CMMC Model Construct & Implementation Evaluation

Question 1

Level 1 (Foundational)
Level 2 (Advanced)
Level 3 (Expert)
A. True
B. False

Answer 1

A. True

Question 2

Level 1 (Fundamental)
Level 2 (Advanced)
Level 3 (Expert)
A. True
B. False

Answer 2

B. False - Level 1 (Foundational)

Question 3

What are the CMMC Model Levels?

Answer 3

Level 1 (Foundational)
Level 2 (Advanced)
Level 3 (Expert)

Question 4

How many practices are assessed in Level 1?
A. 15
B. 16
C. 17
D. 18

Answer 4

C. 17

Question 5

How many practices are assessed in Level 2?
A. 110
B. 115
C. 120
D. 125

Answer 5

A. 110

Question 6

How many practices are assessed in Level 1?

Answer 6

17 practices

Question 7

How many practices are assessed in Level 2?

Answer 7

110 practices

Question 8

Level 1 (Foundational) has 17 practices that are aligned with NIST SP 800-171 and FAR Clause 52.204-21.
A. True
B. False

Answer 8

A. True

Question 9

Level 2 (Advanced) has 110 practices that are aligned with NIST SP 800-171.
A. True
B. False

Answer 9

A. True

Question 10

An OSC seeking CMMC Level 1 certification must reach out to a C3PAO for a third party assessment.
A. True
B. False

Answer 10

B. False - The OSC should do an annual self assessment.

Question 11

Level 1 certification includes 6 domains and 17 practices.
A. True
B. False

Answer 11

A. True

Question 12

Level 2 certification includes 17 domains and 110 practices.
A. True
B. False

Answer 12

B. False - There are only 14 domains.

Question 13

Level 1 (Foundational) encompasses the basic safeguarding requirements for FCI specified in which of the following?
A. NIST SP 800-171
B. FAR Clause 52.204-21
C. NIST SP 800-172
D.DFARS Clause 252.204-7012

Answer 13

B. FAR Clause 52.204-21

Question 14

Level 2 (Advanced) encompasses the security requirements requirements for CUI specified in which of the following?
A. NIST SP 800-171
B. FAR Clause 52.204-21
C. NIST SP 800-172
D.DFARS Clause 252.204-7012

Answer 14

D.DFARS Clause 252.204-7012

Question 15

This image shows the steps of which of the following?
A. CMMC Assessment Process (CAP)
B. CMMC Level 1 Self-Assessment
C. CMMC Level 2 Self-Assessment
D. CMMC Level 2 Assessment

Answer 15

B. CMMC Level 1 Self-Assessment

Question 16

How often does a Level 2 certification have to be re-certified?

Answer 16

Every 3 years

Question 17

At what step of the Level 2 assessment process does the OSC contract a C3PAO to begin the formal certification process?
A. Step 7
B. Step 8
C. Step 9
D. Step 10

Answer 17

C. Step 9

Question 18

Company Alpha receives FCI from the Government as part of its contract. The only exception is information that the Government has officially designated as “For Public Release.” What level of certification must Company Alpha obtain?
A. Level 1
B. Level 2
C. Level 3

Answer 18

A. Level 1

Question 19

Company Omega decided to participate in contracts that include CUI. They have determined that CUI will be handled, processed, or stored as part of that service of the contract. What level of certification much Company Omega obtain?
A. Level 1
B. Level 2
C. Level 3

Answer 19

B. Level 2

Question 20

In the image, what information is represented in A?
A. Level
B. Domain
C. Practice
D. Security Requirement Number

Answer 20

B. Domain

Question 21

In the image, what information is represented in B?
A. Level
B. Domain
C. Practice
D. Security Requirement Number

Answer 21

A. Level

Question 22

In the image, what information is represented in C?
A. Level
B. Domain
C. Practice
D. Security Requirement Number

Answer 22

D. Security Requirement Number