Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. Cyber AB
  3. CMMC-CCA

Cyber AB CMMC-CCA Exam (page: 3)
Cyber AB Certified CMMC Assessor (CCA)
Updated on: 11-Dec-2025

Viewing Page 3 of 42
CMMC-CCA PDF 325 Questions

Any user that accesses CUI on system media should be authorized and have a lawful business purpose.
While assessing a contractor's implementation of MP.L2-3.8.2 ­ Media Access, youexamine the CUI access logs and the role of employees. Something catches your eye where an ID of an employee listed as terminated regularly accesses CUI remotely. Walking into the contractor's facilities, you observe the janitor cleaning an office where documents marked CUI are visible on the table. Interviewing the organization's data custodian, they informed you that a media storage procedure is augmented by a physical protection and access control policy. Based on the scenario and the requirements of CMMC practice MP.L2-3.8.2 ­ Media Access, which of the following actions would be the highest priority recommendation for the contractor?

  1. Conduct additional training for employees on handling CUI materials
  2. Develop and implement a process for timely disabling or revoking access to CUI upon employee termination
  3. Implement a system for logging and monitoring all access attempts to CUI resources
  4. Invest in more sophisticated access control technology for their systems

Answer(s): B

Explanation:

Comprehensive and Detailed In-Depth

CMMC practice MP.L2-3.8.2 ­ Media Access requires organizations to "restrict access to CUI on system media to authorized users." The scenario reveals a critical failure: a terminated employee's ID continues to access CUI remotely, indicating a lack of timely revocation processes. This poses an immediate security risk, as unauthorized access to CUI violates the practice's core intent. Developing and implementing a process to disable access upon termination (B) directly addresses this gap and is the highest priority to ensure compliance and protect CUI. Training (A) is beneficial but doesn't fix the revocation issue, logging (C) is already partially in place and doesn't address termination, and new technology (D) is secondary to procedural fixes. The CMMC guide emphasizes timely access control as critical.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), MP.L2-3.8.2: "Restrict media access to authorized users; ensure processes revoke access when no longer needed."
NIST SP 800-171A, 3.8.2: "Examine processes for removing access upon termination."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



CMMC practice PS.L2-3.9.1 ­ Screen Individuals requires individuals to be screened before authorizing access to organizational systems containing CUI. However, in the assessment you are currently conducting, there is no physical evidence confirming the completion of personnel screens, such as background checks, only affirmations derived from an interview session. In an interview with the HR Manager, they informed you that before an individual is hired, they submit their information through a service that performs criminal and financial checks. How would you score the OSC's implementation of CMMC practice PS.L2-3.9.1 ­ Screen Individuals, objective [a]?

  1. More information is needed
  2. Not Met
  3. Not Applicable
  4. Met

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
PS.L2-3.9.1, objective [a], requires "screening individuals prior to authorizing access to CUI systems." The HR Manager's affirmation suggests a process, but without physical evidence (e.g., screening records), compliance can't be confirmed. More information (A) is needed to verify, per CMMC's evidence-based assessment. Met (D) requires proof, Not Met (B) assumes failure prematurely, and N/A (C) doesn't apply.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), PS.L2-3.9.1: "Examine screening records; interviews support but don't replace evidence."
NIST SP 800-171A, 3.9.1: "Verify with documentation."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



When assessing a contractor's implementation of CMMC practices, you examine its SystemSecurity Plan (SSP) to identify its documented measures for audit reduction and reporting. They have a dedicated section in their SSP addressing the Audit and Accountability requirements. You proceed to interview their information security personnel, who informed you that the contractor has a dedicated Security Operations Center (SOC) and uses Splunk to reduce and report audit logs.
What key features regarding the deployment of Splunk for AU.L2-3.3.6 ­ Reduction & Reporting would you be interested in assessing?

  1. Ensure that Splunk is configured with appropriate RBAC to restrict access to log data, reports, and dashboards, ensuring that only authorized personnel can view or modify audit logs
  2. Ensure Splunk can retain audit records for a protracted amount of time
  3. Ensure that Splunk employs various filter rules for reducing audit logs to eliminate non-essential data and processes to analyze large volumes of log files or audit information, identifying anomalies and summarizing the data in a format more meaningful to analysts, thus generating customized reports
  4. Ensure Splunk can support compliance dashboards that provide real-time visibility into CMMC compliance status

Answer(s): C

Explanation:

Comprehensive and Detailed In-Depth
AU.L2-3.3.6 requires "audit reduction and report generation capabilities." Key features to assess in Splunk are filtering to reduce logs and analysis/reporting (C), directly meeting objectives [a] and [b]. RBAC (A) relates to AU.L2-3.3.8, retention (B) to AU.L2-3.3.2, and dashboards (D) aren't required, per CMMC focus.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.6: "Assess tools for [a] reducing logs via filters, [b] generating reports with analysis."
NIST SP 800-171A, 3.3.6: "Examine reduction and reporting functions."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



CMMC practice MA.L2-3.7.3 ­ Equipment Sanitization requires organizations to sanitize equipment leaving their facilities for off-site maintenance for CUI.
What standard would the OSC use to sanitize various media?

  1. NIST SP 800-53
  2. NIST SP 800-88
  3. NIST SP 800-171
  4. NIST SP 800-171A

Answer(s): B

Explanation:

Comprehensive and Detailed In-Depth

MA.L2-3.7.3 mandates "sanitizing equipment for CUI prior to off-site maintenance."NIST SP 800-88 ­ Guidelines for Media Sanitization(B) provides specific methods (e.g., clearing, purging, destroying) tailored to media types, ensuring CUI is irrecoverable--directly supporting this practice. NIST SP 800- 53 (A) is a broader control framework, NIST SP 800-171 (C) defines CMMC requirements without sanitization details, and NIST SP 800-171A (D) is an assessment guide, not a sanitization standard.
The CMMC guide references NIST SP 800-88 explicitly.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), MA.L2-3.7.3: "Sanitize per NIST SP 800-88 guidelines." NIST SP 800-171A, 3.7.3: "Refer to NIST SP 800-88 for sanitization standards."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



You decide to interview the IT security team to understand if and how a contractor has implemented audit failure alerting. You learn they have deployed AlienVault OSSIM, a feature-rich security information and event management (SIEM) tool. The SIEM tool has been configured to send automatic alerts to system and network administrators if an event affects the audit logging process. Alerts are generated for the defined events that lead to failure in audit logging and can be found in the notification section of the SIEM portal. However, the alerts are sent to the specified personnel 24 hours after the occurrence of an event. As an assessor evaluating the implementation of AU.L2-3.3.4 ­ Audit Failure Alerting, which of the following would be a key consideration regarding theevidence provided by the contractor?

  1. Ensuring the defined alert notification methods (e.g., email, SMS) are secure and encrypted
  2. Verifying that the types of audit logging failures defined cover a comprehensive range of potential scenarios
  3. Determining if the documented personnel roles for alert notification align with the organization's hierarchy
  4. Checking if the alert notification process integrates with third-party monitoring services

Answer(s): B

Explanation:

Comprehensive and Detailed In-Depth
AU.L2-3.3.4 requires "alerting personnel when audit logging fails." A 24-hour delay is concerning for timeliness, but the key evidence consideration is whether defined failure types (B) are comprehensive (e.g., software, hardware, capacity issues), ensuring effective detection. Notification security (A), role alignment (C), and third-party integration (D) are secondary, per CMMC focus on failure coverage.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.4: "Verify that defined failure types cover a comprehensive range."
NIST SP 800-171A, 3.3.4: "Examine failure scenarios for completeness."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



During your review of an OSC's system security control, you focus on CMMC practice SC.L2-3.13.9 ­ Connections Termination. The OSC uses a custom web application for authorized personnel to access CUI remotely. Users log in with usernames and passwords. The application is hosted on a dedicated server within the company's internal network. The server operating system utilizes default settings for connection timeouts. Network security is managed through a central firewall, but no specific rules are configured for terminating inactive connections associated with the CUI access application. Additionally, there is no documented policy or procedure outlining a defined period of inactivity for terminating remote access connections. Interviews with IT personnel reveal that they rely solely on users to remember to log out of the application after completing their work. How could the firewall be configured to help achieve the objectives of CMMC practice SC.L2-3.13.9 ­ Connections Termination, for the remote access application?

  1. Creating firewall rules to identify and terminate connections associated with the CUI access application that have been inactive for a predefined period
  2. Encrypting all traffic between the user device and the server to protect CUI in transit
  3. Implementing intrusion detection and prevention systems (IDS/IPS) to identify and block suspicious activity on the server
  4. Blocking all incoming traffic to the server hosting the CUI access application, except from authorized IP addresses

Answer(s): A

Explanation:

Comprehensive and Detailed In-Depth
SC.L2-3.13.9 requires "terminating connections after a defined period of inactivity." Firewall rules to terminate inactive connections (A) directly enforce this for the CUI application, meeting the practice's intent. Encryption (B) protects transit data (SC.L2-3.13.8), IDS/IPS (C) detects threats (SI.L2- 3.14.6), and IP blocking (D) limits access (AC.L2-3.1.2)--none address inactivity termination. The CMMC guide supports firewall-based timeouts.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), SC.L2-3.13.9: "Configure firewalls for inactivity timeouts." NIST SP 800-171A, 3.13.9: "Examine firewall rules for termination."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



When assessing a contractor's implementation of CMMC practices, you examine its System Security Plan (SSP) to identify its documented measures for audit reduction and reporting. They have a dedicated section in their SSP addressing the Audit and Accountability requirements. You proceed to interview their information security personnel, who informed you that the contractor has a dedicated Security Operations Center (SOC) and uses Splunk to reduce and report audit logs.
What key features regarding the deployment of Splunk for AU.L2-3.3.6 ­ Reduction & Reporting would you be interested in assessing?

  1. Ensure that Splunk is configured with appropriate RBAC to restrict access to log data, reports,and dashboards, ensuring that only authorized personnel can view or modify audit logs
  2. Ensure Splunk can retain audit records for a protracted amount of time
  3. Ensure that Splunk employs various filter rules for reducing audit logs to eliminate non-essential data and processes to analyze large volumes of log files or audit information, identifying anomalies and summarizing the data in a format more meaningful to analysts, thus generating customized reports
  4. Ensure Splunk can support compliance dashboards that provide real-time visibility into CMMC compliance status

Answer(s): C

Explanation:

Comprehensive and Detailed In-Depth
CMMC practice AU.L2-3.3.6 ­ Reduction & Reporting requires organizations to "provide audit reduction and report generation capabilities to support after-the-fact investigations without altering original records." The objectives are: [a] reducing audit records by filtering non-essential data, and [b] generating reports for analysis. Splunk, a SIEM tool, is deployed, and the assessor must evaluate its alignment with these goals.
Option C: Filter rules for reduction and analysis/reporting processes­ This directly addresses the practice's core requirements: reducing logs (e.g., filtering noise) and generating meaningful reports (e.g., anomaly detection, summaries). These features ensure Splunk meets AU.L2-3.3.6's intent, making it the key focus.
Option A: RBAC for access restriction­ Relevant to AU.L2-3.3.8 (Audit Protection), not reduction/reporting; it's a security control, not a capability of this practice. Option B: Retention time­ Pertains to AU.L2-3.3.2 (Audit Retention), not reduction/reporting functionality.
Option D: Compliance dashboards­ Useful but not required by AU.L2-3.3.6; the focus is on reduction and reporting, not real-time compliance visibility.
Why C?The CMMC guide specifies assessing tools for reduction (filtering) and reporting (analysis/report generation), and Splunk's effectiveness hinges on these features, per the scenario's SOC context.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.6: "Examine tools for capabilities to [a] reduce audit records by filtering non-essential data, and [b] generate reports identifying anomalies and summarizing data."
NIST SP 800-171A, 3.3.6: "Assess reduction and reporting functions, such as filtering and customized report generation."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



Understanding that changes are critical in any production environment, a DoD contractor has instituted measures to manage them. All software changes can only be implemented by defined individuals. These changes must have gone through a rigorous change approval process and must be implemented from a secure server located in the company's headquarters. The personnel affecting the changes access the server room using access cards and an iris scan. To log into the server, they must enter their passwords to receive a one-time password (OTP), which must be keyed in within 2 minutes. After any changes are made, the chairperson of the contractor's Change Review Board and the CISO get a notification to approve the changes before they take effect. To determine if the contractor has implemented enough measures to meet CM.L2-3.4.5 ­ Access Restrictions for Change, you need to examine all the following EXCEPT?

  1. Procedures addressing access restrictions for changes to the system
  2. Plan of Action and Milestones
  3. Contractor's configuration management policy
  4. System architecture and configuration documentation

Answer(s): B

Explanation:

Comprehensive and Detailed In-Depth
CM.L2-3.4.5 requires "defining, documenting, approving, and enforcing access restrictions for system changes." Procedures (A), policy (C), and configs (D) provide direct evidence of these controls. A POA&M (B) documents deficiencies, not implementation, and isn't listed as an assessment object in the CMMC guide.
Extract from Official CMMC Documentation:
CMMC Assessment Guide Level 2 (v2.0), CM.L2-3.4.5: "Examine procedures, policy, and configs; POA&M not included."
NIST SP 800-171A, 3.4.5: "Focus on access restriction artifacts."


Reference:

https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf



Viewing Page 3 of 42



Share your comments for Cyber AB CMMC-CCA exam with other users:

Annie 6/7/2023 3:46:00 AM

i need this exam.. please upload these are really helpful
PAKISTAN


Shubhra Rathi 8/26/2023 1:08:00 PM

please upload the oracle 1z0-1059-22 dumps
Anonymous


Shiji 10/15/2023 1:34:00 PM

very good questions
INDIA


Rita Rony 11/27/2023 1:36:00 PM

nice, first step to exams
Anonymous


Aloke Paul 9/11/2023 6:53:00 AM

is this valid for chfiv9 as well... as i am reker 3rd time...
CHINA


Calbert Francis 1/15/2024 8:19:00 PM

great exam for people taking 220-1101
UNITED STATES


Ayushi Baria 11/7/2023 7:44:00 AM

this is very helpfull for me
Anonymous


alma 8/25/2023 1:20:00 PM

just started preparing for the exam
UNITED KINGDOM


CW 7/10/2023 6:46:00 PM

these are the type of questions i need.
UNITED STATES


Nobody 8/30/2023 9:54:00 PM

does this actually work? are they the exam questions and answers word for word?
Anonymous


Salah 7/23/2023 9:46:00 AM

thanks for providing these questions
Anonymous


Ritu 9/15/2023 5:55:00 AM

interesting
CANADA


Ron 5/30/2023 8:33:00 AM

these dumps are pretty good.
Anonymous


Sowl 8/10/2023 6:22:00 PM

good questions
UNITED STATES


Blessious Phiri 8/15/2023 2:02:00 PM

dbua is used for upgrading oracle database
Anonymous


Richard 10/24/2023 6:12:00 AM

i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.
Anonymous


Janjua 5/22/2023 3:31:00 PM

please upload latest ibm ace c1000-056 dumps
GERMANY


Matt 12/30/2023 11:18:00 AM

if only explanations were provided...
FRANCE


Rasha 6/29/2023 8:23:00 PM

yes .. i need the dump if you can help me
Anonymous


Anonymous 7/25/2023 8:05:00 AM

good morning, could you please upload this exam again?
SPAIN


AJ 9/24/2023 9:32:00 AM

hi please upload sre foundation and practitioner exam questions
Anonymous


peter parker 8/10/2023 10:59:00 AM

the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?
Anonymous


Berihun 7/13/2023 7:29:00 AM

all questions are so important and covers all ccna modules
Anonymous


nspk 1/19/2024 12:53:00 AM

q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)
Anonymous


Muhammad Rawish Siddiqui 12/2/2023 5:28:00 AM

"cost of replacing data if it were lost" is also correct.
SAUDI ARABIA


Anonymous 7/14/2023 3:17:00 AM

pls upload the questions
UNITED STATES


Mukesh 7/10/2023 4:14:00 PM

good questions
UNITED KINGDOM


Elie Abou Chrouch 12/11/2023 3:38:00 AM

question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
Anonymous


Damien 9/23/2023 8:37:00 AM

i need this exam pls
Anonymous


Nani 9/10/2023 12:02:00 PM

its required for me, please make it enable to access. thanks
UNITED STATES


ethiopia 8/2/2023 2:18:00 AM

seems good..
ETHIOPIA


whoAreWeReally 12/19/2023 8:29:00 PM

took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
EUROPEAN UNION


vs 9/2/2023 12:19:00 PM

no comments
Anonymous


john adenu 11/14/2023 11:02:00 AM

nice questions bring out the best in you.
Anonymous