Free Practice Cyber AB CMMC-CCA Exam Questions 2025

A CCA receives a notification from the Cyber AB that they are being investigated for a potential violation of the CoPC. They are concerned about the potential consequences and want to understand the process better. Who has the final authority to determine the corrective action taken against a CCA, if any?

Security Protection Assets (SPAs) include people, technologies and facilities. Which of the following technologies is not an SPA?

Proper authentication is a key requirement of a secure system. To this end, you are assessing an OSC's implementation of IA.L2-3.5.3-Multifactor Authentication. The contractor has deployed Okta in their systems, integrated it into Active Directory (AD), and set up multifactor authentication (MFA). The OSC has documented all the privileged accounts, which must be authenticated through the MFA solution for any network or local access. Their procedures addressing user identification and authentication require everyone, privileged or nonprivileged, to be authenticated using multifactor authentication. The OSC (Organization Seeking Certification) can produce the following evidence to show their compliance with IA.L2-3.5.3-Multifactor Authentication, EXCEPT?

You are a CCA tasked with leading an Assessment Team conducting a CMMC Assessment for an OSC. Your team is assessing the OSC's readiness to determine whether you can proceed with the second phase of the assessment. To verify the OSC's readiness to proceed with the assessment, which of the following tasks will you not carry out?

Tina is working on a team conducting a Level 2 assessment for Humvees-R-Us (HRU). While gathering evidence, Tina notices that HRU has not updated several critical policies in years. Knowing that HRU is investing a significant amount of money in the assessment, she tells Bob, the CEO of HRU, that she will date the policies to make them appear as if they have been regularly revised. She explains that this will help HRU pass their assessment and save them the cost of a reassessment. Tina believes changing the dates isn’t a big deal since HRU has policies written but has not revised them as frequently as required.Was it right for Tina to adjust the dates during the assessment? If not, which principle of the CMMC Code of Professional Conduct did she violate?