CCA CCA Risk Management & Vulnerabilities

Question 1

In the context of CMMC, what is the primary goal of risk management for defense contractors?

Accepted Answer

To identify, assess, and mitigate risks to CUI and FCI handled within the contractor environment

Answer

The primary goal is to protect CUI and FCI by systematically identifying, assessing, and mitigating risks that could compromise the confidentiality, integrity, or availability of that data.

Question 2

Which NIST framework provides the foundational risk management guidance that underpins CMMC requirements?

Accepted Answer

NIST SP 800-171

Answer

NIST SP 800-171 provides the specific security requirements for protecting CUI that form the technical basis of CMMC Level 2 requirements.

Question 3

What does a Plan of Action & Milestones (POA&M) represent in a CMMC assessment context?

Accepted Answer

A documented plan to remediate identified security weaknesses with target completion dates

Answer

A POA&M documents known security deficiencies and outlines the remediation steps and timelines the OSC plans to follow to address those gaps.

Question 4

Which CMMC domain specifically addresses the requirement for organizations to identify and manage risk to operations?

Accepted Answer

Risk Management (RM)

Answer

The Risk Management domain includes practices that require organizations to identify, assess, and respond to organizational and system risks.

Question 5

A CCA assessor finds that an OSC has not conducted a periodic risk assessment. Which CMMC practice is most likely 'Not Met'?

Accepted Answer

RM.2.141

Answer

RM.2.141 requires organizations to periodically assess the risk to organizational operations and assets, making it the practice most directly related to conducting risk assessments.

(CCA) Certified Cybersecurity Maturity Model Certification Assessor Practice Test

(CCA) Certified Cybersecurity Maturity Model Certification Assessor Practice Test

CCA CCA Risk Management & Vulnerabilities