Free CMMC-CCA Mock Exam – Practice Online Confidently

You are a CCA working for a C3PAO. An OSC has submitted a request for a CMMC Assessment, and the C3PAO is in the process of assigning a Lead Assessor for this engagement. As an experienced Assessor, you are being considered for the role of Lead Assessor. Once the C3PAO assigns the Lead Assessor, what is the next step in the process?

To transfer CUI between a government client and its internal systems, a defence contractor uses a Secure File-Sharing Application provided by the DoD. However, all the data traversing this boundary MUST pass through a next generation firewall (NGFW) managed by the contractor?s Network Admin. All CUI is stored on an Solid State Drive (SSD) and accessed through a laptop. What type of asset is the Secure File-Sharing Application?

CMMC MA.L2-3.7.6-Maintenance Personnel, requires that maintenance personnel without required access authorization be supervised during maintenance activities. One of the ways organizations can achieve this is to develop a documented procedure for supervised maintenance activities. Which of the following elements should be excluded from the documented procedure?

Change is a part of any production process and must be meticulously managed. System Change Management is a CMMC requirement, and you have been called in to assess the implementation of CMMC requirements. When examining the contractor?s change management policy, you realize there is a defined change advisory board that has a review and approval mandate for any proposed changes. The change advisory board maintains a change request system where all the changes are submitted and documented for easy tracking and review. The contractor also has a defined rollback plan defining what to do in case the approved changes result in unexpected issues or vulnerabilities. What evidence artifacts can the contractor also cite as evidence to show their compliance with CM.L2-3.4.3-System Change Management besides their compliance management policy?

An OSC plans to bid for a DoD contract to supply laser welding services to repair a fleet of unmanned aerial vehicles (UAVs). This requires them to be CMMC L2 certified since the information they will receive from the DoD is Controlled Technical Information (CTI). However, their repair and welding services require a Computer Numerical Control (CNC) machine to fabricate some crucial parts. Since the welding is mainly automated using Robots, the OSC has intelligently integrated its SCADA system with Programmable Logic Controllers (PLCs) for increased accuracy, improved safety and efficiency, and enhanced flexibility. As the Lead Assessor for the C3PAO assessment team validating the OSC's CMMC assessment scope, you expect the OSC to handle the SCADA system, PLCs, and CNC machines in all the following ways EXCEPT?