Free Cyber AB CMMC-CCA Exam Questions

You are a CCA working for a well-known C3PAO. You have been selected for an Assessment Team tasked with conducting a CMMC assessment on a C3PAO. While you are reviewing the presented evidence, one of the Assessment Team members informs you that they weren’t trained for the job and that a friend helped them get the position. By employing non-credentialed individuals and assigning them assessment tasks, which requirement of the CoPC has the C3PAO violated?

When assessing an OSC?s compliance with IR requirements, you realize they have deployed a system that tracks incidents, documents details, and updates the status throughout the incident response process. Personnel to whom incidents must be reported are identified and designated. While examining their documentation, you come across an incident response template that they use to capture all relevant information and ensure consistency in reporting to the identified authorities and organizational officials. Interviewing the IR team, you learn there is an escalation process that the contractor?s cybersecurity team can use to address more serious incidents. How would you score the contractor?s implementation of IR.L2-3.6.2-Incident Reporting?

The DoD has awarded a defense contractor a contract to deliver next-gen jet engine parts. The order requires the contractor to submit the blueprints/CAD files within six months, and once they are validated, the contractor submits a production schedule. The contractor indicates that they should be able to deliver the components in three years. Which of the following is true about the dates and schedule of the engine components?

A CCA receives a notification from the Cyber AB that they are being investigated for a potential violation of the CoPC. They are concerned about the potential consequences and want to understand the process better. Who has the final authority to determine the corrective action taken against a CCA, if any?

Tina is working on a team conducting a Level 2 assessment for Humvees-R-Us (HRU). While gathering evidence, Tina notices that HRU has not updated several critical policies in years. Knowing that HRU is investing a significant amount of money in the assessment, she tells Bob, the CEO of HRU, that she will date the policies to make them appear as if they have been regularly revised. She explains that this will help HRU pass their assessment and save them the cost of a reassessment. Tina believes changing the dates isn’t a big deal since HRU has policies written but has not revised them as frequently as required.Was it right for Tina to adjust the dates during the assessment? If not, which principle of the CMMC Code of Professional Conduct did she violate?