Cyber AB CMMC-CCA Exam Questions

During a CMMC Level 2 assessment, an OSC receives a Conditional Certification with several practices placed on a Plan of Action and Milestones (POA&M). After implementing corrective actions, the OSC requests the Assessment Team to conduct a POA&M Close-Out Assessment. Which of the following is the correct action for the Team's Lead Assessor during the POA&M Close-Out Assessment?

You are the Lead Assessor for a CMMC Level 2 assessment. The OSC has implemented a practice using a custom-built tool developed by their IT team. The tool appears to meet the practice's objectives, but no formal documentation or testing records exist. How should you evaluate this evidence?

An OSC employs guards to protect the manufacturing shop where the magnetic radar-absorbing coating is manufactured. The Army uses this specific coating for a particular fleet of unmanned aerial vehicles (UAVs). The facility is under constant surveillance with the help of HD CCTVs. Within the OSC's facilities is a Vector Network Analyzer (VNA) that measures the reflection and transmission properties of the coating over a range of frequencies. Guards protect the OSC's anechoic chamber, and anyone entering must use an iris scanner and sign a physical form detailing their name and reason for being there. At the door is a huge sign reading ''Authorized Personnel Only.'' The OSC has implemented the following physical separation methods to secure its facilities, EXCEPT?

You are assessing a contractor that develops software for air traffic control systems. In reviewing their documentation, you find that a single engineer is responsible for designing new ATC system features, coding the software updates, testing the changes on the development network, and deploying the updates to the production ATC system for customer delivery. How will proper separation of duties help the contractor meet the intent of AC.L2-3.1.4 -- Separation of Duties?