Valid CMMC-CCA Dumps shared by EduDump.com for Helping Passing CMMC-CCA Exam! EduDump.com now offer the newest CMMC-CCA exam dumps, the EduDump.com CMMC-CCA exam questions have been updated and answers have been corrected get the newest EduDump.com CMMC-CCA dumps with Test Engine here:
In validating the OSC's implementation of AC.L2-3.1.16: Wireless Access Authorization, the CCA observes various personal and non-enterprise devices connected to the OSC's Wi-Fi. Because organizations handle wireless access differently, the CCA must locate evidence showing who has ultimate authority over wireless access. Which authority is acceptable for authorizing wireless access?
Correct Answer: B
CMMC Level 2 requires that wireless access be formally authorized based on management-approved policy and criteria. The Assessment Guide specifies that "management guidelines form the basis for the requirements that must be met prior to authorizing a wireless connection." Therefore, a written policy executed by the CEO, which defines pre-authorization requirements, constitutes proper evidence of authorization. Informal emails or IT connection instructions do not meet this requirement. Exact extracts: * "Authorize wireless access prior to allowing such connections." * "Assessment Objectives ... Determine if: [a] wireless access points are identified; and [b] wireless access is authorized prior to allowing such connections." * "Guidelines from management form the basis for the requirements that must be met prior to authorizing a wireless connection. These guidelines may include the following: * types of devices, such as corporate or privately owned equipment; * configuration requirements of the devices; and * authorization requirements before granting such connections." * Assessment method - Examine: "Access control policy; procedures addressing wireless implementation and usage (including restrictions); wireless access authorizations ..." Why the other options are unacceptable: * A and C are ad-hoc instructions from the CEO, not a formal management policy establishing authorization criteria. * D is an IT-authored instruction document, not a management-level authorization policy. References (CCA documents / Study Guide): * CMMC Assessment Guide - Level 2, Version 2.13, AC.L2-3.1.16 "Wireless Access Authorization" (Assessment Objectives; Discussion; Further Discussion; Potential Assessment Methods and Objects). * NIST SP 800-171 Rev. 2, 3.1.16 (mapped within the CMMC Level 2 Assessment Guide).