Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Cyber AB
  3. CMMC-CCA

Cyber AB CMMC-CCA Exam (page: 1)
Cyber AB Certified CMMC Assessor (CCA)
Updated on: 11-Dec-2025

Viewing Page 1 of 42
CMMC-CCA PDF 325 Questions

You are assessing Conedge Ltd, a contractor that develops cryptographic algorithms for classified government networks. In reviewing their network architecture documents, you see they have implemented role-based access controls on their workstations using Active Directory group policies. Software developers are assigned to the "Dev_Roles" group which grants access to compile and test code modules. The "Admin_Roles" group with elevated privileges for system administration activities is restricted to the IT staff. However, when you examine the event logs on a developer workstation, you find evidence that a developer was able to enable debugging permissions to access protected kernel memory ­ a privileged function. How should execution of the debugging permission be handled to align with AC.L2-3.1.7 ­ Privileged Functions?

  1. Require it to generate an email alert
  2. Perform automatic termination of the action
  3. Implement geo-IP blocking on the workstation
  4. Ensure it is logged to the central SIEM system

Answer(s): D

Explanation:

Comprehensive and Detailed In-Depth
AC.L2-3.1.7 requires "preventing non-privileged users from executing privileged functions and logging such attempts." The developer's access to kernel memory (a privileged function) violates least privilege, and logging to a SIEM (D) ensures visibility and auditability, aligning with the practice. Alerts (A) are supplementary, termination (B) isn't required, and geo-IP blocking (C) is unrelated. The CMMC guide emphasizes logging for accountability.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.7: "Log attempts by non-privileged users to execute privileged functions."
NIST SP 800-171A, 3.1.7: "Examine logs for privileged function attempts."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



While reviewing a contractor's Microsoft Active Directory authentication policies, you observe that the account lockout threshold is configured to allow 5 consecutive invalid login attempts before locking the account for 15 minutes. Additionally, the reset account lockout counter is set to 30 seconds after each unsuccessful login attempt. Based on this scenario, which of the following statements are TRUE about the contractor's implementation of CMMC practice AC.L2-3.1.8 ­ Unsuccessful Logon Attempts?

  1. The contractor has successfully implemented practice AC.L2-3.1.8 ­ Unsuccessful Logon Attempts warranting a score of MET
  2. The contractor's approach does not provide sufficient protection against unauthorized access attempts
  3. Based on the current implementation, CMMC practice AL2-3.1.8 cannot be scored as MET
  4. The contractor's approach does not adequately address the required assessment objectives

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
AC.L2-3.1.8 requires "limiting unsuccessful logon attempts" by defining: [a] a threshold, and [b] a lockout duration or delay. The contractor's settings (5 attempts, 15-minute lockout, 30-second reset) meet these objectives, providing reasonable protection against brute-force attacks.
While stricter settings (e.g., fewer attempts) could enhance security, CMMC doesn't mandate specific values, only that limits are enforced. This 1-point practice scores Met (+1), making A true. B, C, and D assume inadequacy without evidence of failure.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.8: "Define and enforce [a] number of attempts, [b] lockout duration or delay."
DoD Scoring Methodology: "1-point practice: Met = +1."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



While examining a contractor's audit and accountability policy, you realize they have documented types of events to be logged and defined content of audit records needed to support monitoring,analysis, investigation, and reporting of unlawful or unauthorized system activities. After the logs are analyzed, the results are fed into a system that automatically generates audit records stored for 30 days. However, mechanisms implementing system audit logging are lacking after several tests because they produce audit logs that are too limited. You find that generated logs cannot be independently used to identify the event they resulted from because the defined content specified therein is too limited. Additionally, you realize the logs are retained for 24 hours before they are automatically deleted.
Which of the following is a potential assessment method for AU.L2-3.3.1 ­ System Auditing?

  1. Examine procedures addressing audit record generation
  2. Testing procedures addressing control of audit records
  3. Testing the system configuration settings and associated documentation
  4. Examining the mechanisms for implementing system audit logging

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
AU.L2-3.3.1 requires "creating and retaining audit records with sufficient content." Examining procedures (A) verifies if defined content meets requirements, addressing the scenario's deficiency (limited logs). Testing procedures (B) isn't standard, testing configs (C) is secondary, and examining mechanisms (D) isn't a method--testing them is. The CMMC guide lists procedural examination as key.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.1: "Examine procedures addressing audit record generation."
NIST SP 800-171A, 3.3.1: "Examine documented processes for content sufficiency."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



You are assessing a contractor's implementation for CMMC practice MA.L2-3.7.4 ­ MediaInspection by examining their maintenance records. You realize the maintenance logs identify a repeating problem. A recently installed central server has been experiencing issues affecting the performance of the contractor's information systems. This is confirmed by your interview with the contractor's IT team. You requested to investigate the server, and the IT team agreed. On the server, there is a file named conf.zip that gets your attention. You decide to open the file in an isolated computer for further review. To your surprise, the file is a .exe used when testing the server for data exfiltration.
How should this incident be handled?

  1. By immediately reporting it to the FBI's Cyber Division
  2. Decommissioning the server and installing a new one
  3. In accordance with the incident response plan
  4. By sandboxing the malicious code and continuing with business as usual

Answer(s): C

Explanation:

Comprehensive and Detailed In-Depth
CMMC practice MA.L2-3.7.4 ­ Media Inspection requires organizations to "inspect media containing diagnostic and test programs prior to maintenance to ensure no malicious code is present and handle incidents appropriately." The discovery of a .exe file used for data exfiltration testing on a production server indicates a potential security incident (malicious or unauthorized code). The practice's intent is to identify and manage such risks, and the CMMC framework mandates handling incidents per the organization's incident response plan (IR.L2-3.6.1), which should include steps like verification, containment, eradication, and reporting.
Option C: In accordance with the incident response plan­ This is the correct approach, as it ensures a structured response (e.g., isolate the server, investigate the .exe's origin, remove it, and report if needed), aligning with CMMC's integrated security processes. Option A: Reporting to the FBI immediately­ Premature without internal verification and escalation per the IR plan; external reporting may follow but isn't the first step. Option B: Decommissioning the server­ Drastic and potentially unnecessary without analysis; it disrupts operations and skips investigation.
Option D: Sandboxing and continuing­ Sandboxing is part of analysis, but continuing business as usual ignores the risk of active compromise.
Why C?The CMMC guide ties media inspection incidents to the IR process, ensuring a systematic response that balances security and operational needs. The assessor's role is to verify compliance, not dictate actions, but C reflects the required process.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), MA.L2-3.7.4: "Handle identified malicious code in accordance with organizational incident response procedures." CMMC Assessment Guide Level 2 (v2.0), IR.L2-3.6.1: "Establish an operational incident-handling capability to investigate, contain, and recover from incidents." NIST SP 800-171A, 3.7.4: "Examine incident response plans for handling malicious code found during media inspection."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



A contractor allows for the use of mobile devices in contract performance. Some employees access designs and specifications classified as CUI on such devices like tablets and smartphones. After assessing AC.L2-3.1.18 ­ Mobile Device Connection, you find that the contractor maintains a meticulous record of mobile devices that connect to its information systems. AC.L2-3.1.19 ­ Encrypt CUI on Mobile requires that the contractor implements measures to encrypt CUI on mobile devices and mobile computing platforms. The contractor uses device-based encryption where all the data on a mobile device is encrypted.
Which of the following is a reason why would you recommend container-based over full-device-based encryption?

  1. Container-based encryption offers granular control over sensitive data, improves device performance by encrypting selectively, and enhances security in Bring-Your-Own-Device (BYOD) environments
  2. Container-based encryption is more cost-effective
  3. It is more user-friendly and easier to deploy on a large scale
  4. Full-device encryption is not compatible with modern mobile operating systems

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
AC.L2-3.1.19 requires "encrypting CUI on mobile devices." Full-device encryption secures all data, but container-based encryption (A) offers granularity (protecting only CUI), performance (less overhead), and BYOD compatibility (separating work/personal data), enhancing security and usability. Cost (B) and ease (C) aren't primary drivers, and full-device encryption (D) is compatible with modern OSes, per CMMC discussion.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.19: "Container-based encryption provides granular control, performance, and BYOD support."
NIST SP 800-171A, 3.1.19: "Assess encryption methods for effectiveness."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



During your review of an OSC's system security control, you focus on CMMC practice SC.L2-3.13.9 ­ Connections Termination. The OSC uses a custom web application for authorized personnel to access CUI remotely. Users log in with usernames and passwords. The application is hosted on a dedicated server within the company's internal network. The server operating system utilizes default settings for connection timeouts. Network security is managed through a central firewall, but no specific rules are configured for terminating inactive connections associated with the CUI access application. Additionally, there is no documented policy or procedure outlining a defined period of inactivity for terminating remote access connections. Interviews with IT personnel reveal that they rely solely on users to remember to log out of the application after completing their work. The scenario mentions that the server utilizes default settings for connection timeouts.
What additional approach, besides relying solely on user awareness, could be implemented to achieve connection termination based on inactivity and comply with CMMC practice SC.L2-3.13.9 ­ Connections Termination?

  1. Modify the server-side application settings to automatically terminate inactive user sessions after a defined period
  2. Implement a centralized inactivity monitoring tool to identify inactive connections across the network and notify administrators for manual termination
  3. Upgrade the server operating system to the latest version, as newer versions may have stricter default timeouts for idle connections
  4. Educate users about the importance of logging out and the risks associated with leaving sessions open

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
SC.L2-3.13.9 requires "terminating connections after a defined inactivity period." Modifying application settings to auto-terminate sessions (A) directly enforces this, replacing user reliance with a technical control, per CMMC intent. Monitoring with manual action (B) isn't automatic, OS upgrades (C) don't guarantee compliance, and education (D) supplements, not replaces,enforcement.
Extract from Official CMMC Documentation:

CMMC Assessment Guide Level 2 (v2.0), SC.L2-3.13.9: "Implement auto-termination at application level for inactivity."
NIST SP 800-171A, 3.13.9: "Test application settings for timeout enforcement."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



Mobile devices are increasingly becoming important in many contractors' day-to-day activities. Thus, the contractors must institute measures to ensure they are correctly identified and any connections are authorized, monitored, and logged, especially if the devices or their connections process, store, or transmit CUI. You have been hired to assess a contractor's implementation of CMMC practices, one of which is AC.L2-3.1.18 ­ Mobile Device Connections. To successfully test the access control capabilities authorizing mobile device connections to organizational systems, you must first identify what a mobile device is. Mobile devices connecting to organizational systems must have a device- specific identifier.
Which of the following is the main consideration for a contractor when choosing an identifier?

  1. Choosing an identifier that can accommodate all devices and be used consistently within the organization
  2. Prioritize using identifiers that are easy to remember and user-friendly
  3. The identifier must be easily differentiable from one device to another
  4. Use random identifiers to identify mobile devices on the network easily

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
AC.L2-3.1.18 requires "controlling mobile device connections with device-specific identifiers." The main consideration is consistency and scalability across all devices (A), ensuring uniform management and authorization, per CMMC guidance. User-friendliness (B) is secondary, differentiation (C) is a byproduct of uniqueness, and randomness (D) lacks organizational coherence.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AC.L2-3.1.18: "Use consistent, scalable identifiers for all mobile devices."
NIST SP 800-171A, 3.1.18: "Examine identifier consistency across devices."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



Assessing a DoD contractor, you observe they have implemented physical security measures to protect their facility housing organizational systems that process or store CUI. The facility has secure locks on all entrances, exits, and windows. Additionally, video surveillance cameras are installed at entry/exit points, and their feeds are monitored by security personnel. Feeds from areas where CUI is processed or stored and meeting rooms where executives meet to discuss things that have to do with CUI and other sensitive matters are segregated and stored on a designated server after monitoring. Walking around the facility, you notice network cables are hanging from the walls. To pass through a door, personnel must swipe their access cards. However, you observe an employee holding the door for others to enter. Although power cables are placed in wiring closets, they aren't locked, and the cabling conduits are damaged.
Which of the following is NOT a concern regarding the contractor's implementation of CMMC practice PE.L2-3.10.2 ­ Monitor Facility?

  1. Video surveillance monitoring at entry/exit points
  2. Unlocked wiring closets
  3. Network cables hanging from the walls
  4. Damaged cable conduits

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
PE.L2-3.10.2 requires "protecting and monitoring the physical facility and support infrastructure." Video surveillance at entry/exit points (A) is a strength, not a concern, fulfilling monitoring requirements. Unlocked wiring closets (B), exposed network cables (C), and damaged conduits (D) are vulnerabilities risking tampering or unauthorized access to infrastructure supporting CUIsystems, per the CMMC guide.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), PE.L2-3.10.2: "Monitor facility with cameras; protect infrastructure from tampering."
NIST SP 800-171A, 3.10.2: "Examine monitoring and protection of physical assets."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



Viewing Page 1 of 42



Share your comments for Cyber AB CMMC-CCA exam with other users:

anon 10/15/2023 12:21:00 PM

q55- the ridac workflow can be modified using flow designer, correct answer is d not a
UNITED STATES


NanoTek3 6/13/2022 10:44:00 PM

by far this is the most accurate exam dumps i have ever purchased. all questions are in the exam. i saw almost 90% of the questions word by word.
UNITED STATES


eriy 11/9/2023 5:12:00 AM

i cleared the az-104 exam by scoring 930/1000 on the exam. it was all possible due to this platform as it provides premium quality service. thank you!
UNITED STATES


Muhammad Rawish Siddiqui 12/8/2023 8:12:00 PM

question # 232: accessibility, privacy, and innovation are not data quality dimensions.
SAUDI ARABIA


Venkat 12/27/2023 9:04:00 AM

looks wrong answer for 443 question, please check and update
Anonymous


Varun 10/29/2023 9:11:00 PM

great question
Anonymous


Doc 10/29/2023 9:36:00 PM

question: a user wants to start a recruiting posting job posting. what must occur before the posting process can begin? 3 ans: comment- option e is incorrect reason: as part of enablement steps, sap recommends that to be able to post jobs to a job board, a user need to have the correct permission and secondly, be associated with one posting profile at minimum
UNITED KINGDOM


It‘s not A 9/17/2023 5:31:00 PM

answer to question 72 is d [sys_user_role]
Anonymous


indira m 8/14/2023 12:15:00 PM

please provide the pdf
UNITED STATES


ribrahim 8/1/2023 6:05:00 AM

hey guys, just to let you all know that i cleared my 312-38 today within 1 hr with 100 questions and passed. thank you so much brain-dumps.net all the questions that ive studied in this dump came out exactly the same word for word "verbatim". you rock brain-dumps.net!!! section name total score gained score network perimeter protection 16 11 incident response 10 8 enterprise virtual, cloud, and wireless network protection 12 8 application and data protection 13 10 network défense management 10 9 endpoint protection 15 12 incident d
SINGAPORE


Andrew 8/23/2023 6:02:00 PM

very helpful
Anonymous


latha 9/7/2023 8:14:00 AM

useful questions
GERMANY


ibrahim 11/9/2023 7:57:00 AM

page :20 https://exam-dumps.com/snowflake/free-cof-c02-braindumps.html?p=20#collapse_453 q 74: true or false: pipes can be suspended and resumed. true. desc.: pausing or resuming pipes in addition to the pipe owner, a role that has the following minimum permissions can pause or resume the pipe https://docs.snowflake.com/en/user-guide/data-load-snowpipe-intro
FINLAND


Franklin Allagoa 7/5/2023 5:16:00 AM

i want hcia exam dumps
Anonymous


SSA 12/24/2023 1:18:00 PM

good training
Anonymous


BK 8/11/2023 12:23:00 PM

very useful
INDIA


Deepika Narayanan 7/13/2023 11:05:00 PM

yes need this exam dumps
Anonymous


Blessious Phiri 8/15/2023 3:31:00 PM

these questions are a great eye opener
Anonymous


Jagdesh 9/8/2023 8:17:00 AM

thank you for providing these questions and answers. they helped me pass my exam. you guys are great.
CANADA


TS 7/18/2023 3:32:00 PM

good knowledge
Anonymous


Asad Khan 11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.
Anonymous


Raj 9/12/2023 3:49:00 PM

can you please upload the dump again
UNITED STATES


Christian Klein 6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?
UNITED STATES


anonymous 1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
UNITED STATES


NSPK 1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
Anonymous


mohamed abdo 9/1/2023 4:59:00 AM

very useful
Anonymous


Tom 3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
UNITED KINGDOM


Edrick GOP 10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.
Anonymous


anonymous 8/10/2023 2:28:00 AM

hi please upload this
Anonymous


Bakir 7/6/2023 7:24:00 AM

please upload it
UNITED KINGDOM


Aman 6/18/2023 1:27:00 PM

really need this dump. can you please help.
UNITED KINGDOM


Neela Para 1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.
NEW ZEALAND


Karan Patel 8/15/2023 12:51:00 AM

yes, can you please upload the exam?
UNITED STATES


NISHAD 11/7/2023 11:28:00 AM

how many questions are there in these dumps?
UNITED STATES