Practice Cyber AB CMMC-CCA Exam Questions

You are assessing Conedge Ltd, a contractor that develops cryptographic algorithms for classified government networks. In reviewing their network architecture documents, you see they have implemented role - based access controls on their workstations using Active Directory group policies. Software developers are assigned to the "Dev_Roles" group which grants access to compile and test code modules. The "Admin_Roles" group with elevated privileges for system administration activities is restricted to the IT staff. However, when you examine the event logs on a developer workstation, you find evidence that a developer was able to enable debugging permissions to access protected kernel memory – a privileged function. How should execution of the debugging permission be handled to align with AC.L2 - 3.1.7 – Privileged Functions?

While reviewing a contractor's Microsoft Active Directory authentication policies, you observe that the account lockout threshold is configured to allow 5 consecutive invalid login attempts before locking the account for 15 minutes. Additionally, the reset account lockout counter is set to 30 seconds after each unsuccessful login attempt. Based on this scenario, which of the following statements are TRUE about the contractor's implementation of CMMC practice AC.L2 - 3.1.8 – Unsuccessful Logon Attempts?

While examining a contractor's audit and accountability policy, you realize they have documented types of events to be logged and defined content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activities. After the logs are analyzed, the results are fed into a system that automatically generates audit records stored for 30 days. However, mechanisms implementing system audit logging are lacking after several tests because they produce audit logs that are too limited. You find that generated logs cannot be independently used to identify the event they resulted from because the defined content specified therein is too limited. Additionally, you realize the logs are retained for 24 hours before they are automatically deleted. Which of the following is a potential assessment method for AU.L2 - 3.3.1 – System Auditing?

You are assessing a contractor’s implementation for CMMC practice MA.L2 - 3.7.4 – MediaInspection by examining their maintenance records. You realize the maintenance logs identify a repeating problem. A recently installed central server has been experiencing issues affecting the performance of the contractor’s information systems. This is confirmed by your interview with the contractor’s IT team. You requested to investigate the server, and the IT team agreed. On the server, there is a file named conf.zip that gets your attention. You decide to open the file in an isolated computer for further review. To your surprise, the file is a .exe used when testing the server for data exfiltration. How should this incident be handled?

A contractor allows for the use of mobile devices in contract performance. Some employees access designs and specifications classified as CUI on such devices like tablets and smartphones. After assessing AC.L2 - 3.1.18 – Mobile Device Connection, you find that the contractor maintains a meticulous record of mobile devices that connect to its information systems. AC.L2 - 3.1.19 – Encrypt CUI on Mobile requires that the contractor implements measures to encrypt CUI on mobile devices and mobile computing platforms. The contractor uses device - based encryption where all the data on a mobile device is encrypted. Which of the following is a reason why would you recommend container - based over full - device - based encryption?