<< Prev Question Next Question >>

Question 38/62

An OSC seeking Level 2 certification wants to develop and launch a website for customers to purchase items online and submit contact forms. The OSC plans to host the web server in their own data center while also maintaining the security of their internal IT environment. Based on this information, what would be the BEST approach?

LEAVE A REPLY

Your email address will not be published. Required fields are marked *

Question List (62q)
Question 1: The assessment team has divided responsibilities to review p...
Question 2: Does CMMC Level 2 require that a Cloud Service Provider (CSP...
Question 3: The Lead Assessor is compiling the assessment results, which...
Question 4: An OSC processes data in its owned data center. The data cen...
Question 5: A company has a firewall to regulate how data flows into and...
Question 6: While examining the customer responsibility matrix submitted...
Question 7: A company describes its organization as having two systems. ...
Question 8: An OSC assigns new hires to work on their hire date. Human R...
Question 9: The team is assessing an OSC that uses the cloud for hosting...
Question 10: A Lead Assessor is conducting an assessment for an OSC. The ...
Question 11: An assessor reviews the OSC's data protection policy, which ...
Question 12: A Lead Assessor is preparing to conduct a Level 2 Assessment...
Question 13: When a new employee is issued a laptop, only the user's cred...
Question 14: Some OSCs share real estate with other companies. To protect...
Question 15: In completing the assessment of practices in the Access Cont...
Question 16: An OSC seeking Level 2 certification is working with an ESP....
Question 17: A Lead Assessor is conducting an assessment for an OSC. The ...
Question 18: A midsized professional services organization that frequentl...
Question 19: A Lead Assessor is preparing to conduct a Level 2 Assessment...
Question 20: Phase 2 of the CMMC Assessment Process specifies that the As...
Question 21: An OSC has contracted a C3PAO to perform a Level 2 Assessmen...
Question 22: An Assessor is evaluating whether an OSC has implemented ade...
Question 23: The OSC POC has prepared evidence from an internal pre-asses...
Question 24: A company has a server in its own Virtual Cloud used as a CU...
Question 25: A company has a CUI enclave for handling all CUI processed, ...
Question 26: AC.L2-3.1.6: Non-Privileged Account Use is being assessed. W...
Question 27: In validating the OSC's implementation of AC.L2-3.1.16: Wire...
Question 28: An in-house compliance expert for a large defense contractor...
Question 29: What should the Lead Assessor do to BEST ensure the evidence...
Question 30: When assessing an environment, the CCA determines that CUI i...
Question 31: An OSC has a testing laboratory. The lab has several pieces ...
Question 32: The Lead Assessor is conducting an assessment for an OSC. Th...
Question 33: An OSC is undergoing CMMC Assessment on an enterprise-wide b...
Question 34: In order to perform an interview, the Lead Assessor MUST ens...
Question 35: The Lead Assessor has conducted an assessment for an OSC. Th...
Question 36: The Lead Assessor is ready to complete planning by developin...
Question 37: The Lead Assessor concludes that the OSC is not ready for th...
Question 38: An OSC seeking Level 2 certification wants to develop and la...
Question 39: An Assessment Team is holding a discussion with the system a...
Question 40: A company seeking Level 2 certification has several telecomm...
Question 41: A CCA is assessing the concept of least functionality in acc...
Question 42: A company is undergoing a CMMC Level 2 Assessment. During th...
Question 43: Different mechanisms can be used to protect information at r...
Question 44: While conducting a CMMC Level 2 self-assessment, an organiza...
Question 45: The OSC's network consists of a single network switch that c...
Question 46: During an assessment, the OSC IT security team provided docu...
Question 47: While onsite conducting a CMMC Level 2 assessment at a small...
Question 48: NIST SP 800-171A specifies the assessment methods for defini...
Question 49: During an assessment, the Lead Assessor determines certain a...
Question 50: An assessor is assigned by the Lead Assessor to the pre-asse...
Question 51: Both FCI and CUI are stored by an OSC on the same network. S...
Question 52: While conducting a Level 2 Assessment, the Assessment Team b...
Question 53: An OSC seeking Level 2 certification is reviewing the physic...
Question 54: The Lead Assessor is reviewing the Assessment Plan to identi...
Question 55: While scoping the assessment, the assessor learns that the O...
Question 56: An OSC has two business locations. At each location, the OSC...
Question 57: An OSC is a wholly owned subsidiary of a large conglomerate ...
Question 58: In an effort to understand whether the OSC appropriately def...
Question 59: A CCA is assessing the implementation of the Incident Report...
Question 60: A CCA is prohibited from doing which of the following?...
Question 61: During discussions with an OSC, the assessment team learned ...
Question 62: During an assessment, the team is interviewing the IT staff ...