Operational controls are:

Security controls for an information system that primarily are implemented and executed by people.

Security controls for an information system thare are implemented and executed by systems

Security controls that primarily are executed by people

Security controls for na information system that primarily are implemented by people and executed by systems.

One key aspects of the CMMC v2.0 program is:

Organizationally-Defined Parameters (ODPs)

Flexible implementation to include a 171 day POA&M remediation phase

During the initial coordination call or virtual meeting the C3PAO should:

Confirm the geographic locations(s) for the Assessment

Attempt to ascertain the general preparedness of the OSC

Confirm the requested timeframes

The Further Discussion section within the CMMC Assessment Guides:

Expands upon the NIST content to provide more information on the practice intent

Contain examples of how the practice must be implemented

Provides prescriptive direction on how to implement the controls

Provides extended reqirements found in other NIST standards thare to to be carried forward into the CMMC

Audit Record reduction is:

A process that manipulates collected audit information and organizes such information in a summary format that is more meaningful to analysts

A process that removes confidential data from collected audit information

A process that inventories collected audit information

A process that performs backups of collected audit information

An inventory of OSC Cybersecurity practices against the CMMC model as part of a "map" or "cross walk."

Does not establish that any or all CMMC practices have been implemented adequately, or sufficiently in accordance with the CMMC standard

Establishes that all CMMC practices that have been implemented adequately, and sufficiently in accordance with the CMMC standard

Establishes that some of the CMMC practices have been implemented adequately and sufficiently in accordance with the NIST standard

Establishes that some of the CMMC practices have been implemented adequately and sufficiently in accordance with the CMMC standard

Which of the following are part of the safeguarding requirements and procedures in FIPS Publication 200?

Provide protection from malicious code at appropriate locations within organizational information systems

Identify, report, and correct information and information system flaws in a timely manner

In accordance with the CAP, when it comes to SC.L2-3.13.11 - CUI Encryption,

If encryption is employed, but is not FIPS validated, 1 points are subtracted from the score of 110; if encryption is not employed, 3 points are subtracted from the score of 110

If encryption is employed, but is not FIPS validated, 3 points are subtracted from the score of 110; if encryption is not employed, 5 points are subtracted from the score of 110

If encryption is employed, but is not FIPS validated, 3 points are subtracted from the score of 110; but if AES encryption is not employed, 5 points are subtracted from the score of 110

A failure to have full compliance results in an automatic CMMC assessment failure

The Lead Assessor is:

The CMMC Certified Assessor who oversees and manages a dedicated CMMC Assessment Team

The most senior representative of a Third-Party Assessment Organization

The individual responsible for reviewing and validating all Assessment packages prior to upload into eMASS

The formally trained individual who is responsible for ensuring Assessment documentation completeness and accuracy

Security requirements not implemented:

Whether a plan of action is in place or not, will be assessed as NOT MET

Can be substituted by a plan of action

Whether a plan of action is in place or not, will be assessed as not implemented

If a plan of action is in place it will be assessed as implemented

Achievable by small, medium and large contractors

Only Level 1 is achievable by small contractors

Achievable by medium and large contractors

Aimed only to large contractors

Which of the following is the best answer for describing Adequate Security:

In accordance with OMB Circular A-130, it's security commensurate with the risk and the magnitude of harm resulting from the loss, misuse, or unauthorized access to or modification of information

In accordance with OMB Circular D-130, it's security capable to mitigate the risk of loss of information

In accordance with OMB Circular C-130, it's security capable to eliminate the risk of loss of information

In accordance with OMB Circular B-130, it's security commensurate with the magnitude of the risk of unauthorized access to information

Which of the following are assessment objectives of Authorized Access Control?

Authorized users are identified

Connections to external systems are identified

The use of external systems is identified

Baselining refers to:

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected

The minimum security practices a company must develop to protect information

Frequently monitoring of systems logs

The standards defined by NIST SP 800-171

Which are the Contractor Requirements for Out-of Scope Assets?

Document the assets in the System Security Plan (SSP)

Assets are required to be physically or logically separated from CUI assets

Document the assets in the network diagram of the CMMC Assessment Scope

The Lead Assessor shall identify methods, techniques, and responsibilities for collecting, managing, and reviewing Evidence, including:

Artifact gathering and availability

The basic and derived security requirements in NIST Special Publication 800-171 Revision 2 provide protection from:

Unauthorized disclosure and unauthorized modification of CUI

Unauthorized modification of CUI

Office of Technology Procurement

Operations Technology and Provisioning

Office of Technology Procurement

CMMC standard, is grounded in the:

National Institute of Standards and Technology (NIST) Special Publication 800-171

National Institute of Standards and Technology (NIST) Special Publication 800-172

The Federal Information Security Modernization Act [FISMA] of 2014 requires

Federal agencies to identify and provide information security protections commensurate with the risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information

CMMC AB to identify and provide information, security protection commensurate with the risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information

Contractors to identify and provide information security protections commensurate with the risk resulting from the unauthorized access, use, disclosure, disruption, modification, or destruction of information

The HQ organization or the Host Unit:

Must have registered with the DoD

Must have registered with the General Services Administration's (GSA) system

Must have registered with the CMMC AB

May contain sensitive or proprietary information

Should not contain sensitive or proprietary information

Should not contain proprietary information

Should not contain public information

Which is the target audience of NIST Special Publication 800-53 Revision 5?

Individuals with system development responsibilities, including mission owners, program managers, system engineers, system security engineers, privacy engineers, hardware and software developers, system integrators, and acquisition or procurement officials

Individuals with logistical or disposition-related responsibilities, including program managers, procurement officials, system integrators, and property managers

Commercial entities, including industry partners, producing component products and systems, creating security and privacy technologies, or providing services or capabilities that support information security or privacy

The CMMC Assessment Readiness Review is a:

Preliminary by formal review conducted by the Lead Assessor

Informal review conducted by the Lead Assessor

Preliminary review conducted by the OSC Assessment Official

Preliminary but formal review conducted by the Cyber AB

Other cybersecurity conformance regimes that may have been implemented by an OSC:

Do not bestow any status or credit towards an OSC's CMMC Assessment or Certification

Provide credit toward an OSC's CMMC Assessment

Provide credit toward an OSC's CMMC Assessment or Certification

Are considered for CMMC Certification purposes

An annual Level 1 self-assessment, with an accompanying senior company official affirmation of compliance in the SPRS, Asserts that a contractor:

Is meeting all the basis safeguarding requirements for FIC specified in FAR Clause 52.204-21

Is meeting all the security requirement specified in NIST 800-172

Is meeting all the security requirement specified in NIST SP 800-171 Rev 2

The Lead Assessor has the primary responsibility for verifying that all planning requirements have been met in constructing the ROM, including:

Identifying and records any facilities to be used

Identifying and documenting all Assessment participants

Providing and recording detailed resource needs and costs

An OSC generally initiates the engagement concerning a prospective CMMC Assessment by:

Contacting the OSC Assessment Official

Secret Private Quiz

Authored by ASHLEY TRIVITT

Other

Professional Development

Used 18+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

When any entity assess compliance with the security requirements of NIST SP 800-171, they must use:

The NIST SP 800-171A procedures to evaluate the effectiveness of the tested controls

The NIST SP 800-88 Revision 1 procedures to evaluate the effectiveness of the tested controls

The NIST SP 800-53B procedures to evaluate the effectiveness of the tested controls

The NIST SP 800-171 Revision 2 procedures to evaluate the effectiveness of the tested controls

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Certified Assessors will review information and evidence to independently verify that:

The contractor is aware of the objectives of the required practices

The contractor meets the stated assessment objectives for all the required practices

The contractor has implemented all the required controls

There is an action plan in place to implement all the required practices

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

PKI stands for:

Public Key Information

Public Key Infrastructure

Performance Key Indicator

Process Key Indicator

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The Property that preserves authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information is called:

Security

Privacy

Integrity

Confidentiality

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The application of an assessment procedure to a security requirement produces:

Assessment findings

All of these

Risk Mitigations

Remediation Plans

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Security functions include:

Employee vetting

Establishing System Accounts

Performance Review

Communication with regulators

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

To document implementation of NIST SP 800-171, the contractor must develop, document, and periodically update a system security plan that describes:

All of these

System environments of operation

How security requirements are implemented

System boundaries

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

ujian anti korupsi

Quiz

•

Professional Development

50 questions

BSA Lifeguard Review

Quiz

•

Professional Development

55 questions

IIMS 2semInternet Fundamentals and Applications Mid term Trial

Quiz

•

Professional Development

50 questions

Python Lists

Quiz

•

Professional Development

50 questions

LCTP AMSHORA - 1 (PU-PK)

Quiz

•

KG - Professional Dev...

50 questions

ETC 602 - SWITCHGEAR

Quiz

•

Professional Development

50 questions

LIFE AND WORKS OF RIZAL - LET Review

Quiz

•

Professional Development

50 questions

SOAL TES KPPS PEMILU 2024 DESA KALIBATUR

Quiz

•

Professional Development

Popular Resources on Wayground

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

10 questions

Probability Practice

Quiz

•

4th Grade

15 questions

Probability on Number LIne

Quiz

•

4th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

$fractions$

22 questions

fractions

Quiz

•

3rd Grade

6 questions

Appropriate Chromebook Usage

Lesson

•

7th Grade

10 questions

Greek Bases tele and phon

Quiz

•

6th - 8th Grade

Discover more resources for Other

20 questions

Black History Month Trivia Game #1

Quiz

•

Professional Development

20 questions

90s Cartoons

Quiz

•

Professional Development

12 questions

Mardi Gras Trivia

Quiz

•

Professional Development

7 questions

Copy of G5_U5_L14_22-23

Lesson

•

KG - Professional Dev...

12 questions

Unit 5: Puerto Rico W1

Quiz

•

Professional Development

42 questions

LOTE_SPN2 5WEEK2 Day 4 We They Actividad 3

Quiz

•

Professional Development

15 questions

Balance Equations Hangers

Quiz

•

Professional Development

31 questions

Servsafe Food Manager Practice Test 2021- Part 1

Quiz

•

9th Grade - Professio...

Secret Private Quiz

When any entity assess compliance with the security requirements of NIST SP 800-171, they must use:

Certified Assessors will review information and evidence to independently verify that:

PKI stands for:

The Property that preserves authorized restrictions on access and disclosure, including means for protecting personal privacy and proprietary information is called:

The application of an assessment procedure to a security requirement produces:

Security functions include:

To document implementation of NIST SP 800-171, the contractor must develop, document, and periodically update a system security plan that describes:

Operational controls are:

External systems include:

Who determines and confirms the estimate of needed interviews, observations, reviews, and related Evidence that is needed for each practice or process that corresponds to the organizational functional areas and process roles is the:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Other