Last Updated On : 20-May-2026
Certified CMMC Professional (CCP) Exam
Total 204 Questions
In the CMMC Model, how many practices are included in Level 1?
A. 15 practices
B. 17 practices
C. 72 practices
D. 110 practices
A machining company has been awarded a contract with the DoD to build specialized parts. Testing of the parts will be done by the company using in-house staff and equipment. For a Level 1 Self-Assessment, what type of asset is this?
A. CUI Asset
B. In-scope Asset
C. Specialized Asset
D. Contractor Risk Managed Asset
Companies that knowingly defraud the government by not being in compliance with cybersecurity regulations are at risk of being held liable for:
A. The contract value plus a penalty as stated in the Cyber Claims Act
B. The contract value plus a penalty as stated in the False Claims Act
C. Three times the contract value plus a penalty as stated in the Cyber Claims Act
D. Three times the contract value plus a penalty as stated in the False Claims Act
Per DoDI 5200.48: Controlled Unclassified Information (CUI), CUI is marked by whom?
A. DoD OUSD
B. Authorized holder
C. Information Disclosure Official
D. Presidential authorized Original Classification Authority
During a CMMC readiness review, the OSC proposes that an associated enclave should not be applicable in the scope. Who is responsible for verifying this request?
A. CCP
B. C3PAO
C. Lead Assessor
D. Advisory Board
Which CMMC Levels focus on protecting CUI from exfiltration?
A. Levels 1 and 2
B. Levels 1 and 3
C. Levels 2 and 3
D. Levels 1, 2, and 3
What is the BEST description of the purpose of FAR clause 52 204-21?
A. It directs all covered contractors to install the cyber security systems listed in that clause.
B. It describes all of the safeguards that contractors must take to secure covered contractor IS.
C. It describes the minimum standard of care that contractors must take to secure covered contractor IS.
D. It directs covered contractors to obtain CMMC Certification at the level equal to the lowest requirement of their contracts.
The practices in CMMC Level 2 consist of the security requirements specified in:
A. NIST SP 800-53
B. NIST SP 800-171
C. 48 CFR 52.204-21
D. DFARS 252.204-7012
Which domains are a part of a Level 1 Self-Assessment?
A. Access Control (AC), Risk Management B. Risk Management (RM). Access Control (AC), and Physical Protection (PE)
C. Access Control (AC), Physical Protection (PE), and Identification and Authentication (IA)
D. Risk Management (RM). Media Protection (MP), and Identification and Authentication
(IA)
C. Access Control (AC), Physical Protection (PE), and Identification and Authentication (IA)
Prior to conducting a CMMC Assessment, the contractor must specify the CMMC Assessment scope by categorizing all assets. Which two asset categories are always assessed against CMMC practices?
A. CUI Assets and Specialized Assets
B. Security Protection Assets and CUI Assets
C. Specialized Assets and Contractor Risk Managed Assets
D. Security Protection Assets and Contractor Risk Managed Assets
| Page 3 out of 21 Pages |
| 1234567891011 |
| CMMC-CCP Practice Test Home |
Choosing the right preparation material is critical for passing the Certified CMMC Professional (CCP) Exam exam. Here’s how our CMMC-CCP practice test is designed to bridge the gap between knowledge and a passing score.