The practice Update Malicious Code Protection means:

Update malicious code protection mechanisms when new vulnerabilities are discovered

Update malicious code protection mechanisms when an intent of attack is detected

Update malicious code protection mechanisms when new releases are available

Which of the following are assessment objectives of Manage Physical Access security requirements?

Physical access devices are managed

Physical access devices are identified

Physical access devices are controlled

The PreAssessment Data Form must be updated whenever any significant change occurs, including:

Any change to the OSC's CMMC Assessment Scope is declared

If/when any significant changes to the framing of the Assessment and the OSC-C3PAO contract occur

C3PAO effects changes to the makeup of its Assessment Team

An external service provider can be within the scope of applicable CMMC practices if it:

ESPs are never considered in-scope for a CMMC assessment

A piece of code intentionally inserted into a software system that will set off a malicious function when specified conditions are met

A virus, worm, Trojan horse, or other code-based entity that infects a host

A person who circumvents security and breaks into a network, a computer, file, etc, usually with malicious intent

Software or firmware intended to perform an unauthorized process that will have adverse impact on the confidentiality, integrity, or availability of a system

Which of the following is the best answer for describing Risk Mitigation?

Prioritizing, evaluating and implementing the appropriate risk-reducing controls/countermeasures recommended from the risk management process

Modify a process to reduce the likelihood of risks

Reducing a risk by eliminating the risk drivers

Reducing a risk by transferring it to a third party

Reviews to corrective actions may be requested:

Within 30 days of termination notice

At any time after termination notice

Within 90 days of termination notice

Within 60 days of termination notice

The CUI program is founded on the prerequisite that:

Only information requiring protection based in a law, Federal regulation, or government-wide policy can qualify as CUI

Only information requiring protection based in a law, Federal regulation, or government-wide policy can qualify as Classified

Only information requiring protection based in law can qualify as CUI

Only information requiring protection based in a law or Federal regulation can qualify as CUI

NIST SP 800-37 Risk Management Framework for Information System and Organizations: A System Life Cycle Approach for Security and Privacy is:

A disciplined, structured, and flexibile process for managing security and privacy risk that includes information security categorization: control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring.

Used to identify, document, and manage organizational assets for sanitization purposes

Essentially the same as the CMMC but CMMC is for Non-Federal Organizations

A disciplined, structured, and flexible process that incorporates the control from FIPS 200 and the NIST SP 800-53 High Baseline

Authenticate or verify the identities of those users, processes of devices is a prerequisite to allowing access to:

Organizational Information Systems

The AC.L1-3.1.2 - Transactional & Function Control practice statement is:

Limit information system access to the types of transactions and functions that authorized users are permitted to execute

Control connections to external systems

Sanitize or destroy information system media

Isolated enduring exceptions encountered during implementation, such as unique equipment or environments:

Must be addressed in action plans

May prevent the implementation of certain security requirements

May help in the implementation to certain security requirements

Must not be considered in the assessment process

Government Property does not include:

Intellectual property or software

When CUI Portion Marking is used, these rules must be followed:

CUI Portion Marking are placed only at the beginning of the portion to which they apply

A CUI Portion Marking are in the front page of the document

CUI Portion Marking are placed at the beginning of the portion to which they apply and must be used throughout the entire document

CUI Portion Marking are placed only at the end of the portion to which they apply

Do not process, store, or transmit FCI

The CMMC framework addresses the need of the DoD to protect its unclassified information during:

The acquisition and sustainment of products and services from the DIB

The acquisition and sustainment of products from the DIB

The acquisition and sustainment of products and services from the contractor

The acquisition of products and services from the DIB

The Further Discussion section within the CMMC ASsessment Guides:

Expands upon the NIST content to provide more information on the practice intent

Provides prescriptive direction on how to implement the controls

Contains examples on how the practice must be implemented

Provides extended requirements found in other NIST standards that are to be carried forward into the CMMC

CMMC Assessment Quality Review Checklist is:

Checklist of items to be verified during the CQAP's review of documentation

Checklist of items to be verified during the Lead Assessor's review of documentaion

Checklist of items to be verified during the Assessment Team's review of documentation

Employing formal sanctions for personnel failing to comply with organizational security policies and procedures is part of:

System and Information Integrity

Which of the following are assessment objectives of Physical protection security requirements?

Authorized individuals allowed physical access are identified

Physical access to organizational systems is limited to authorized individuals

Physical access to equipment is limited to authorized individuals

Domain is defined as:

Grouping of like practices based on the control families set forth in NIST SP 800-171

Each individual practice defined in NIST SP 800-171

Each individual control mandatory for CMMC Level 1

Grouping of controls requested by CMMC Model

Is the executive branch-wide program to standardize CUI handling by all Federal agencies

Is the executive branch-wide program to standardize CUI handling by all contractors

Is the executive branch-wide program to standardize FCI handling by all Federal agencies

Is the executive branch-wide program to standardize PII handling by all Federal agencies

The updated registry of authorized C3PAOs in good standing is maintained:

In the CMMC Marketplace website administered by the Cyber AB

In the CMMC Marketplace website administered by the DoD

In the CMMC Register administered by the DoD

The CMMC Assessment Guides serve as the controlling technical authority for the purpose of:

Assessing the implementation of CMMC practices

Assessing the implementation of NIST requirements

Assessing the implementation of CMMC controls

Monitoring the implementation of CMMC practices

Certified Assessors will review information and evidence to independently verify that:

The contractor meets the stated assessment objectives for all of the required practices

The contractor has implemented all the required controls

There is an action plan in place to implement all the required practices

The contractor is aware of the objectives of the required practices

A set of system resources that operate within the same security domain and that share the protection of a single, common, and continuous security perimeter

An organizational with a defined mission/goal

A set of actions that are accomplished within a practice in order to make it successful

Government Property is:

All property owned or leased by the government

Any property owned by a DoD contractor

All property owned by the government

All property controlled by the government

Any official CMMC Certification Assessment must have a documented and current Assessment Plan, using the required CMMC Assessment plan template or:

A CQAPA equivalent document with the same data

A CQAPO equivalent document with the same data

An OSC equivalent document with the same data

Personnel security screening (vetting) activities:

Involve the evaluation/assessment of individual's conduct, integrity, judgement, loyalty, reliability, and stability to authorize access to organizational systems containing CUI

Is the gathering of background information of a potential or current employee

Is the gathering of background information of a potential employee

Involve the evaluation/assessment of individual's conduct prior to authorizing access to any organizational systems

Separation of duties includes:

Dividing mission functions and system support functions among different individuals or roles

Ensuring that system support functions are conducted by one individual

Ensuring that security personnel administering access controls perform audit functions

The C3PAO Assessment Team shall:

Maintain regular familiarity and currency with the full body of CMMC Assessment doctrine

Maintain regular meetings with the OSC representatives

Maintain regular meetings with the Cyber AB

Propose updates to the CMMC Assessment doctrine

The Blue Team must defend against real or simulated attacks:

Over a significant period of time

In a representative operation context

According to rules established and monitored with the help of a neutral group refereeing the simulation or exercise

Identity is defined as:

The set of attributes values (i.e., characteristics) by which an entity is recognizable and that, within the scope of an identity manager's responsibility, is sufficient to distinguish that entity from any other entity

A common accessible information repository that provides a single (or virtual) consistent source of information about organizational identities

The process of making an identity "known" to the organization as a person, object, or entity that may require access to organizational assets and that may have to be authenticated and authorized to use access privileges

Programs, processes, technologies, and personnel used to create trusted digital identity representations of individuals and non-person entities (NPEs), binding those identities to credentials that may serve as a proxy for the individual or NPE in access transactions, and leveraging the credentials to provide authorized access to an organization's resources

A CCA not acting as the Lead Assessor must:

Shall collaborate and follow the Lead Assessor's guidance

Will be assigned Team Leader duties over all CCPs on the assessment

Must serve as the dedicated scribe for all interviews

Secret Quiz 2

Professional Development

•

50 Qs

Similar activities

Grammar & Vocabulary Quiz

Professional Development

•

50 Qs

SUMMATIVE PROFED5

Professional Development

•

50 Qs

Identify The Species: Owl

KG - Professional Development

•

51 Qs

201-250

Professional Development

•

50 Qs

B1 MIDTERM TEST

Professional Development

•

50 Qs

CHALLP Midterm Part 1

Professional Development

•

55 Qs

EKONOMI MAKRO

University - Professional Development

•

50 Qs

E-QUIZ ON PSYCHOLOGY By LMC HSS Sirkali

12th Grade - Professional Development

•

50 Qs

Secret Quiz 2

Quiz

•

Education

•

Professional Development

•

Practice Problem

•

Easy

ASHLEY TRIVITT

Used 4+ times

FREE Resource

The designation, safeguarding, dissemination, marking, decontrolling, and disposition of CUI/CDI

The safeguarding and disposition of FCI

Create a free account and access millions of resources

Create resources

Host any resource

Get auto-graded reports

Continue with Google

Continue with Email

Continue with Classlink

Continue with Clever

or continue with

Microsoft

Apple

Others

Already have an account?

Similar Resources on Wayground

48 questions

Module A PPB Unit 15- Ancillary Services

Quiz

•

Professional Development

50 questions

LET Reviewer - General Education (1-50)

Quiz

•

KG - Professional Dev...

51 questions

UNIT -1 INTRODUCTION TO DIGITAL ELECTRONICS

Quiz

•

Professional Development

50 questions

Simulasi CAT Panwaslu Kecamatan 2024 - 02

Quiz

•

Professional Development

50 questions

Cerdas Cermat Besama Mama Papa

Quiz

•

Professional Development

50 questions

TOEFL Listening (Post-test)

Quiz

•

9th Grade - Professio...

50 questions

Latihan MOOC

Quiz

•

10th Grade - Professi...

50 questions

Prelims - THE TEACHER AND THE SCHOOL CURRICULUM

Quiz

•

Professional Development

Popular Resources on Wayground

25 questions

Multiplication Facts

Quiz

•

5th Grade

15 questions

4:3 Model Multiplication of Decimals by Whole Numbers

Quiz

•

5th Grade

10 questions

The Best Christmas Pageant Ever Chapters 1 & 2

Quiz

•

4th Grade

12 questions

Unit 4 Review Day

Quiz

•

3rd Grade

20 questions

Christmas Trivia

Quiz

•

6th - 8th Grade

18 questions

Kids Christmas Trivia

Quiz

•

KG - 5th Grade

14 questions

Christmas Trivia

Quiz

•

5th Grade

15 questions

Solving Equations with Variables on Both Sides Review

Quiz

•

8th Grade

Discover more resources for Education

26 questions

Christmas Movie Trivia

Lesson

•

8th Grade - Professio...

20 questions

Disney Characters

Quiz

•

Professional Development

20 questions

Customer Service

Quiz

•

Professional Development

10 questions

Food Idioms

Quiz

•

Professional Development

20 questions

NCCER Power Tools Quiz

Quiz

•

Professional Development

Secret Quiz 2

50 questions

CMMC Level 3 encompasess:

The Lead Assesor is:

Output from system monitoring serves as input to:

To appropriately scope a CMMC Level 1 self assessment the contractor should consider:

The purpose of NIST Special Publication 800-171 Revision 2 is to provide recommended security requirements for protecting the confidentiality of CUI:

The Cybersecurity Maturity Model Certification (CMMC) framework is:

32 CFR 2002 and DoDI 5200.48 establish policy for:

The practice Update Malicious Code Protection means:

Which of the following are assessment objectives of Manage Physical Access security requirements?

Collaborative computing device include:

Create a free account and access millions of resources

Similar Resources on Wayground

Popular Resources on Wayground

Discover more resources for Education