Confidently Practice Online with Free CMMC-CCA Exam Cram

You are interviewing system administrators responsible for managing cryptographic keys within an organization. They mention using a Hardware Security Module (HSM) for secure key storage. According to CMMC practice SC.L2-3.13.10-Key Management, which of the following statements is MOST aligned with best practices for key management?

Any user that accesses CUI on system media should be authorized and have a lawful business purpose. While assessing a contractor?s implementation of MP.L2-3.8.2-Media Access, you examine the CUI access logs and the role of employees. Something catches your eye where an ID of an employee listed as terminated regularly accesses CUI remotely. Walking into the contractor?s facilities, you observe the janitor cleaning an office where documents marked CUI are visible on the table. Interviewing the organization?s data custodian, they informed me that a media storage procedure is augmented by a physical protection and access control policy. Based on the scenario and the requirements of CMMC practice MP.L2-3.8.2-Media Access, which of the following actions would be the highest priority recommendation for the contractor?

CMMC MA.L2-3.7.6-Maintenance Personnel, requires that maintenance personnel without required access authorization be supervised during maintenance activities. One of the ways organizations can achieve this is to develop a documented procedure for supervised maintenance activities. Which of the following elements should be excluded from the documented procedure?

A Defense Contractor is a CMMC Level 2 organization that frequently needs to transport digital media containing CUI between their main office and an off-site data storage facility. In preparing for their upcoming CMMC assessment, the organization's OSC has closely reviewed the requirements of CMMC practice MP.L2-3.8.6-Portable Storage Encryption, which specifically addresses the protection of CUI stored on digital devices during transport. The OSC recognizes that their current practices of simply placing the media in standard packaging and using commercial shipping services do not fully meet the control's mandatory requirements. Under CMMC practice MP.L2-3.8.6-Portable Storage Encryption, what is the mandatory requirement to protect CUI stored on digital devices during transport? Under CMMC practice MP.L2-3.8.6-Portable Storage Encryption, what is the mandatory requirement to protect CUI stored on digital devices during transport?

Proper authentication is a key requirement of a secure system. To this end, you are assessing an OSC's implementation of IA.L2-3.5.3-Multifactor Authentication. The contractor has deployed Okta in their systems, integrated it into Active Directory (AD), and set up multifactor authentication (MFA). The OSC has documented all the privileged accounts, which must be authenticated through the MFA solution for any network or local access. Their procedures addressing user identification and authentication require everyone, privileged or nonprivileged, to be authenticated using multifactor authentication. The OSC (Organization Seeking Certification) can produce the following evidence to show their compliance with IA.L2-3.5.3-Multifactor Authentication, EXCEPT?