The practice Update Malicious Code Protection means:

Update malicious code protection mechanisms when new vulnerabilities are discovered

Update malicious code protection mechanisms when an intent of attack is detected

Update malicious code protection mechanisms when new releases are available

Which of the following are assessment objectives of Manage Physical Access security requirements?

Physical access devices are managed

Physical access devices are identified

Physical access devices are controlled

The PreAssessment Data Form must be updated whenever any significant change occurs, including:

Any change to the OSC's CMMC Assessment Scope is declared

If/when any significant changes to the framing of the Assessment and the OSC-C3PAO contract occur

C3PAO effects changes to the makeup of its Assessment Team

An external service provider can be within the scope of applicable CMMC practices if it:

ESPs are never considered in-scope for a CMMC assessment

A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met

A virus, worm, Trojan horse, or other code-based entity that infects a host

A person who circumvents security and breaks into a network, a computer, file, etc, usually with malicious intent

Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of a system

Which of the following is the best answer for describing Risk Mitigation?

Prioritizing, evaluating and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process

Modify a process to reduce the likelihood of risks

Reducing a risk by eliminating the risk drivers

Reducing a risk by transferring it to a third party

Reviews to corrective actions may be requested:

Within 30 days of termination notice

At any time after termination notice

Within 90 days of termination notice

Within 60 days of termination notice

The CUI program is founded on the prerequisite that:

Only information requiring protection based in a law, Federal regulation, or government-wide policy can qualify as CUI

Only information requiring protection based in a law, Federal regulation, or government-wide policy can qualify as Classified

Only information requiring protection based in law can qualify as CUI

Only information requiring protection based in a law or Federal regulation can qualify as CUI

NIST SP 800-37 Risk Management Framework for Information System and Organizations: A System Life Cycle Approach for Security and Privacy is:

A disciplined, structured, and flexibile process for managing security and privacy risk that includes information security categorization: control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Used to identify, document, and manage organizational assets for sanitization purposes

Essentially the same as the CMMC but CMMC is for Non-Federal Organizations

A disciplined, structured, and flexible process that incorporates the control from FIPS 200 and the NIST SP 800-53 High Baseline

Authenticate or verify the identities of those users, processes of devices is a prerequisite to allowing access to:

Organizational Information Systems

The AC.L1-3.1.2 - Transactional & Function Control practice statement is:

Limit information system access to the types of transactions and functions that authorized users are permitted to execute

Control connections to external systems

Sanitize or destroy information system media

Isolated enduring exceptions encountered during implementation, such as unique equipment or environments:

Must be addressed in action plans

May prevent the implementation of certain security requirements

May help in the implementation to certain security requirements

Must not be considered in the assessment process

Government Property does not include:

Intellectual property or software

When CUI Portion Marking is used, these rules must be followed:

CUI Portion Marking are placed only at the beginning of the portion to which they apply

A CUI Portion Marking are in the front page of the document

CUI Portion Marking are placed at the beginning of the portion to which they apply and must be used throughout the entire document

CUI Portion Marking are placed only at the end of the portion to which they apply

Do not process, store, or transmit FCI

The CMMC framework addresses the need of the DoD to protect its unclassified information during:

The acquisition and sustainment of products and services from the DIB

The acquisition and sustainment of products from the DIB

The acquisition and sustainment of products and services from the contractor

The acquisition of products and services from the DIB

The Further Discussion section within the CMMC ASsessment Guides:

Expands upon the NIST content to provide more information on the practice intent

Provides prescriptive direction on how to implement the controls

Contains examples on how the practice must be implemented

Provides extended requirements found in other NIST standards that are to be carried forward into the CMMC

CMMC Assessment Quality Review Checklist is:

Checklist of items to be verified during the CQAP's review of documentation

Checklist of items to be verified during the Lead Assessor's review of documentaion

Checklist of items to be verified during the Assessment Team's review of documentation

Employing formal sanctions for personnel failing to comply with organizational security policies and procedures is part of:

System and Information Integrity

Which of the following are assessment objectives of Physical protection security requirements?

Authorized individuals allowed physical access are identified

Physical access to organizational systems is limited to authorized individuals

Physical access to equipment is limited to authorized individuals

Domain is defined as:

Grouping of like practices based on the control families set forth in NIST SP 800-171

Each individual practice defined in NIST SP 800-171

Each individual control mandatory for CMMC Level 1

Grouping of controls requested by CMMC Model

Is the executive branch-wide program to standardize CUI handling by all Federal agencies

Is the executive branch-wide program to standardize CUI handling by all contractors

Is the executive branch-wide program to standardize FCI handling by all Federal agencies

Is the executive branch-wide program to standardize PII handling by all Federal agencies

The updated registry of authorized C3PAOs in good standing is maintained:

In the CMMC Marketplace website administered by the Cyber AB

In the CMMC Marketplace website administered by the DoD

In the CMMC Register administered by the DoD

The CMMC Assessment Guides serve as the controlling technical authority for the purpose of:

Assessing the implementation of CMMC practices

Assessing the implementation of NIST requirements

Assessing the implementation of CMMC controls

Monitoring the implementation of CMMC practices

Certified Assessors will review information and evidence to independently verify that:

The contractor meets the stated assessment objectives for all of the required practices

The contractor has implemented all the required controls

There is an action plan in place to implement all the required practices

The contractor is aware of the objectives of the required practices

A set of system resources that operate within the same security domain and that share the protection of a single, common, and continuous security perimeter

An organizational with a defined mission/goal

A set of actions that are accomplished within a practice in order to make it successful

Government Property is:

All property owned or leased by the government

Any property owned by a DoD contractor

All property owned by the government

All property controlled by the government

Any official CMMC Certification Assessment must have a documented and current Assessment Plan, using the required CMMC Assessment plan template or:

A CQAPA equivalent document with the same data

A CQAPO equivalent document with the same data

An OSC equivalent document with the same data

Personnel security screening (vetting) activities:

Involve the evaluation/assessment of individual's conduct, integrity, judgement, loyalty, reliability, and stability to authorize access to organizational systems containing CUI

Is the gathering of background information of a potential or current employee

Is the gathering of background information of a potential employee

Involve the evaluation/assessment of individual's conduct prior to authorizing access to any organizational systems

Separation of duties includes:

Dividing mission functions and system support functions among different individuals or roles

Ensuring that system support functions are conducted by one individual

Ensuring that security personnel administering access controls perform audit functions

The C3PAO Assessment Team shall:

Maintain regular familiarity and currency with the full body of CMMC Assessment doctrine

Maintain regular meetings with the OSC representatives

Maintain regular meetings with the Cyber AB

Propose updates to the CMMC Assessment doctrine

The Blue Team must defend against real or simulated attacks:

Over a significant period of time

In a representative operation context

According to rules established and monitored with the help of a neutral group refereeing the simulation or exercise

Identity is defined as:

The set of attributes values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager's responsibility, is sufficient to distinguish that entity from any other entity

A common accessible information repository that provides a single (or virtual) consistent source of information about organizational identities

The process of making an identity "known" to the organization as a person, object, or entity that may require access to organizational assets and that may have to be authenticated and authorized to use access privileges

Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), binding those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leveraging the credentials to provide authorized access to an organization's resources

A CCA not acting as the Lead Assessor must:

Shall collaborate and follow the Lead Assessor's guidance

Will be assigned Team Leader duties over all CCPs on the assessment

Must serve as the dedicated scribe for all interviews

Secret Quiz 2

Authored by ASHLEY TRIVITT

Education

Professional Development

Used 4+ times

AI Actions

Add similar questions

Adjust reading levels

Convert to real-world scenario

Translate activity

More...

Content View

Student View

50 questions

Show all answers

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

CMMC Level 3 encompasess:

The security requirements for CUI specified in NIST SP 800-171 Rev 2 per DFARS Clause 252.204-7012

NIST Special Handbook 162

Security requirements specified in NIST SP 800-172

The basic safeguarding requirements for FCI specified in FAR Clause 52.504-21

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The Lead Assesor is:

The formally trained individual who is responsible for ensuring Assessment documentation completeness and accuracy

The individual responsible for reviewing and validating all Assessment packages prior to upload into eMADD

The most senior representative of a Third-Party assessment organization

The CMMC Certified Assessor who oversees and manages a dedicated CMMC Assessment Team

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

Output from system monitoring serves as input to:

Business intelligence

Staff performance management

Management information

Continuous monitoring and incident response programs

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

To appropriately scope a CMMC Level 1 self assessment the contractor should consider:

Customers

Technology

Financial Statements

Annual Turnover

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The purpose of NIST Special Publication 800-171 Revision 2 is to provide recommended security requirements for protecting the confidentiality of CUI:

Where there are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category listed in the CUI Registry

When the CUI is resident in a non-federal system and organization

When the nonfederal organization is not collecting or maintaining information on behalf of a federal agency or using or operating a system on behalf an agency

All of these

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

The Cybersecurity Maturity Model Certification (CMMC) framework is:

The Department of Defense's (DoD) unifying standard for the implementation of privacy measures within the Defense Industrial Base

The Department of Defense's (DoD) unifying standard for the implementation of cybersecurity measures within the Defense Industrial Base

The ISO unifying standard for the implementation of cybersecurity measures within the Defense Industrial Base

The NIST unifying standard for the implementation of cybersecurity measures within the Defense Industrial Base

MULTIPLE CHOICE QUESTION

2 mins • 1 pt

32 CFR 2002 and DoDI 5200.48 establish policy for:

The safeguarding, decontrolling, and disposition of FOUO

The marking, decontrolling, and disposition of SBU

The designation, safeguarding, dissemination, marking, decontrolling, and disposition of CUI/CDI

The safeguarding and disposition of FCI

Access all questions and much more by creating a free account

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

50 questions

Q-550

Quiz

•

Professional Development

50 questions

Q-600

Quiz

•

Professional Development

50 questions

Latihan Evaluasi Akademik Orientasi PPPK

Quiz

•

Professional Development

50 questions

Prepositions

Quiz

•

4th Grade - Professio...

49 questions

Oefententamen Recht

Quiz

•

Professional Development

50 questions

1250

Quiz

•

Professional Development

48 questions

21st Century Literature Summative #1

Quiz

•

Professional Development

50 questions

Q-650

Quiz

•

Professional Development

Popular Resources on Wayground

8 questions

Spartan Way - Classroom Responsible

Quiz

•

9th - 12th Grade

15 questions

Fractions on a Number Line

Quiz

•

3rd Grade

14 questions

Boundaries & Healthy Relationships

Lesson

•

6th - 8th Grade

20 questions

Equivalent Fractions

Quiz

•

3rd Grade

3 questions

Integrity and Your Health

Lesson

•

6th - 8th Grade

25 questions

Multiplication Facts

Quiz

•

5th Grade

9 questions

FOREST Perception

Lesson

•

20 questions

Main Idea and Details

Quiz

•

5th Grade

Discover more resources for Education

15 questions

LOTE_SPN2 5WEEK3 Day 2 Itinerary

Quiz

•

Professional Development

6 questions

Copy of G5_U6_L5_22-23

Lesson

•

KG - Professional Dev...

10 questions

March Quiz

Quiz

•

Professional Development

5 questions

Copy of G5_U6_L8_22-23

Lesson

•

KG - Professional Dev...

10 questions

suffixes FUL OR LESS

Quiz

•

Professional Development

Secret Quiz 2

CMMC Level 3 encompasess:

The Lead Assesor is:

Output from system monitoring serves as input to:

To appropriately scope a CMMC Level 1 self assessment the contractor should consider:

The purpose of NIST Special Publication 800-171 Revision 2 is to provide recommended security requirements for protecting the confidentiality of CUI:

The Cybersecurity Maturity Model Certification (CMMC) framework is:

32 CFR 2002 and DoDI 5200.48 establish policy for:

The practice Update Malicious Code Protection means:

Which of the following are assessment objectives of Manage Physical Access security requirements?

Collaborative computing device include:

Access all questions and much more by creating a free account

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Education