You are assessing Conedge Ltd, a contractor that develops cryptographic algorithms for classified government networks. In reviewing their network architecture documents, you see they have implemented role-based access controls on their workstations using Active Directory group policies. Software developers are assigned to the "Dev_Roles" group which grants access to compile and test code modules. The "Admin_Roles" group with elevated privileges for system administration activities is restricted to the IT staff. However, when you examine the event logs on a developer workstation, you find evidence that a developer was able to enable debugging permissions to access protected kernel memory a privileged function. How should execution of the debugging permission be handled to align with AC.L2-3.1.7 Privileged Functions?
Answer(s): D
Comprehensive and Detailed In-Depth AC.L2-3.1.7 requires "preventing non-privileged users from executing privileged functions and logging such attempts." The developer's access to kernel memory (a privileged function) violates least privilege, and logging to a SIEM (D) ensures visibility and auditability, aligning with the practice. Alerts (A) are supplementary, termination (B) isn't required, and geo-IP blocking (C) is unrelated. The CMMC guide emphasizes logging for accountability.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.7: "Log attempts by non-privileged users to execute privileged functions."NIST SP 800-171A, 3.1.7: "Examine logs for privileged function attempts."
https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf
While reviewing a contractor's Microsoft Active Directory authentication policies, you observe that the account lockout threshold is configured to allow 5 consecutive invalid login attempts before locking the account for 15 minutes. Additionally, the reset account lockout counter is set to 30 seconds after each unsuccessful login attempt. Based on this scenario, which of the following statements are TRUE about the contractor's implementation of CMMC practice AC.L2-3.1.8 Unsuccessful Logon Attempts?
Answer(s): A
Comprehensive and Detailed In-Depth AC.L2-3.1.8 requires "limiting unsuccessful logon attempts" by defining: [a] a threshold, and [b] a lockout duration or delay. The contractor's settings (5 attempts, 15-minute lockout, 30-second reset) meet these objectives, providing reasonable protection against brute-force attacks. While stricter settings (e.g., fewer attempts) could enhance security, CMMC doesn't mandate specific values, only that limits are enforced. This 1-point practice scores Met (+1), making A true. B, C, and D assume inadequacy without evidence of failure.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.8: "Define and enforce [a] number of attempts, [b] lockout duration or delay."DoD Scoring Methodology: "1-point practice: Met = +1."
While examining a contractor's audit and accountability policy, you realize they have documented types of events to be logged and defined content of audit records needed to support monitoring,analysis, investigation, and reporting of unlawful or unauthorized system activities. After the logs are analyzed, the results are fed into a system that automatically generates audit records stored for 30 days. However, mechanisms implementing system audit logging are lacking after several tests because they produce audit logs that are too limited. You find that generated logs cannot be independently used to identify the event they resulted from because the defined content specified therein is too limited. Additionally, you realize the logs are retained for 24 hours before they are automatically deleted. Which of the following is a potential assessment method for AU.L2-3.3.1 System Auditing?
Comprehensive and Detailed In-Depth AU.L2-3.3.1 requires "creating and retaining audit records with sufficient content." Examining procedures (A) verifies if defined content meets requirements, addressing the scenario's deficiency (limited logs). Testing procedures (B) isn't standard, testing configs (C) is secondary, and examining mechanisms (D) isn't a method--testing them is. The CMMC guide lists procedural examination as key.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.1: "Examine procedures addressing audit record generation."NIST SP 800-171A, 3.3.1: "Examine documented processes for content sufficiency."
You are assessing a contractor's implementation for CMMC practice MA.L2-3.7.4 MediaInspection by examining their maintenance records. You realize the maintenance logs identify a repeating problem. A recently installed central server has been experiencing issues affecting the performance of the contractor's information systems. This is confirmed by your interview with the contractor's IT team. You requested to investigate the server, and the IT team agreed. On the server, there is a file named conf.zip that gets your attention. You decide to open the file in an isolated computer for further review. To your surprise, the file is a .exe used when testing the server for data exfiltration.How should this incident be handled?
Answer(s): C
Comprehensive and Detailed In-Depth CMMC practice MA.L2-3.7.4 Media Inspection requires organizations to "inspect media containing diagnostic and test programs prior to maintenance to ensure no malicious code is present and handle incidents appropriately." The discovery of a .exe file used for data exfiltration testing on a production server indicates a potential security incident (malicious or unauthorized code). The practice's intent is to identify and manage such risks, and the CMMC framework mandates handling incidents per the organization's incident response plan (IR.L2-3.6.1), which should include steps like verification, containment, eradication, and reporting.Option C: In accordance with the incident response plan This is the correct approach, as it ensures a structured response (e.g., isolate the server, investigate the .exe's origin, remove it, and report if needed), aligning with CMMC's integrated security processes. Option A: Reporting to the FBI immediately Premature without internal verification and escalation per the IR plan; external reporting may follow but isn't the first step. Option B: Decommissioning the server Drastic and potentially unnecessary without analysis; it disrupts operations and skips investigation.Option D: Sandboxing and continuing Sandboxing is part of analysis, but continuing business as usual ignores the risk of active compromise.Why C?The CMMC guide ties media inspection incidents to the IR process, ensuring a systematic response that balances security and operational needs. The assessor's role is to verify compliance, not dictate actions, but C reflects the required process.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), MA.L2-3.7.4: "Handle identified malicious code in accordance with organizational incident response procedures." CMMC Assessment Guide Level 2 (v2.0), IR.L2-3.6.1: "Establish an operational incident-handling capability to investigate, contain, and recover from incidents." NIST SP 800-171A, 3.7.4: "Examine incident response plans for handling malicious code found during media inspection."
A contractor allows for the use of mobile devices in contract performance. Some employees access designs and specifications classified as CUI on such devices like tablets and smartphones. After assessing AC.L2-3.1.18 Mobile Device Connection, you find that the contractor maintains a meticulous record of mobile devices that connect to its information systems. AC.L2-3.1.19 Encrypt CUI on Mobile requires that the contractor implements measures to encrypt CUI on mobile devices and mobile computing platforms. The contractor uses device-based encryption where all the data on a mobile device is encrypted. Which of the following is a reason why would you recommend container-based over full-device-based encryption?
Comprehensive and Detailed In-Depth AC.L2-3.1.19 requires "encrypting CUI on mobile devices." Full-device encryption secures all data, but container-based encryption (A) offers granularity (protecting only CUI), performance (less overhead), and BYOD compatibility (separating work/personal data), enhancing security and usability. Cost (B) and ease (C) aren't primary drivers, and full-device encryption (D) is compatible with modern OSes, per CMMC discussion.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.19: "Container-based encryption provides granular control, performance, and BYOD support."NIST SP 800-171A, 3.1.19: "Assess encryption methods for effectiveness."
During your review of an OSC's system security control, you focus on CMMC practice SC.L2-3.13.9 Connections Termination. The OSC uses a custom web application for authorized personnel to access CUI remotely. Users log in with usernames and passwords. The application is hosted on a dedicated server within the company's internal network. The server operating system utilizes default settings for connection timeouts. Network security is managed through a central firewall, but no specific rules are configured for terminating inactive connections associated with the CUI access application. Additionally, there is no documented policy or procedure outlining a defined period of inactivity for terminating remote access connections. Interviews with IT personnel reveal that they rely solely on users to remember to log out of the application after completing their work. The scenario mentions that the server utilizes default settings for connection timeouts. What additional approach, besides relying solely on user awareness, could be implemented to achieve connection termination based on inactivity and comply with CMMC practice SC.L2-3.13.9 Connections Termination?
Comprehensive and Detailed In-Depth SC.L2-3.13.9 requires "terminating connections after a defined inactivity period." Modifying application settings to auto-terminate sessions (A) directly enforces this, replacing user reliance with a technical control, per CMMC intent. Monitoring with manual action (B) isn't automatic, OS upgrades (C) don't guarantee compliance, and education (D) supplements, not replaces,enforcement.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), SC.L2-3.13.9: "Implement auto-termination at application level for inactivity."NIST SP 800-171A, 3.13.9: "Test application settings for timeout enforcement."
Mobile devices are increasingly becoming important in many contractors' day-to-day activities. Thus, the contractors must institute measures to ensure they are correctly identified and any connections are authorized, monitored, and logged, especially if the devices or their connections process, store, or transmit CUI. You have been hired to assess a contractor's implementation of CMMC practices, one of which is AC.L2-3.1.18 Mobile Device Connections. To successfully test the access control capabilities authorizing mobile device connections to organizational systems, you must first identify what a mobile device is. Mobile devices connecting to organizational systems must have a device- specific identifier. Which of the following is the main consideration for a contractor when choosing an identifier?
Comprehensive and Detailed In-Depth AC.L2-3.1.18 requires "controlling mobile device connections with device-specific identifiers." The main consideration is consistency and scalability across all devices (A), ensuring uniform management and authorization, per CMMC guidance. User-friendliness (B) is secondary, differentiation (C) is a byproduct of uniqueness, and randomness (D) lacks organizational coherence.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.18: "Use consistent, scalable identifiers for all mobile devices."NIST SP 800-171A, 3.1.18: "Examine identifier consistency across devices."
Assessing a DoD contractor, you observe they have implemented physical security measures to protect their facility housing organizational systems that process or store CUI. The facility has secure locks on all entrances, exits, and windows. Additionally, video surveillance cameras are installed at entry/exit points, and their feeds are monitored by security personnel. Feeds from areas where CUI is processed or stored and meeting rooms where executives meet to discuss things that have to do with CUI and other sensitive matters are segregated and stored on a designated server after monitoring. Walking around the facility, you notice network cables are hanging from the walls. To pass through a door, personnel must swipe their access cards. However, you observe an employee holding the door for others to enter. Although power cables are placed in wiring closets, they aren't locked, and the cabling conduits are damaged. Which of the following is NOT a concern regarding the contractor's implementation of CMMC practice PE.L2-3.10.2 Monitor Facility?
Comprehensive and Detailed In-Depth PE.L2-3.10.2 requires "protecting and monitoring the physical facility and support infrastructure." Video surveillance at entry/exit points (A) is a strength, not a concern, fulfilling monitoring requirements. Unlocked wiring closets (B), exposed network cables (C), and damaged conduits (D) are vulnerabilities risking tampering or unauthorized access to infrastructure supporting CUIsystems, per the CMMC guide.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), PE.L2-3.10.2: "Monitor facility with cameras; protect infrastructure from tampering."NIST SP 800-171A, 3.10.2: "Examine monitoring and protection of physical assets."
Share your comments for Cyber AB CMMC-CCA exam with other users:
this was on the exam as of 1211/2023
great for prep
i think in question 7 the first answer should be power bi portal (not power bi)
on question 10 and so far 2 wrong answers as evident in the included reference link.
wonderful material
i passed!! ...but barely! got 728, but needed 720 to pass. the exam hit me with labs right out of the gate! then it went to multiple choice. protip: study the labs!
correct answer for question 92 is c -aws shield
great !! it is really good
explanations for the answers are to the point.
how can rea next
question: 128 d is the wrong answer...should be c
thanks for az 700 dumps
thank you for this tableau dumps . it will helpfull for tableau certification
good content
just testing if the comments are real
very helpful for exam preparation
question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5
i think the answer to question 42 is b not c
thanks for the dump
fantastic assessments
i find the xengine test engine simulator to be more fun than reading from pdf.
nice document
thank you for making the questions and answers intractive and selectable.
answers are correct?
can i belive this dump
great site to practice for sitecore exam
good for students
nice practice dumps
nokia 4a0-114 dumps
great content and wonderful to have the answers with explanation
for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.
the correct answer for the question 29 is d.
question no 22: correct answers: bc, 1 per session 1 per page 1 per component always
these are pretty useful