CCA Part 2

Question 1

Minimum practice score to pass an assessment

Answer 1

88/110 (80%)

Question 2

Which executive order placed NARA in charge of the CUI program?

Answer 2

EO 13556

Question 3

How many controls (practices) are there for CMMC L1

Answer 3

17

Question 4

How many assessment objectives are there for CMMC L1

Answer 4

59

Question 5

How many domains are there in CMMC L1

Answer 5

6

Question 6

What are the 6 domains addressed in CMMC L1

Answer 6

(AC) Access Control, (IA) Identification & Authentication, (MP) Media Protection,
(PE) Physical and Environmental, (SC) System & Communications Protection,
(SI) System & Information Integrity.

Question 7

How many controls (practices) are there in CMMC L2

Answer 7

110

Question 8

How many assessment objectives are there in CMMC L2

Answer 8

320

Question 9

How many domains are there in CMMC L2?

Answer 9

14

Question 10

CMMC L1 controls are described as

Answer 10

Foundational

Question 11

CMMC L2 controls are described as

Answer 11

Advanced

Question 12

CMMC L3 controls are described as

Answer 12

Expert

Question 13

Which contract clause protects FCI

Answer 13

FAR 52.204.21

Question 14

Which contract clause requires 800-171 self assessment, and submission of SPRS score

Answer 14

DFARS 252.204-7019

Question 15

Which contract clause allows for a DIBCAC medium or high assessment?

Answer 15

DFARS 252.204-7020

Question 16

What are the 5 sections in the code of professional conduct?

Answer 16

Professionalism, Objectivity, Confidentiality, Proper use of Methods, and Information Integrity

Question 17

Define “Affirmation”

Answer 17

a response to the interview examination method by the OSC

Question 18

Define “adequacy”

Answer 18

Does the evidence meet the objective (is it right)

Question 19

Define “sufficiency”

Answer 19

Does the evidence address the full scope of the program (is there enough)

Question 20

What markings are required on a CUI document?

Answer 20

1. “controlled” or “CUI”
2. the specified category if applicable
3. designation indicator (which agency controls it)

Question 21

What are the four phases of the CAP?

Answer 21

1. Plan and prepare assessment
2. conduct the assessment
3. Deliver recommended results
4. POA&M closeout

Question 22

What are the 5 primary steps in the first phase of the CAP?

Answer 22

1. Establish roles and responsibilities
2. Organize and prepare
3. Analyze assessment requirements
4. Develop assessment plan
5. Verify readiness to conduct the assessment

Question 23

Which ISO cert must a C3PAO obtain?

Answer 23

ISO 17020

Question 24

Which ISO cert must the Cyber-AB obtain

Answer 24

ISO 17011

Question 25

Which ISO Cert must the CAICO obtain

Answer 25

ISO 17024

Question 26

What are the 3 assessment methods

Answer 26

1. Examine 2. Interview 3. Test

Question 27

Which org is RESPONSIBLE for CMMC training

Answer 27

CAICO

Question 28

Which org PUBLISHES training content

Answer 28

Licensed Partner Publisher (LPP)

Question 29

Which org ISSUES training content

Answer 29

Licensed Training Provider (LTP)

Question 30

What is a CCMI

Answer 30

Certified CMMC Master Instructor

Question 31

Which Code of Federal Regulations established the CUI program after Executive Order 13556?

Answer 31

CFR 32 Part 2002

Question 32

Which contract clause requires a CMMC certification?

Answer 32

DFARS 252.204-7021

Question 33

What is a prioritized acquisition program

Answer 33

A program that requires a C3PAO L2 assessment

Question 34

What does CMMC stand for?

Answer 34

Cybersecurity Maturity Model Certification

Question 35

Who oversees the CMMC-AB/CyberAB

Answer 35

The Department of Defense (DoD)

Question 36

What is the official title of NIST 800-171

Answer 36

Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations

Question 37

How often must a CMMC certification be reassessed by a C3PAO

Answer 37

3 years

Question 38

What is the subject of CFR Title 32

Answer 38

National Defense

Question 39

What is the subject of CFR Title 48

Answer 39

Federal Aquisition Regulations System

Question 40

How much time does an OSC have to remediate a limited practice deficiency after the completion of an assessment?

Answer 40

180 days

Question 41

Which contract clause requires the implementation of NIST 800-171

Answer 41

DFARS 252.204-7012

Question 42

Which contract clause allows the DoD to use an SPRS score to evaluate contract bids?

Answer 42

DFARS 252.204-7024