최신Cyber AB Certified CMMC Assessor (CCA) - CMMC-CCA무료샘플문제
문제1
An organization's password policy includes these requirements:
* Passwords must be at least 8 characters in length.
* Passwords must contain at least one uppercase character, one lowercase character, and one numeric digit.
* Passwords must be changed at least every 90 days.
* When a password is changed, none of the previous 3 passwords can be reused.
Per IA.L2-3.5.7: Password Complexity, what requirement is missing from this password policy?
An organization's password policy includes these requirements:
* Passwords must be at least 8 characters in length.
* Passwords must contain at least one uppercase character, one lowercase character, and one numeric digit.
* Passwords must be changed at least every 90 days.
* When a password is changed, none of the previous 3 passwords can be reused.
Per IA.L2-3.5.7: Password Complexity, what requirement is missing from this password policy?
정답: D
설명: (ITDumpsKR 회원만 볼 수 있음)
문제2
The OSC POC has prepared evidence from an internal pre-assessment for the C3PAO in preparation for a third-party assessment. The OSC POC has identified that there are several ESPs (External Service Providers) involved in protecting the security of the infrastructure. While reviewing the pre-assessment documentation regarding ESPs, the Lead Assessor will be looking for items that are:
The OSC POC has prepared evidence from an internal pre-assessment for the C3PAO in preparation for a third-party assessment. The OSC POC has identified that there are several ESPs (External Service Providers) involved in protecting the security of the infrastructure. While reviewing the pre-assessment documentation regarding ESPs, the Lead Assessor will be looking for items that are:
정답: C
설명: (ITDumpsKR 회원만 볼 수 있음)
문제3
The Lead Assessor is ready to complete planning by developing the assessment schedule. The Lead Assessor and the OSC Assessment Official discuss the Assessment Team members.
What MUST be submitted to the Cyber-AB before the assessment?
The Lead Assessor is ready to complete planning by developing the assessment schedule. The Lead Assessor and the OSC Assessment Official discuss the Assessment Team members.
What MUST be submitted to the Cyber-AB before the assessment?
정답: A
설명: (ITDumpsKR 회원만 볼 수 있음)
문제4
During an assessment, the Assessment Team has identified, according to the SSP and network diagram, that there is a mission system that cannot be altered but that has privileged accounts which should have MFA applied. As it is not possible to deploy a typical type of MFA on the mission system, which of the following constitutes a sufficient second factor?
During an assessment, the Assessment Team has identified, according to the SSP and network diagram, that there is a mission system that cannot be altered but that has privileged accounts which should have MFA applied. As it is not possible to deploy a typical type of MFA on the mission system, which of the following constitutes a sufficient second factor?
정답: A
설명: (ITDumpsKR 회원만 볼 수 있음)
문제5
In order to perform an interview, the Lead Assessor MUST ensure interview questions are:
In order to perform an interview, the Lead Assessor MUST ensure interview questions are:
정답: D
설명: (ITDumpsKR 회원만 볼 수 있음)
문제6
AC.L2-3.1.6: Non-Privileged Account Use is being assessed. Which procedure BEST meets all of the standards for non-privileged account use?
AC.L2-3.1.6: Non-Privileged Account Use is being assessed. Which procedure BEST meets all of the standards for non-privileged account use?
정답: C
설명: (ITDumpsKR 회원만 볼 수 있음)
문제7
Both the SSP and network diagrams presented to the Lead Assessor by the OSC indicate managed service providers (MSPs) within the assessment boundary. In order to BEST understand the impact of the MSPs, what should the Lead Assessor do?
Both the SSP and network diagrams presented to the Lead Assessor by the OSC indicate managed service providers (MSPs) within the assessment boundary. In order to BEST understand the impact of the MSPs, what should the Lead Assessor do?
정답: B
설명: (ITDumpsKR 회원만 볼 수 있음)
문제8
An in-house compliance expert for a large defense contractor is reviewing the organization's training materials for personnel handling CUI. After a widely publicized insider threat incident, management requires that training address insider threat risks. What is a critical component of insider threat awareness training?
An in-house compliance expert for a large defense contractor is reviewing the organization's training materials for personnel handling CUI. After a widely publicized insider threat incident, management requires that training address insider threat risks. What is a critical component of insider threat awareness training?
정답: B
설명: (ITDumpsKR 회원만 볼 수 있음)
문제9
An OSC has a large multi-building facility. One building is used as the OSC's data center. A guard is stationed at the entrance to the data center. A vendor engineer comes onsite to perform maintenance on the storage array in the data center. The guard knows the engineer well and has the engineer fill out the visitor log with the contact person's name and phone number, the reason for the visit, and the date and time. Since the guard has known the engineer for many years, what is the BEST step the guard should take?
An OSC has a large multi-building facility. One building is used as the OSC's data center. A guard is stationed at the entrance to the data center. A vendor engineer comes onsite to perform maintenance on the storage array in the data center. The guard knows the engineer well and has the engineer fill out the visitor log with the contact person's name and phone number, the reason for the visit, and the date and time. Since the guard has known the engineer for many years, what is the BEST step the guard should take?
정답: C
설명: (ITDumpsKR 회원만 볼 수 있음)
문제10
During an assessment, the OSC IT security team provided documentation on how they use replay-resistant authentication to protect CUI. What can be used as a replay-resistant mechanism?
During an assessment, the OSC IT security team provided documentation on how they use replay-resistant authentication to protect CUI. What can be used as a replay-resistant mechanism?
정답: B
설명: (ITDumpsKR 회원만 볼 수 있음)