Certified CMMC Professional (CCP) Exam (CMMC-CCP) Free Practice Test

Question 1

A CCP is on their first assessment for CMMC Level 2 with an Assessment Team and is reviewing the CMMC Assessment Process to understand their responsibilities. Which method gathers information from the subject matter experts to facilitate understanding and achieve clarification?

A. Assessment

B. Interview

C. Test

D. Examine

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 2

During the review of information that was published to a publicly accessible site, an OSC correctly identifies that part of the information posted should have been restricted. Which item did the OSC MOST LIKELY identify?

A. Launching of their new business service line

B. Public releases identifying major deals signed with commercial entities

C. FCI

D. Change of leadership in the organization

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 3

Which term describes the prevention of damage to. protection of, and restoration of computers and electronic communications systems/services, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and nonrepudiation?

A. Information security

B. Data security

C. Network security

D. Cybersecurity

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 4

In accordance with NARA directives and Chapter 33 of Title 44 (Records Management Directive), which types of data MUST have policies and procedures for disposal?

A. All digital documents and recorded media

B. All recorded digital documents

C. All digital and recorded paper documents

D. All recorded information, regardless of form or characteristics

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

When an OSC requests an assessment by a C3PAO, who selects the Lead Assessor for the assessment?

A. C3PAO and OSC

B. OSC

C. C3PAO

D. OSC and Lead Assessor

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 6

Which government agency are DoD contractors required to report breaches of CUI to?

A. FBI

B. NARA

C. Under Secretary of Defense for Intelligence and Security

D. DoD Cyber Crime Center

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 7

A CMMC Level 1 Self-Assessment identified an asset in the OSC's facility that does not process, store, or transmit FCI. Which type of asset is this considered?

A. Specialized Assets

B. Government-Issued Assets

C. Out-of-Scope Assets

D. FCI Assets

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 8

During a Level 2 Assessment, the OSC has provided an inventory list of all hardware. The list includes servers, workstations, and network devices. Why should this evidence be sufficient for making a scoring determination for AC.L2-3.1.19: Encrypt CUI on mobile devices and mobile computing platforms?

A. The interviewee attested to encrypting all data at rest.

B. The inventory list does not specify mobile devices.

C. The inventory list does not include Bring Your Own Devices.

D. The DoD has accepted an alternative safeguarding measure for mobile devices.

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 9

What is the LAST step when developing an assessment plan for an OSC?

A. Obtain and record commitment to the assessment plan.

B. Perform certification assessment readiness review.

C. Verify the readiness to conduct the assessment.

D. Update the assessment plan and schedule as needed

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 10

A program manager for a defense contractor saves all FCI data relevant to a contract on a flash drive. Why is the flash drive categorized as an FCI Asset ?

A. It is distributing FCI.

B. It is properly marked as FCI.

C. It is testing FCI.

D. It is storing FCI.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 11

In late September. CA.L2-3.12.1: Periodically assess the security controls in organizational systems to determine if the controls are effective in their application is assessed. Procedure specifies that a security control assessment shall be conducted quarterly. The Lead Assessor is only provided the first quarter assessment report because the person conducting the second quarter's assessment is currently out of the office and will return to the office in two hours. Based on this information, the Lead Assessor should determine that the evidence is;

A. insufficient, and rate the audit finding as NOT MET.

B. sufficient, and re-rate the audit finding after a quarter two assessment report is examined.

C. insufficient, and re-rate the audit finding after a quarter two assessment report is examined.

D. sufficient, and rate the audit finding as MET

Correct Answer: A

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 12

According to DFARS clause 252.204-7012, who is responsible for determining that Information in a given category should be considered CUI?

A. The military personnel assigned to the contractor for that purpose

B. The DoD agency for whom the contractor is performing the work

C. The NARA CUI Executive Agent

D. The contractor who generated the information

Correct Answer: B

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 13

How many domains does the CMMC Model consist of?

A. 43 domains

B. 110 domains

C. 72 domains

D. 14 domains

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 14

An assessment is being conducted at a remote client site. For the duration of the assessment, the client has provided a designated hoteling space in their secure facility which consists of a desk with access to a shared printer. After noticing that the desk does not lock, a locked cabinet is requested but the client does not have one available. At the end of the day, the client provides a printout copy of an important network diagram. The diagram is clearly marked and contains CUI. What should be done NEXT to protect the document?

A. Put it in the unlocked desk drawer for review the following morning.

B. Take a picture with the personal phone before securely shredding it.

C. Take it with them to review in the evening.

D. Leave it on the desk for review the following day.

Correct Answer: C

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Welcome to TestSimulate

Cyber AB Certified CMMC Professional (CCP) (CMMC-CCP) Free Practice Test