Any user that accesses CUI on system media should be authorized and have a lawful business purpose. While assessing a contractor's implementation of MP.L2-3.8.2 Media Access, youexamine the CUI access logs and the role of employees. Something catches your eye where an ID of an employee listed as terminated regularly accesses CUI remotely. Walking into the contractor's facilities, you observe the janitor cleaning an office where documents marked CUI are visible on the table. Interviewing the organization's data custodian, they informed you that a media storage procedure is augmented by a physical protection and access control policy. Based on the scenario and the requirements of CMMC practice MP.L2-3.8.2 Media Access, which of the following actions would be the highest priority recommendation for the contractor?
Answer(s): B
Comprehensive and Detailed In-Depth CMMC practice MP.L2-3.8.2 Media Access requires organizations to "restrict access to CUI on system media to authorized users." The scenario reveals a critical failure: a terminated employee's ID continues to access CUI remotely, indicating a lack of timely revocation processes. This poses an immediate security risk, as unauthorized access to CUI violates the practice's core intent. Developing and implementing a process to disable access upon termination (B) directly addresses this gap and is the highest priority to ensure compliance and protect CUI. Training (A) is beneficial but doesn't fix the revocation issue, logging (C) is already partially in place and doesn't address termination, and new technology (D) is secondary to procedural fixes. The CMMC guide emphasizes timely access control as critical.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), MP.L2-3.8.2: "Restrict media access to authorized users; ensure processes revoke access when no longer needed."NIST SP 800-171A, 3.8.2: "Examine processes for removing access upon termination."
https://dodcio.defense.gov/Portals/0/Documents/CMMC/AG_Level2_MasterV2.0_FINAL_202112016_508.pdf
CMMC practice PS.L2-3.9.1 Screen Individuals requires individuals to be screened before authorizing access to organizational systems containing CUI. However, in the assessment you are currently conducting, there is no physical evidence confirming the completion of personnel screens, such as background checks, only affirmations derived from an interview session. In an interview with the HR Manager, they informed you that before an individual is hired, they submit their information through a service that performs criminal and financial checks. How would you score the OSC's implementation of CMMC practice PS.L2-3.9.1 Screen Individuals, objective [a]?
Answer(s): A
Comprehensive and Detailed In-Depth PS.L2-3.9.1, objective [a], requires "screening individuals prior to authorizing access to CUI systems." The HR Manager's affirmation suggests a process, but without physical evidence (e.g., screening records), compliance can't be confirmed. More information (A) is needed to verify, per CMMC's evidence-based assessment. Met (D) requires proof, Not Met (B) assumes failure prematurely, and N/A (C) doesn't apply.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), PS.L2-3.9.1: "Examine screening records; interviews support but don't replace evidence."NIST SP 800-171A, 3.9.1: "Verify with documentation."
When assessing a contractor's implementation of CMMC practices, you examine its SystemSecurity Plan (SSP) to identify its documented measures for audit reduction and reporting. They have a dedicated section in their SSP addressing the Audit and Accountability requirements. You proceed to interview their information security personnel, who informed you that the contractor has a dedicated Security Operations Center (SOC) and uses Splunk to reduce and report audit logs. What key features regarding the deployment of Splunk for AU.L2-3.3.6 Reduction & Reporting would you be interested in assessing?
Answer(s): C
Comprehensive and Detailed In-Depth AU.L2-3.3.6 requires "audit reduction and report generation capabilities." Key features to assess in Splunk are filtering to reduce logs and analysis/reporting (C), directly meeting objectives [a] and [b]. RBAC (A) relates to AU.L2-3.3.8, retention (B) to AU.L2-3.3.2, and dashboards (D) aren't required, per CMMC focus.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.6: "Assess tools for [a] reducing logs via filters, [b] generating reports with analysis."NIST SP 800-171A, 3.3.6: "Examine reduction and reporting functions."
CMMC practice MA.L2-3.7.3 Equipment Sanitization requires organizations to sanitize equipment leaving their facilities for off-site maintenance for CUI. What standard would the OSC use to sanitize various media?
Comprehensive and Detailed In-Depth MA.L2-3.7.3 mandates "sanitizing equipment for CUI prior to off-site maintenance."NIST SP 800-88 Guidelines for Media Sanitization(B) provides specific methods (e.g., clearing, purging, destroying) tailored to media types, ensuring CUI is irrecoverable--directly supporting this practice. NIST SP 800- 53 (A) is a broader control framework, NIST SP 800-171 (C) defines CMMC requirements without sanitization details, and NIST SP 800-171A (D) is an assessment guide, not a sanitization standard.The CMMC guide references NIST SP 800-88 explicitly.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), MA.L2-3.7.3: "Sanitize per NIST SP 800-88 guidelines." NIST SP 800-171A, 3.7.3: "Refer to NIST SP 800-88 for sanitization standards."
You decide to interview the IT security team to understand if and how a contractor has implemented audit failure alerting. You learn they have deployed AlienVault OSSIM, a feature-rich security information and event management (SIEM) tool. The SIEM tool has been configured to send automatic alerts to system and network administrators if an event affects the audit logging process. Alerts are generated for the defined events that lead to failure in audit logging and can be found in the notification section of the SIEM portal. However, the alerts are sent to the specified personnel 24 hours after the occurrence of an event. As an assessor evaluating the implementation of AU.L2-3.3.4 Audit Failure Alerting, which of the following would be a key consideration regarding theevidence provided by the contractor?
Comprehensive and Detailed In-Depth AU.L2-3.3.4 requires "alerting personnel when audit logging fails." A 24-hour delay is concerning for timeliness, but the key evidence consideration is whether defined failure types (B) are comprehensive (e.g., software, hardware, capacity issues), ensuring effective detection. Notification security (A), role alignment (C), and third-party integration (D) are secondary, per CMMC focus on failure coverage.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.4: "Verify that defined failure types cover a comprehensive range."NIST SP 800-171A, 3.3.4: "Examine failure scenarios for completeness."
During your review of an OSC's system security control, you focus on CMMC practice SC.L2-3.13.9 Connections Termination. The OSC uses a custom web application for authorized personnel to access CUI remotely. Users log in with usernames and passwords. The application is hosted on a dedicated server within the company's internal network. The server operating system utilizes default settings for connection timeouts. Network security is managed through a central firewall, but no specific rules are configured for terminating inactive connections associated with the CUI access application. Additionally, there is no documented policy or procedure outlining a defined period of inactivity for terminating remote access connections. Interviews with IT personnel reveal that they rely solely on users to remember to log out of the application after completing their work. How could the firewall be configured to help achieve the objectives of CMMC practice SC.L2-3.13.9 Connections Termination, for the remote access application?
Comprehensive and Detailed In-Depth SC.L2-3.13.9 requires "terminating connections after a defined period of inactivity." Firewall rules to terminate inactive connections (A) directly enforce this for the CUI application, meeting the practice's intent. Encryption (B) protects transit data (SC.L2-3.13.8), IDS/IPS (C) detects threats (SI.L2- 3.14.6), and IP blocking (D) limits access (AC.L2-3.1.2)--none address inactivity termination. The CMMC guide supports firewall-based timeouts.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), SC.L2-3.13.9: "Configure firewalls for inactivity timeouts." NIST SP 800-171A, 3.13.9: "Examine firewall rules for termination."
When assessing a contractor's implementation of CMMC practices, you examine its System Security Plan (SSP) to identify its documented measures for audit reduction and reporting. They have a dedicated section in their SSP addressing the Audit and Accountability requirements. You proceed to interview their information security personnel, who informed you that the contractor has a dedicated Security Operations Center (SOC) and uses Splunk to reduce and report audit logs. What key features regarding the deployment of Splunk for AU.L2-3.3.6 Reduction & Reporting would you be interested in assessing?
Comprehensive and Detailed In-Depth CMMC practice AU.L2-3.3.6 Reduction & Reporting requires organizations to "provide audit reduction and report generation capabilities to support after-the-fact investigations without altering original records." The objectives are: [a] reducing audit records by filtering non-essential data, and [b] generating reports for analysis. Splunk, a SIEM tool, is deployed, and the assessor must evaluate its alignment with these goals.Option C: Filter rules for reduction and analysis/reporting processes This directly addresses the practice's core requirements: reducing logs (e.g., filtering noise) and generating meaningful reports (e.g., anomaly detection, summaries). These features ensure Splunk meets AU.L2-3.3.6's intent, making it the key focus.Option A: RBAC for access restriction Relevant to AU.L2-3.3.8 (Audit Protection), not reduction/reporting; it's a security control, not a capability of this practice. Option B: Retention time Pertains to AU.L2-3.3.2 (Audit Retention), not reduction/reporting functionality.Option D: Compliance dashboards Useful but not required by AU.L2-3.3.6; the focus is on reduction and reporting, not real-time compliance visibility.Why C?The CMMC guide specifies assessing tools for reduction (filtering) and reporting (analysis/report generation), and Splunk's effectiveness hinges on these features, per the scenario's SOC context.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), AU.L2-3.3.6: "Examine tools for capabilities to [a] reduce audit records by filtering non-essential data, and [b] generate reports identifying anomalies and summarizing data."NIST SP 800-171A, 3.3.6: "Assess reduction and reporting functions, such as filtering and customized report generation."
Understanding that changes are critical in any production environment, a DoD contractor has instituted measures to manage them. All software changes can only be implemented by defined individuals. These changes must have gone through a rigorous change approval process and must be implemented from a secure server located in the company's headquarters. The personnel affecting the changes access the server room using access cards and an iris scan. To log into the server, they must enter their passwords to receive a one-time password (OTP), which must be keyed in within 2 minutes. After any changes are made, the chairperson of the contractor's Change Review Board and the CISO get a notification to approve the changes before they take effect. To determine if the contractor has implemented enough measures to meet CM.L2-3.4.5 Access Restrictions for Change, you need to examine all the following EXCEPT?
Comprehensive and Detailed In-Depth CM.L2-3.4.5 requires "defining, documenting, approving, and enforcing access restrictions for system changes." Procedures (A), policy (C), and configs (D) provide direct evidence of these controls. A POA&M (B) documents deficiencies, not implementation, and isn't listed as an assessment object in the CMMC guide.Extract from Official CMMC Documentation:CMMC Assessment Guide Level 2 (v2.0), CM.L2-3.4.5: "Examine procedures, policy, and configs; POA&M not included."NIST SP 800-171A, 3.4.5: "Focus on access restriction artifacts."
Share your comments for Cyber AB CMMC-CCA exam with other users:
these dumps are pretty good.
good questions
dbua is used for upgrading oracle database
i am thrilled to say that i passed my amazon web services mls-c01 exam, thanks to study materials. they were comprehensive and well-structured, making my preparation efficient.
please upload latest ibm ace c1000-056 dumps
if only explanations were provided...
yes .. i need the dump if you can help me
good morning, could you please upload this exam again?
hi please upload sre foundation and practitioner exam questions
the exam is listed as 80 questions with a pass mark of 70%, how is your 50 questions related?
all questions are so important and covers all ccna modules
q 44. ans:- b (goto setup > order settings > select enable optional price books for orders) reference link --> https://resources.docs.salesforce.com/latest/latest/en-us/sfdc/pdf/sfom_impl_b2b_b2b2c.pdf(decide whether you want to enable the optional price books feature. if so, select enable optional price books for orders. you can use orders in salesforce while managing price books in an external platform. if you’re using d2c commerce, you must select enable optional price books for orders.)
"cost of replacing data if it were lost" is also correct.
pls upload the questions
question 182 - correct answer is d. ethernet frame length is 64 - 1518b. length of user data containing is that frame: 46 - 1500b.
i need this exam pls
its required for me, please make it enable to access. thanks
seems good..
took the test last week, i did have about 15 - 20 word for word from this site on the test. (only was able to cram 600 of the questions from this site so maybe more were there i didnt review) had 4 labs, bgp, lacp, vrf with tunnels and actually had to skip a lab due to time. lots of automation syntax questions.
no comments
nice questions bring out the best in you.
really helpful
question #50 and question #81 are exactly the same questions, azure site recovery provides________for virtual machines. the first says that it is fault tolerance is the answer and second says disater recovery. from my research, it says it should be disaster recovery. can anybody explain to me why? thank you
iam thankful for these exam dumps questions, i would not have passed without this exam dumps.
some of the answers seem to be inaccurate. q10 for example shouldnt it be an m custom column?
are the question real or fake?
thank you for providing such assistance.
nice questions
my 3rd purcahse from this site. these exam dumps are helpful. very helpful.
found it good
excellent material
very helpfull
well explained.