During the assessment of a company, the CCA learns that 50% of employees work from home using remote access. After reviewing the Access Control policy and audit logs, the CCA is unsure how the system ensures only employees with correct privileges can access CUI. The CCA decides a Test of functionality is required.
Which question is of the LEAST concern to the CCA?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題3
A company employs an encrypted VPN to enhance confidentiality over remote connections. The CCA reads a document describing the VPN. It states the VPN allows automated monitoring and control of remote access sessions, helps detect cyberattacks, and supports auditing of remote access to ensure compliance with CMMC requirements.
What document is the CCA MOST LIKELY reviewing to see how these VPNs are controlled and monitored?
A company employs an encrypted VPN to enhance confidentiality over remote connections. The CCA reads a document describing the VPN. It states the VPN allows automated monitoring and control of remote access sessions, helps detect cyberattacks, and supports auditing of remote access to ensure compliance with CMMC requirements.
What document is the CCA MOST LIKELY reviewing to see how these VPNs are controlled and monitored?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題4
When preparing for an assessment, the assessor determines that the client's proprietary data resides within an enclave. However, the assessor is unable to review policies containing proprietary data onsite and plans to have the policies copied on removable media by the client's IT staff, whom they are scheduled to interview.
What should the assessor consider as part of their planning?
When preparing for an assessment, the assessor determines that the client's proprietary data resides within an enclave. However, the assessor is unable to review policies containing proprietary data onsite and plans to have the policies copied on removable media by the client's IT staff, whom they are scheduled to interview.
What should the assessor consider as part of their planning?
正確答案: B
說明:(僅 NewDumps 成員可見)
問題5
An OSC is preparing for assessment. Which item of evidence would show the OSC's efforts to restrict physical access within the OSC's environment?
An OSC is preparing for assessment. Which item of evidence would show the OSC's efforts to restrict physical access within the OSC's environment?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題6
An OSC seeking Level 2 certification wants to develop and launch a website for customers to purchase items online and submit contact forms. The OSC plans to host the web server in their own data center while also maintaining the security of their internal IT environment. Based on this information, what would be the BEST approach?
An OSC seeking Level 2 certification wants to develop and launch a website for customers to purchase items online and submit contact forms. The OSC plans to host the web server in their own data center while also maintaining the security of their internal IT environment. Based on this information, what would be the BEST approach?
正確答案: C
說明:(僅 NewDumps 成員可見)
問題7
The SSP for an OSC undergoing an assessment categorizes a device in the inventory that wirelessly connects to the network. In order to secure the connection of wireless devices that access a system that transmits, stores, or processes CUI, what are the requirements?
The SSP for an OSC undergoing an assessment categorizes a device in the inventory that wirelessly connects to the network. In order to secure the connection of wireless devices that access a system that transmits, stores, or processes CUI, what are the requirements?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題8
An Assessor is examining documents provided by the OSC POC. While reviewing them, the Assessor notes that several of the procedures have very current dates while the bulk do not. What should the Assessor do in order to decide if these new documents are acceptable as evidence?
An Assessor is examining documents provided by the OSC POC. While reviewing them, the Assessor notes that several of the procedures have very current dates while the bulk do not. What should the Assessor do in order to decide if these new documents are acceptable as evidence?
正確答案: A
說明:(僅 NewDumps 成員可見)
問題9
During the Planning Phase of the Assessment Plan, the assessor determines that the Client will likely include sensitive and proprietary CUI. What should the assessor consider as part of their virtual data collection techniques for this information?
During the Planning Phase of the Assessment Plan, the assessor determines that the Client will likely include sensitive and proprietary CUI. What should the assessor consider as part of their virtual data collection techniques for this information?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題10
While examining evidence, a CCA is trying to confirm the claim that the OSC has identified all information system users, processes acting on behalf of users, and all devices.
Which of the following provides the STRONGEST evidence of this practice?
While examining evidence, a CCA is trying to confirm the claim that the OSC has identified all information system users, processes acting on behalf of users, and all devices.
Which of the following provides the STRONGEST evidence of this practice?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題11
An OSC is preparing for an assessment and wants to gather evidence that will be used by the Lead Assessor to determine the scope of the assessment. The OSC currently operates a hybrid network, with part of their infrastructure at their physical location and part of their infrastructure in a cloud environment.
What evidence should the OSC collect that would assist the Lead Assessor in determining cloud and hybrid environment constraints?
An OSC is preparing for an assessment and wants to gather evidence that will be used by the Lead Assessor to determine the scope of the assessment. The OSC currently operates a hybrid network, with part of their infrastructure at their physical location and part of their infrastructure in a cloud environment.
What evidence should the OSC collect that would assist the Lead Assessor in determining cloud and hybrid environment constraints?
正確答案: D
說明:(僅 NewDumps 成員可見)
問題12
During an assessment, the IT security engineers responsible for password policy for the OSC provided documentation that all passwords are protected using a one-way hashing methodology. As a result, which statement is true?
During an assessment, the IT security engineers responsible for password policy for the OSC provided documentation that all passwords are protected using a one-way hashing methodology. As a result, which statement is true?
正確答案: A
說明:(僅 NewDumps 成員可見)
問題13
A Lead Assessor is preparing to conduct a Level 2 Assessment for an OSC. The assessor already determined the assessment scope and systems included. In addition, the assessor requests:
* Results of the most recent OSC self-assessment or any pre-assessments by an RPO,
* The System Security Plan (SSP), and
* A list of all OSC staff who play a role in in-scope procedures.
Based on this information, which item would the assessor MOST LIKELY request when preparing to conduct a Level 2 Assessment?
A Lead Assessor is preparing to conduct a Level 2 Assessment for an OSC. The assessor already determined the assessment scope and systems included. In addition, the assessor requests:
* Results of the most recent OSC self-assessment or any pre-assessments by an RPO,
* The System Security Plan (SSP), and
* A list of all OSC staff who play a role in in-scope procedures.
Based on this information, which item would the assessor MOST LIKELY request when preparing to conduct a Level 2 Assessment?
正確答案: A
說明:(僅 NewDumps 成員可見)