Valid CMMC-CCA Dumps shared by EduDump.com for Helping Passing CMMC-CCA Exam! EduDump.com now offer the newest CMMC-CCA exam dumps, the EduDump.com CMMC-CCA exam questions have been updated and answers have been corrected get the newest EduDump.com CMMC-CCA dumps with Test Engine here:
A company has a firewall to regulate how data flows into and out of its network. Based on an interview with their IT staff, all connections to their systems are logged, and suspicious traffic generates alerts. Examination of which artifact should give the CCA the details on how these are implemented?
Correct Answer: B
The control SC.L2-3.13.5: Boundary Protection requires that organizations monitor and control communications at the external boundary and at key internal boundaries. The CMMC Assessment Guide states that assessors should examine boundary protection procedures to verify logging, monitoring, and alerting are defined and implemented. Physical access logs, account management documents, and configuration management policies do not provide details of how network boundaries are monitored and protected. Exact extracts: * "Assessment Objectives ... Determine if: * external boundary and key internal boundaries are defined; * communications are monitored and controlled at boundaries; * traffic is checked for unauthorized transfer of information; and * boundary protection devices are configured and managed." * "Potential Assessment Methods: Examine ... boundary protection policy; boundary protection procedures; system security plan; configuration settings for boundary protection devices; logs of boundary protection devices." Why the other options are incorrect: * A (Physical access logs): Relates to facility entry, not network boundary protection. * C (Account management document): Addresses user account lifecycle, not firewall and traffic control. * D (Configuration management policy): Governs system changes, not firewall logging/alerting controls. References (CCA documents / Study Guide): * CMMC Assessment Guide - Level 2, SC.L2-3.13.5 "Boundary Protection." * NIST SP 800-171 Rev. 2, 3.13.5.