Valid CMMC-CCP Dumps shared by ExamDiscuss.com for Helping Passing CMMC-CCP Exam! ExamDiscuss.com now offer the newest CMMC-CCP exam dumps, the ExamDiscuss.com CMMC-CCP exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CMMC-CCP dumps with Test Engine here:
Access CMMC-CCP Dumps Premium Version
(208 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 39/103
In the CMMC Model, how many practices are included in Level 1?
Correct Answer: A
CMMC (Cybersecurity Maturity Model Certification) 2.0 Level 1 is designed to protectFederal Contract Information (FCI)and consists of17 foundational cybersecurity practices. These practices are directly derived fromFAR 52.204-21(Basic Safeguarding of Covered Contractor Information Systems), which outlines minimum security requirements for contractors handling FCI.
Breakdown of CMMC Level 1 PracticesThe17 practicesin Level 1 focus on basic cybersecurity hygiene and fall under the following6 domains:
Access Control (AC)- 4 practices
AC.L1-3.1.1: Limit system access to authorized users
AC.L1-3.1.2: Limit user access to authorized transactions and functions AC.L1-3.1.20: Verify and control connections to external systems AC.L1-3.1.22: Control information posted or processed on publicly accessible systems Identification and Authentication (IA)- 2 practices IA.L1-3.5.1: Identify and authenticate system users IA.L1-3.5.2: Use multifactor authentication for local and network access Media Protection (MP)- 1 practice MP.L1-3.8.3: Sanitize media before disposal or reuse Physical Protection (PE)- 4 practices PE.L1-3.10.1: Limit physical access to systems containing FCI PE.L1-3.10.3: Escort visitors and monitor visitor activity PE.L1-3.10.4: Maintain audit logs of physical access PE.L1-3.10.5: Control and manage physical access devices System and Communications Protection (SC)- 2 practices SC.L1-3.13.1: Monitor and control communications at system boundaries SC.L1-3.13.5: Implement subnetworks for publicly accessible system components System and Information Integrity (SI)- 4 practices SI.L1-3.14.1: Identify, report, and correct system flaws in a timely manner SI.L1-3.14.2: Provide protection from malicious code at designated locations SI.L1-3.14.4: Update malicious code protection mechanisms periodically SI.L1-3.14.5: Perform scans of system components and real-time file scans Official Reference from CMMC 2.0 DocumentationThe 17 practices forCMMC Level 1are explicitly listed in theCMMC 2.0 Appendices and Assessment Guide for Level 1, as well as in theFAR 52.204-21 requirements.
These practices representbasic safeguarding measuresthat all DoD contractors handlingFCImust implement.
#CMMC 2.0 Level 1 Summary:
Focus:Basic safeguarding of FCI
Total Practices:17
Derived From:FAR 52.204-21
Assessment Type:Self-assessment (annual)
Final Verification and ConclusionThe correct answer isB. 17 practicesas verified from theCMMC 2.0 official documentsandFAR 52.204-21 requirements.
Breakdown of CMMC Level 1 PracticesThe17 practicesin Level 1 focus on basic cybersecurity hygiene and fall under the following6 domains:
Access Control (AC)- 4 practices
AC.L1-3.1.1: Limit system access to authorized users
AC.L1-3.1.2: Limit user access to authorized transactions and functions AC.L1-3.1.20: Verify and control connections to external systems AC.L1-3.1.22: Control information posted or processed on publicly accessible systems Identification and Authentication (IA)- 2 practices IA.L1-3.5.1: Identify and authenticate system users IA.L1-3.5.2: Use multifactor authentication for local and network access Media Protection (MP)- 1 practice MP.L1-3.8.3: Sanitize media before disposal or reuse Physical Protection (PE)- 4 practices PE.L1-3.10.1: Limit physical access to systems containing FCI PE.L1-3.10.3: Escort visitors and monitor visitor activity PE.L1-3.10.4: Maintain audit logs of physical access PE.L1-3.10.5: Control and manage physical access devices System and Communications Protection (SC)- 2 practices SC.L1-3.13.1: Monitor and control communications at system boundaries SC.L1-3.13.5: Implement subnetworks for publicly accessible system components System and Information Integrity (SI)- 4 practices SI.L1-3.14.1: Identify, report, and correct system flaws in a timely manner SI.L1-3.14.2: Provide protection from malicious code at designated locations SI.L1-3.14.4: Update malicious code protection mechanisms periodically SI.L1-3.14.5: Perform scans of system components and real-time file scans Official Reference from CMMC 2.0 DocumentationThe 17 practices forCMMC Level 1are explicitly listed in theCMMC 2.0 Appendices and Assessment Guide for Level 1, as well as in theFAR 52.204-21 requirements.
These practices representbasic safeguarding measuresthat all DoD contractors handlingFCImust implement.
#CMMC 2.0 Level 1 Summary:
Focus:Basic safeguarding of FCI
Total Practices:17
Derived From:FAR 52.204-21
Assessment Type:Self-assessment (annual)
Final Verification and ConclusionThe correct answer isB. 17 practicesas verified from theCMMC 2.0 official documentsandFAR 52.204-21 requirements.
- Question List (103q)
- Question 1: For CMMC Assessments, during Phase 1 of the CMMC Assessment ...
- Question 2: During a Level 2 Assessment, an OSC provides documentation t...
- Question 3: The Advanced Level in CMMC will contain Access Control {AC) ...
- Question 4: Which assessment method compares actual-specified conditions...
- Question 5: When assessing an OSC for CMMC: the Lead Assessor should use...
- Question 6: The Audit and Accountability (AU) domain has practices in:...
- Question 7: A Level 2 Assessment was conducted for an OSC, and the resul...
- Question 8: A CMMC Assessment is being conducted at an OSC's HQ. which i...
- Question 9: A contractor stores security policies, system configuration ...
- Question 10: A C3PAO Assessment Plan document captures the names of the i...
- Question 11: What is the MOST common purpose of assessment procedures?...
- Question 12: The practices in CMMC Level 2 consist of the security requir...
- Question 13: A CCP is on their first assessment for CMMC Level 2 with an ...
- Question 14: According to the Configuration Management (CM) domain, which...
- Question 15: What is the LAST step when developing an assessment plan for...
- Question 16: Recording evidence as adequate is defined as the criteria ne...
- Question 17: Which method facilitates understanding by analyzing gathered...
- Question 18: Which statement BEST describes a LTP?...
- Question 19: A Level 2 Assessment of an OSC is winding down and the final...
- Question 20: Contractor scoping requirements for a CMMC Level 2 Assessmen...
- Question 21: A contractor provides services and data to the DoD. The tran...
- Question 22: While conducting a CMMC Assessment, an individual from the O...
- Question 23: What is DFARS clause 252.204-7012 required for?...
- Question 24: A company is working with a CCP from a contracted CMMC consu...
- Question 25: Which example represents a Specialized Asset?...
- Question 26: Which standard of assessment do all C3PAO organizations exec...
- Question 27: CMMC scoping covers the CUI environment encompassing the sys...
- Question 28: While conducting a CMMC Assessment, a Lead Assessor is given...
- Question 29: Two assessors cannot agree if a certain practice should be r...
- Question 30: Which statement is NOT a measure to determine if collected e...
- Question 31: A Lead Assessor is planning an assessment and scheduling the...
- Question 32: As defined in the CMMC-AB Code of Professional Conduct, what...
- Question 33: Two network administrators are working together to determine...
- Question 34: An assessor is collecting affirmations. So far, the assessor...
- Question 35: An OSC has submitted evidence for an upcoming assessment. Th...
- Question 36: Which regulation allows for whistleblowers to sue on behalf ...
- Question 37: A C3PAO has completed a Limited Practice Deficiency Correcti...
- Question 38: Who is responsible for ensuring that subcontractors have a v...
- Question 39: In the CMMC Model, how many practices are included in Level ...
- Question 40: Which term describes the prevention of damage to. protection...
- Question 41: A Lead Assessor has been assigned to a CMMC Assessment Durin...
- Question 42: In accordance with NARA directives and Chapter 33 of Title 4...
- Question 43: An assessor has been working with an OSC's point of contact ...
- Question 44: Which term describes "the protective measures that are comme...
- Question 45: How are the Final Recommended Assessment Findings BEST prese...
- Question 46: Which standard and regulation requirements are the CMMC Mode...
- Question 47: An assessment procedure consists of an assessment objective,...
- Question 48: An assessor needs to get the most accurate answers from an O...
- Question 49: There are 15 practices that are NOT MET for an OSC's Level 2...
- Question 50: When executing a remediation review, the Lead Assessor shoul...
- Question 51: Who is responsible for ensuring that subcontractors have a v...
- Question 52: The facilities manager for a company has procured a Wi-Fi en...
- Question 53: When assessing SI.L2-3.14.6: Monitor communications for atta...
- Question 54: Prior to initiating an OSC's CMMC Assessment, the Lead Asses...
- Question 55: An Assessment Team Member is conducting a CMMC Level 2 Asses...
- Question 56: In scoping a CMMC Level 1 Self-Assessment, all of the comput...
- Question 57: Which code or clause requires that a contractor is meeting t...
- Question 58: A company is about to conduct a press release. According to ...
- Question 59: A Lead Assessor is ensuring all actions have been completed ...
- Question 60: The evidence needed for each practice and/or process is weig...
- Question 61: A CCP is part of a CMMC Assessment Team interviewing a subje...
- Question 62: In scoping a CMMC Level 1 Self-Assessment, it is determined ...
- Question 63: Which phase of the CMMC Assessment Process includes developi...
- Question 64: An Assessment Team is reviewing a practice that is documente...
- Question 65: Which document BEST determines the existence of FCI and/or C...
- Question 66: In performing scoping, what should the assessor ensure that ...
- Question 67: When planning an assessment, the Lead Assessor should work w...
- Question 68: Which resource contains authoritative data classifications o...
- Question 69: Which NIST SP discusses protecting CUI in nonfederal systems...
- Question 70: A Lead Assessor is presenting an assessment kickoff and open...
- Question 71: An assessment is being conducted at a remote client site. Fo...
- Question 72: As part of CMMC 2.0, the change to Level 1 Self-Assessments ...
- Question 73: Where can a listing of all federal agencies' CUI indices and...
- Question 74: Which words summarize categories of data disposal described ...
- Question 75: A contractor has implemented IA.L2-3.5.3: Multifactor Authen...
- Question 76: What is the BEST document to find the objectives of the asse...
- Question 77: When a conflict of interest is unavoidable, a CCP should NOT...
- Question 78: Which document specifies the CMMC Level 1 practices that cor...
- Question 79: Ethics is a shared responsibility between:...
- Question 80: Which phase of the CMMC Assessment Process includes the task...
- Question 81: Companies that knowingly defraud the government by not being...
- Question 82: An OSC performing a CMMC Level 1 Self-Assessment uses a lega...
- Question 83: An employee is the primary system administrator for an OSC. ...
- Question 84: The Lead Assessor is presenting the Final Findings Presentat...
- Question 85: An Assessment Team is conducting interviews with team member...
- Question 86: During Phase 4 of the Assessment process, what MUST the Lead...
- Question 87: The practices in CMMC Level 2 consists of the security requi...
- Question 88: For the purpose of determining scope, what needs to be inclu...
- Question 89: A Lead Assessor is preparing to conduct a Readiness Review d...
- Question 90: An OSC receives an email with "CUI//SP-PRVCY//FED Only" in t...
- Question 91: Which document is the BEST source for descriptions of each p...
- Question 92: A server is used to store FCI with a cloud provider long-ter...
- Question 93: Per DoDI 5200.48: Controlled Unclassified Information (CUI),...
- Question 94: What is a PRIMARY activity that is performed while conductin...
- Question 95: During a Level 2 Assessment, the OSC has provided an invento...
- Question 96: On a Level 2 Assessment Team, what are the roles of the CCP ...
- Question 97: An Assessment Team is conducting a Level 2 Assessment at the...
- Question 98: Exercising due care to ensure the information gathered durin...
- Question 99: Which government agency are DoD contractors required to repo...
- Question 100: Which authority leads the CMMC direction, standards, best pr...
- Question 101: What is objectivity as it applies to activities with the CMM...
- Question 102: An assessor is in Phase 3 of the CMMC Assessment Process. Th...
- Question 103: While determining the scope for a company's CMMC Level 1 Sel...
