You decide to interview the IT security team to understand if and how a contractor has implemented audit failure alerting. You learn they have deployed AlienVault OSSIM, a feature-rich security information and event management (SIEM) tool. The SIEM tool has been configured to send automatic alerts to system and network administrators if an event affects the audit logging process. Alerts are generated for the defined events that lead to failure in audit logging and can be found in the notification section of the SIEM portal. However, the alerts are sent to the specified personnel 24 hours after the occurrence of an event. As an assessor evaluating the implementation of AU.L2-3.3.4 ?Audit Failure Alerting, which of the following would be a key consideration regarding the evidence provided by the contractor?
A. Ensuring the defined alert notification methods (e.g., email, SMS) are secure and encryptedYou have been hired to assess a contractor's implementation of remote access capabilities for information systems that handle CUI. While interviewing the network administrator, you realize they perform privileged activities remotely when at alternate worksites. Which of the following is the BEST action the contractor can take to address the network administrator's remote execution of privileged activities, as per CMMC practice AC.L2-3.1.15 ?Privileged Remote Access?
A. Implement multifactor authentication before authorizing remote access sessions, regardless of privilege levelA CCA is assessing an Organization Seeking Certification (OSC). During the assessment, they discover that the OSC is pressuring the CCA to overlook certain security practices that do not meet the CMMC requirements. The organization threatens to withhold payment if the CCA does not modify her findings at the request of the OSC. According to the CoPC, which of the following actions would be most appropriate for the CCA to take in this situation?
A. Inform the OSC that the pressure to compromise her values is a violation of the CoPC and report the issues to the C3PAO.As the Lead Assessor for your Assessment Team, you are validating an OSC's scope in readiness to start the assessment. You learn that the OSC provides its employees with laptops to work on DoD projects. These laptops have an antivirus solution that connects to a management console to receive updates, send alerts, and control settings. However, the server does not process, store, or transmit CUI but implements several CMMC controls. Which of the following is NOT part of the OSC's requirements regarding the antivirus solution?
A. Itemize the solution in the CMMC Assessment Scope's network diagram and prepare it to be assessed against CMMC practices.During your assessment of CA.L2-3.12.3 ?Security Control Monitoring, the contractor's CISO informs you that they have established a continuous monitoring program to assess the effectiveness of their implemented security controls. When examining their security planning policy, you determine they have a list of automated tools they use to track and report weekly changes in the security controls. The contractor has also established a feedback mechanism that helps them identify areas of improvement in their security controls. Chatting with employees, you understand the contractor regularly invites resource persons to train them on the secure handling of information and identifying gaps in security controls implemented. You would rely on all of the below evidence to assess the contractor's implementation of CA.L2-3.12.3 ?Security Control Monitoring, EXCEPT?
A. Records/logs of monitoring activities over timeIn ensuring it meets its mandates to protect CUI under CMMC, a contractor has implemented a robust, dynamic session lock with pattern-hiding displays to prevent access and viewing of data. After every 5 minutes of inactivity, the current session is locked and a blank, black screen with a battery life indicator is displayed. As a CCA, you will potentially use the following assessment methods to examine the contractor's implementation of session lock EXCEPT?
A. Interview the system administratorDuring the assessment process, a CCA encounters a situation in which the evidence provided by the OSC raises concerns about its adequacy and alignment with the CMMC practice being assessed. What priority factors must the CCA have considered to arrive at these concerns?
A. The format and presentation of the evidenceAn OSC employs guards to protect the manufacturing shop where a magnetic radar- absorbing coating is manufactured. This specific coating is used by the Army for a particular fleet ofunmanned aerial vehicles (UAVs). The facility is under constant surveillance with the help of HD CCTVs. Within the OSC's facilities, there is a Vector Network Analyzer (VNA) that measures the reflection and transmission properties of the coating over a range of frequencies. Guards protect the OSC's anechoic chamber, and anyone entering must use an iris scanner and sign a physical form detailing their name and reason for being there. At the door is a huge sign reading "Authorized Personnel Only." Which of the following statements is true about handling the Vector Network Analyzer (VNA) in a CMMC assessment?
A. The VNA is out of scope for a CMMC assessment.While examining a contractor's audit and accountability policy, you realize they have documented types of events to be logged and defined content of audit records needed to support monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activities. After the logs are analyzed, the results are fed into a system that automatically generates audit records stored for 30 days. However, mechanisms implementing system audit logging are lacking after several tests because they produce audit logs that are too limited. You find that generated logs cannot be independently used to identify the event they resulted from because the defined content specified therein is too limited. Additionally, you realize the logs are retained for 24 hours before they are automatically deleted. Which of the following is a potential assessment method for AU.L2- 3.3.1 ?System Auditing?
A. Examine procedures addressing audit record generationWhile reviewing a contractor's Microsoft Active Directory authentication policies, you observe that the account lockout threshold is configured to allow 5 consecutive invalid login attempts before locking the account for 15 minutes. Additionally, the reset account lockout counter is set to 30 seconds after each unsuccessful login attempt. Based on this scenario, which of the following statements are TRUE about the contractor's implementation of CMMC practice AC.L2-3.1.8 ? Unsuccessful Logon Attempts?
A. The contractor has successfully implemented practice AC.L2-3.1.8 ?Unsuccessful Logon Attempts warranting a score of METNowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only Cyber AB exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CMMC-CCA exam preparations and Cyber AB certification application, do not hesitate to visit our Vcedump.com to find your solutions here.