CMMC-CCP Free Practice Test

An OSC needs to be assessed on RA.L2-3.11.1: Periodically assess the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, and individuals, resulting from the operation of organizational systems and the associated processing, storage, or transmission of CUI. What is in scope for a Level 2 assessment of RA.L2-3.11.1?

1. A. IT systems
2. B. Enterprise systems
3. C. CUI Marking processes
4. D. Processes, people, physical entities, and IT systems in which CUI processed, stored, or transmitted

Correct Answer: D

Which assessment method compares actual-specified conditions with expected behavior?

1. A. Test
2. B. Examine
3. C. Compile
4. D. Interview

Correct Answer: A

Which NIST SP discusses protecting CUI in nonfederal systems and organizations?

1. A. NIST SP 800-37
2. B. NIST SP 800-53
3. C. NIST SP 800-88
4. D. NIST SP 800-171

Correct Answer: D

Where can a listing of all federal agencies' CUI indices and categories be found?

1. A. 32 CFR Section 2002
2. B. Official CUI Registry
3. C. Executive Order 13556
4. D. Official CMMC Registry

Correct Answer: B

Per DoDI 5200.48: Controlled Unclassified Information (CUI), CUI is marked by whom?

1. A. DoD OUSD
2. B. Authorized holder
3. C. Information Disclosure Official
4. D. Presidential authorized Original Classification Authority

Correct Answer: B